Aggregator

It was discovered that Mbed TLS incorrectly handled memory allocation failures. A remote attacker could possibly use this issue to crash the program. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-44732) Jonathan Winzig discovered that Mbed TLS incorrectly handled crafted inputs. A remote attacker could possibly use this issue to crash the program, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS. (CVE-2024-23775) It was discovered that Mbed TLS incorrectly handled the TLS handshake. A remote attacker could possibly use this issue to break the security guarantees of the TLS handshake. (CVE-2025-27810) Linh Le and Ngan Nguyen discovered that Mbed TLS incorrectly documented the behavior of a function. Application code relying on the documented behavior might be affected. A remote attacker could possibly use this issue to execute arbitrary code. (CVE-2025-47917) Linh Le and Ngan Nguyen discovered that Mbed TLS incorrectly handled crafted input. A remote attacker could possibly use this issue to crash the program, resulting in a denial of service. (CVE-2025-48965) It was discovered that Mbed TLS incorrectly handled a race condition. An attacker could possibly use this issue to extract AES keys. (CVE-2025-52496) Linh Le and Ngan Nguyen discovered that Mbed TLS incorrectly handled certain invalid input. A remote attacker could possibly use this issue to crash the program, resulting in a denial of service. (CVE-2025-52497)

Qualys discovered that several vulnerabilities existed in the AppArmor Linux kernel Security Module (LSM). An unprivileged local attacker could use these issues to load, replace, and remove arbitrary AppArmor profiles causing denial of service, exposure of sensitive information (kernel memory), local privilege escalation, or possibly escape a container. (LP: #2143853) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - x86 architecture; - GPIO subsystem; - GPU drivers; - BTRFS file system; - XFRM subsystem; - IPv4 networking; - IPv6 networking; - MAC80211 subsystem; - SMC sockets; (CVE-2021-47599, CVE-2022-48875, CVE-2022-49072, CVE-2024-49927, CVE-2024-56640, CVE-2025-21780, CVE-2025-40215)

Qualys discovered that several vulnerabilities existed in the AppArmor Linux kernel Security Module (LSM). An unprivileged local attacker could use these issues to load, replace, and remove arbitrary AppArmor profiles causing denial of service, exposure of sensitive information (kernel memory), local privilege escalation, or possibly escape a container. (LP: #2143853) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - x86 architecture; - GPIO subsystem; - GPU drivers; - BTRFS file system; - XFRM subsystem; - IPv4 networking; - IPv6 networking; - MAC80211 subsystem; - SMC sockets; (CVE-2021-47599, CVE-2022-48875, CVE-2022-49072, CVE-2024-49927, CVE-2024-56640, CVE-2025-21780, CVE-2025-40215)

FEDORA-2026-a05ac070cd Packages in this update:

• vim-9.2.240-1.fc43

Update description:

patchlevel 240

FEDORA-2026-a218db2573 Packages in this update:

• vim-9.2.240-1.fc44

Update description:

patchlevel 240

FEDORA-2026-b42b8b1c00 Packages in this update:

• libarchive-3.8.6-1.fc44

Update description:

CVE-2026-4111 libarchive: Infinite Loop Denial of Service in RAR5 Decompression via archive_read_data() in libarchive

Version:6.19.10 (stable) Released:2026-03-25 Source:linux-6.19.10.tar.xz PGP Signature:linux-6.19.10.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-6.19.10

Version:6.18.20 (longterm) Released:2026-03-25 Source:linux-6.18.20.tar.xz PGP Signature:linux-6.18.20.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-6.18.20

Version:6.12.78 (longterm) Released:2026-03-25 Source:linux-6.12.78.tar.xz PGP Signature:linux-6.12.78.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-6.12.78

Version:6.6.130 (longterm) Released:2026-03-25 Source:linux-6.6.130.tar.xz PGP Signature:linux-6.6.130.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-6.6.130

Version:6.1.167 (longterm) Released:2026-03-25 Source:linux-6.1.167.tar.xz PGP Signature:linux-6.1.167.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-6.1.167

FEDORA-EPEL-2026-de2c69d4e4 Packages in this update:

• chromium-146.0.7680.164-1.el10_3

Update description:

Update to 146.0.7680.164

* High CVE-2026-4673: Heap buffer overflow in WebAudio * High CVE-2026-4674: Out of bounds read in CSS * High CVE-2026-4675: Heap buffer overflow in WebGL * High CVE-2026-4676: Use after free in Dawn * High CVE-2026-4677: Out of bounds read in WebAudio * High CVE-2026-4678: Use after free in WebGPU * High CVE-2026-4679: Integer overflow in Fonts * High CVE-2026-4680: Use after free in FedCM

FEDORA-EPEL-2026-034dddc133 Packages in this update:

• chromium-146.0.7680.164-1.el10_1

Update description:

Update to 146.0.7680.164

* High CVE-2026-4673: Heap buffer overflow in WebAudio * High CVE-2026-4674: Out of bounds read in CSS * High CVE-2026-4675: Heap buffer overflow in WebGL * High CVE-2026-4676: Use after free in Dawn * High CVE-2026-4677: Out of bounds read in WebAudio * High CVE-2026-4678: Use after free in WebGPU * High CVE-2026-4679: Integer overflow in Fonts * High CVE-2026-4680: Use after free in FedCM

Update to 146.0.7680.153

* CVE-2026-4439: Out of bounds memory access in WebGL * CVE-2026-4440: Out of bounds read and write in WebGL * CVE-2026-4441: Use after free in Base * CVE-2026-4442: Heap buffer overflow in CSS * CVE-2026-4443: Heap buffer overflow in WebAudio * CVE-2026-4444: Stack buffer overflow in WebRTC * CVE-2026-4445: Use after free in WebRTC * CVE-2026-4446: Use after free in WebRTC * CVE-2026-4447: Inappropriate implementation in V8 * CVE-2026-4448: Heap buffer overflow in ANGLE * CVE-2026-4449: Use after free in Blink * CVE-2026-4450: Out of bounds write in V8 * CVE-2026-4451: Insufficient validation of untrusted input in Navigation * CVE-2026-4452: Integer overflow in ANGLE * CVE-2026-4453: Integer overflow in Dawn * CVE-2026-4454: Use after free in Network * CVE-2026-4455: Heap buffer overflow in PDFium * CVE-2026-4456: Use after free in Digital Credentials API * CVE-2026-4457: Type Confusion in V8 * CVE-2026-4458: Use after free in Extensions * CVE-2026-4459: Out of bounds read and write in WebAudio * CVE-2026-4460: Out of bounds read in Skia * CVE-2026-4461: Inappropriate implementation in V8 * CVE-2026-4462: Out of bounds read in Blink * CVE-2026-4463: Heap buffer overflow in WebRTC * CVE-2026-4464: Integer overflow in ANGLE

FEDORA-EPEL-2026-1abb979baa Packages in this update:

• chromium-146.0.7680.164-1.el10_2

Update description:

Update to 146.0.7680.164

* High CVE-2026-4673: Heap buffer overflow in WebAudio * High CVE-2026-4674: Out of bounds read in CSS * High CVE-2026-4675: Heap buffer overflow in WebGL * High CVE-2026-4676: Use after free in Dawn * High CVE-2026-4677: Out of bounds read in WebAudio * High CVE-2026-4678: Use after free in WebGPU * High CVE-2026-4679: Integer overflow in Fonts * High CVE-2026-4680: Use after free in FedCM

FEDORA-EPEL-2026-d3092556ab Packages in this update:

• chromium-146.0.7680.164-1.el9

Update description:

Update to 146.0.7680.164

* High CVE-2026-4673: Heap buffer overflow in WebAudio * High CVE-2026-4674: Out of bounds read in CSS * High CVE-2026-4675: Heap buffer overflow in WebGL * High CVE-2026-4676: Use after free in Dawn * High CVE-2026-4677: Out of bounds read in WebAudio * High CVE-2026-4678: Use after free in WebGPU * High CVE-2026-4679: Integer overflow in Fonts * High CVE-2026-4680: Use after free in FedCM

Update to 146.0.7680.153

* CVE-2026-4439: Out of bounds memory access in WebGL * CVE-2026-4440: Out of bounds read and write in WebGL * CVE-2026-4441: Use after free in Base * CVE-2026-4442: Heap buffer overflow in CSS * CVE-2026-4443: Heap buffer overflow in WebAudio * CVE-2026-4444: Stack buffer overflow in WebRTC * CVE-2026-4445: Use after free in WebRTC * CVE-2026-4446: Use after free in WebRTC * CVE-2026-4447: Inappropriate implementation in V8 * CVE-2026-4448: Heap buffer overflow in ANGLE * CVE-2026-4449: Use after free in Blink * CVE-2026-4450: Out of bounds write in V8 * CVE-2026-4451: Insufficient validation of untrusted input in Navigation * CVE-2026-4452: Integer overflow in ANGLE * CVE-2026-4453: Integer overflow in Dawn * CVE-2026-4454: Use after free in Network * CVE-2026-4455: Heap buffer overflow in PDFium * CVE-2026-4456: Use after free in Digital Credentials API * CVE-2026-4457: Type Confusion in V8 * CVE-2026-4458: Use after free in Extensions * CVE-2026-4459: Out of bounds read and write in WebAudio * CVE-2026-4460: Out of bounds read in Skia * CVE-2026-4461: Inappropriate implementation in V8 * CVE-2026-4462: Out of bounds read in Blink * CVE-2026-4463: Heap buffer overflow in WebRTC * CVE-2026-4464: Integer overflow in ANGLE

FEDORA-2026-cc466cfb57 Packages in this update:

• chromium-146.0.7680.164-1.fc42

Update description:

Update to 146.0.7680.164

* High CVE-2026-4673: Heap buffer overflow in WebAudio * High CVE-2026-4674: Out of bounds read in CSS * High CVE-2026-4675: Heap buffer overflow in WebGL * High CVE-2026-4676: Use after free in Dawn * High CVE-2026-4677: Out of bounds read in WebAudio * High CVE-2026-4678: Use after free in WebGPU * High CVE-2026-4679: Integer overflow in Fonts * High CVE-2026-4680: Use after free in FedCM

Update to 146.0.7680.153

* CVE-2026-4439: Out of bounds memory access in WebGL * CVE-2026-4440: Out of bounds read and write in WebGL * CVE-2026-4441: Use after free in Base * CVE-2026-4442: Heap buffer overflow in CSS * CVE-2026-4443: Heap buffer overflow in WebAudio * CVE-2026-4444: Stack buffer overflow in WebRTC * CVE-2026-4445: Use after free in WebRTC * CVE-2026-4446: Use after free in WebRTC * CVE-2026-4447: Inappropriate implementation in V8 * CVE-2026-4448: Heap buffer overflow in ANGLE * CVE-2026-4449: Use after free in Blink * CVE-2026-4450: Out of bounds write in V8 * CVE-2026-4451: Insufficient validation of untrusted input in Navigation * CVE-2026-4452: Integer overflow in ANGLE * CVE-2026-4453: Integer overflow in Dawn * CVE-2026-4454: Use after free in Network * CVE-2026-4455: Heap buffer overflow in PDFium * CVE-2026-4456: Use after free in Digital Credentials API * CVE-2026-4457: Type Confusion in V8 * CVE-2026-4458: Use after free in Extensions * CVE-2026-4459: Out of bounds read and write in WebAudio * CVE-2026-4460: Out of bounds read in Skia * CVE-2026-4461: Inappropriate implementation in V8 * CVE-2026-4462: Out of bounds read in Blink * CVE-2026-4463: Heap buffer overflow in WebRTC * CVE-2026-4464: Integer overflow in ANGLE

FEDORA-2026-4d42fffb2b Packages in this update:

• chromium-146.0.7680.164-1.fc44

Update description:

Update to 146.0.7680.164

* High CVE-2026-4673: Heap buffer overflow in WebAudio * High CVE-2026-4674: Out of bounds read in CSS * High CVE-2026-4675: Heap buffer overflow in WebGL * High CVE-2026-4676: Use after free in Dawn * High CVE-2026-4677: Out of bounds read in WebAudio * High CVE-2026-4678: Use after free in WebGPU * High CVE-2026-4679: Integer overflow in Fonts * High CVE-2026-4680: Use after free in FedCM

FEDORA-2026-ad5b2b6b68 Packages in this update:

• chromium-146.0.7680.164-1.fc43

Update description:

Update to 146.0.7680.164

* High CVE-2026-4673: Heap buffer overflow in WebAudio * High CVE-2026-4674: Out of bounds read in CSS * High CVE-2026-4675: Heap buffer overflow in WebGL * High CVE-2026-4676: Use after free in Dawn * High CVE-2026-4677: Out of bounds read in WebAudio * High CVE-2026-4678: Use after free in WebGPU * High CVE-2026-4679: Integer overflow in Fonts * High CVE-2026-4680: Use after free in FedCM