Aggregator

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - Netfilter; - Network traffic control; (CVE-2026-23060, CVE-2026-23074, CVE-2026-23111)

FEDORA-EPEL-2026-3dc5de63cc Packages in this update:

• chromium-146.0.7680.177-1.el10_1

Update description:

Update to 146.0.7680.177

• High CVE-2026-5273: Use after free in CSS
• High CVE-2026-5272: Heap buffer overflow in GPU
• High CVE-2026-5274: Integer overflow in Codecs
• High CVE-2026-5275: Heap buffer overflow in ANGLE
• High CVE-2026-5276: Insufficient policy enforcement in WebUSB
• High CVE-2026-5277: Integer overflow in ANGLE
• High CVE-2026-5278: Use after free in Web MIDI
• High CVE-2026-5279: Object corruption in V8
• High CVE-2026-5280: Use after free in WebCodecs
• High CVE-2026-5281: Use after free in Dawn
• High CVE-2026-5282: Out of bounds read in WebCodecs
• High CVE-2026-5283: Inappropriate implementation in ANGLE
• High CVE-2026-5284: Use after free in Dawn
• High CVE-2026-5285: Use after free in WebGL
• High CVE-2026-5286: Use after free in Dawn
• High CVE-2026-5287: Use after free in PDF
• High CVE-2026-5288: Use after free in WebView
• High CVE-2026-5289: Use after free in Navigation
• High CVE-2026-5290: Use after free in Compositing
• Medium CVE-2026-5291: Inappropriate implementation in WebGL
• Medium CVE-2026-5292: Out of bounds read in WebCodecs

FEDORA-EPEL-2026-6a5f534eb8 Packages in this update:

• chromium-146.0.7680.177-1.el9

Update description:

Update to 146.0.7680.177

• High CVE-2026-5273: Use after free in CSS
• High CVE-2026-5272: Heap buffer overflow in GPU
• High CVE-2026-5274: Integer overflow in Codecs
• High CVE-2026-5275: Heap buffer overflow in ANGLE
• High CVE-2026-5276: Insufficient policy enforcement in WebUSB
• High CVE-2026-5277: Integer overflow in ANGLE
• High CVE-2026-5278: Use after free in Web MIDI
• High CVE-2026-5279: Object corruption in V8
• High CVE-2026-5280: Use after free in WebCodecs
• High CVE-2026-5281: Use after free in Dawn
• High CVE-2026-5282: Out of bounds read in WebCodecs
• High CVE-2026-5283: Inappropriate implementation in ANGLE
• High CVE-2026-5284: Use after free in Dawn
• High CVE-2026-5285: Use after free in WebGL
• High CVE-2026-5286: Use after free in Dawn
• High CVE-2026-5287: Use after free in PDF
• High CVE-2026-5288: Use after free in WebView
• High CVE-2026-5289: Use after free in Navigation
• High CVE-2026-5290: Use after free in Compositing
• Medium CVE-2026-5291: Inappropriate implementation in WebGL
• Medium CVE-2026-5292: Out of bounds read in WebCodecs

FEDORA-2026-450ba465fd Packages in this update:

• chromium-146.0.7680.177-1.fc44

Update description:

Update to 146.0.7680.177

• High CVE-2026-5273: Use after free in CSS
• High CVE-2026-5272: Heap buffer overflow in GPU
• High CVE-2026-5274: Integer overflow in Codecs
• High CVE-2026-5275: Heap buffer overflow in ANGLE
• High CVE-2026-5276: Insufficient policy enforcement in WebUSB
• High CVE-2026-5277: Integer overflow in ANGLE
• High CVE-2026-5278: Use after free in Web MIDI
• High CVE-2026-5279: Object corruption in V8
• High CVE-2026-5280: Use after free in WebCodecs
• High CVE-2026-5281: Use after free in Dawn
• High CVE-2026-5282: Out of bounds read in WebCodecs
• High CVE-2026-5283: Inappropriate implementation in ANGLE
• High CVE-2026-5284: Use after free in Dawn
• High CVE-2026-5285: Use after free in WebGL
• High CVE-2026-5286: Use after free in Dawn
• High CVE-2026-5287: Use after free in PDF
• High CVE-2026-5288: Use after free in WebView
• High CVE-2026-5289: Use after free in Navigation
• High CVE-2026-5290: Use after free in Compositing
• Medium CVE-2026-5291: Inappropriate implementation in WebGL
• Medium CVE-2026-5292: Out of bounds read in WebCodecs

FEDORA-2026-2b2e6a12de Packages in this update:

• chromium-146.0.7680.177-1.fc42

Update description:

Update to 146.0.7680.177

• High CVE-2026-5273: Use after free in CSS
• High CVE-2026-5272: Heap buffer overflow in GPU
• High CVE-2026-5274: Integer overflow in Codecs
• High CVE-2026-5275: Heap buffer overflow in ANGLE
• High CVE-2026-5276: Insufficient policy enforcement in WebUSB
• High CVE-2026-5277: Integer overflow in ANGLE
• High CVE-2026-5278: Use after free in Web MIDI
• High CVE-2026-5279: Object corruption in V8
• High CVE-2026-5280: Use after free in WebCodecs
• High CVE-2026-5281: Use after free in Dawn
• High CVE-2026-5282: Out of bounds read in WebCodecs
• High CVE-2026-5283: Inappropriate implementation in ANGLE
• High CVE-2026-5284: Use after free in Dawn
• High CVE-2026-5285: Use after free in WebGL
• High CVE-2026-5286: Use after free in Dawn
• High CVE-2026-5287: Use after free in PDF
• High CVE-2026-5288: Use after free in WebView
• High CVE-2026-5289: Use after free in Navigation
• High CVE-2026-5290: Use after free in Compositing
• Medium CVE-2026-5291: Inappropriate implementation in WebGL
• Medium CVE-2026-5292: Out of bounds read in WebCodecs

FEDORA-2026-bdd01d79ba Packages in this update:

• chromium-146.0.7680.177-1.fc43

Update description:

Update to 146.0.7680.177

• High CVE-2026-5273: Use after free in CSS
• High CVE-2026-5272: Heap buffer overflow in GPU
• High CVE-2026-5274: Integer overflow in Codecs
• High CVE-2026-5275: Heap buffer overflow in ANGLE
• High CVE-2026-5276: Insufficient policy enforcement in WebUSB
• High CVE-2026-5277: Integer overflow in ANGLE
• High CVE-2026-5278: Use after free in Web MIDI
• High CVE-2026-5279: Object corruption in V8
• High CVE-2026-5280: Use after free in WebCodecs
• High CVE-2026-5281: Use after free in Dawn
• High CVE-2026-5282: Out of bounds read in WebCodecs
• High CVE-2026-5283: Inappropriate implementation in ANGLE
• High CVE-2026-5284: Use after free in Dawn
• High CVE-2026-5285: Use after free in WebGL
• High CVE-2026-5286: Use after free in Dawn
• High CVE-2026-5287: Use after free in PDF
• High CVE-2026-5288: Use after free in WebView
• High CVE-2026-5289: Use after free in Navigation
• High CVE-2026-5290: Use after free in Compositing
• Medium CVE-2026-5291: Inappropriate implementation in WebGL
• Medium CVE-2026-5292: Out of bounds read in WebCodecs

FEDORA-EPEL-2026-189ae4f7fc Packages in this update:

• chromium-146.0.7680.177-1.el10_2

Update description:

Update to 146.0.7680.177

• High CVE-2026-5273: Use after free in CSS
• High CVE-2026-5272: Heap buffer overflow in GPU
• High CVE-2026-5274: Integer overflow in Codecs
• High CVE-2026-5275: Heap buffer overflow in ANGLE
• High CVE-2026-5276: Insufficient policy enforcement in WebUSB
• High CVE-2026-5277: Integer overflow in ANGLE
• High CVE-2026-5278: Use after free in Web MIDI
• High CVE-2026-5279: Object corruption in V8
• High CVE-2026-5280: Use after free in WebCodecs
• High CVE-2026-5281: Use after free in Dawn
• High CVE-2026-5282: Out of bounds read in WebCodecs
• High CVE-2026-5283: Inappropriate implementation in ANGLE
• High CVE-2026-5284: Use after free in Dawn
• High CVE-2026-5285: Use after free in WebGL
• High CVE-2026-5286: Use after free in Dawn
• High CVE-2026-5287: Use after free in PDF
• High CVE-2026-5288: Use after free in WebView
• High CVE-2026-5289: Use after free in Navigation
• High CVE-2026-5290: Use after free in Compositing
• Medium CVE-2026-5291: Inappropriate implementation in WebGL
• Medium CVE-2026-5292: Out of bounds read in WebCodecs

FEDORA-EPEL-2026-efc00c94b6 Packages in this update:

• chromium-146.0.7680.177-1.el10_3

Update description:

Update to 146.0.7680.177

• High CVE-2026-5273: Use after free in CSS
• High CVE-2026-5272: Heap buffer overflow in GPU
• High CVE-2026-5274: Integer overflow in Codecs
• High CVE-2026-5275: Heap buffer overflow in ANGLE
• High CVE-2026-5276: Insufficient policy enforcement in WebUSB
• High CVE-2026-5277: Integer overflow in ANGLE
• High CVE-2026-5278: Use after free in Web MIDI
• High CVE-2026-5279: Object corruption in V8
• High CVE-2026-5280: Use after free in WebCodecs
• High CVE-2026-5281: Use after free in Dawn
• High CVE-2026-5282: Out of bounds read in WebCodecs
• High CVE-2026-5283: Inappropriate implementation in ANGLE
• High CVE-2026-5284: Use after free in Dawn
• High CVE-2026-5285: Use after free in WebGL
• High CVE-2026-5286: Use after free in Dawn
• High CVE-2026-5287: Use after free in PDF
• High CVE-2026-5288: Use after free in WebView
• High CVE-2026-5289: Use after free in Navigation
• High CVE-2026-5290: Use after free in Compositing
• Medium CVE-2026-5291: Inappropriate implementation in WebGL
• Medium CVE-2026-5292: Out of bounds read in WebCodecs

FEDORA-2026-3a9536df40 Packages in this update:

• mbedtls-3.6.6-1.fc44

Update description:

Update to 3.6.6

FEDORA-2026-8c332fbf00 Packages in this update:

• mbedtls-3.6.6-1.fc43

Update description:

Update to 3.6.6

FEDORA-2026-10443c65e3 Packages in this update:

• mbedtls-3.6.6-1.fc42

Update description:

Update to 3.6.6

FEDORA-2026-7b719a7a58 Packages in this update:

• trafficserver-10.1.2-1.fc43

Update description:

Resolves: CVE-2025-58136 - A simple legitimate POST request causes a crash CVE-2025-65114 - Malformed chunked message body allows request smuggling

Changes with Apache Traffic Server 10.1.2 #12864 - Fix ppa log field #13037 - Fix prev_is_cr flag handling in chunked encoding parser #13040 - HttpSM - make sure we have a valid buffer to write on.

FEDORA-2026-7839a46d9d Packages in this update:

• trafficserver-10.1.2-1.fc44

Update description:

Resolves: CVE-2025-58136 - A simple legitimate POST request causes a crash CVE-2025-65114 - Malformed chunked message body allows request smuggling

Changes with Apache Traffic Server 10.1.2 #12864 - Fix ppa log field #13037 - Fix prev_is_cr flag handling in chunked encoding parser #13040 - HttpSM - make sure we have a valid buffer to write on.

FEDORA-2026-a157bd84c4 Packages in this update:

• trafficserver-10.1.2-1.fc42

Update description:

Resolves: CVE-2025-58136 - A simple legitimate POST request causes a crash CVE-2025-65114 - Malformed chunked message body allows request smuggling

Changes with Apache Traffic Server 10.1.2 #12864 - Fix ppa log field #13037 - Fix prev_is_cr flag handling in chunked encoding parser #13040 - HttpSM - make sure we have a valid buffer to write on.

FEDORA-EPEL-2026-7d17b6d554 Packages in this update:

• trafficserver-9.2.13-1.el9

Update description:

Resolves: CVE-2025-58136 - A simple legitimate POST request causes a crash CVE-2025-65114 - Malformed chunked message body allows request smuggling

Changes with Apache Traffic Server 9.2.13 #12834 - Make 9.2.x buildable on macOS 26 #12909 - Updating make/configure for hdrrwr lib includes #13038 - 9.2.x: Fix prev_is_cr flag handling in chunked encoding parser #13039 - 9.2.x: HttpSM - make sure we have a valid buffer to write on.

FEDORA-EPEL-2026-ec5df302a7 Packages in this update:

• trafficserver-9.2.13-1.el8

Update description:

Resolves: CVE-2025-58136 - A simple legitimate POST request causes a crash CVE-2025-65114 - Malformed chunked message body allows request smuggling

Changes with Apache Traffic Server 9.2.13 #12834 - Make 9.2.x buildable on macOS 26 #12909 - Updating make/configure for hdrrwr lib includes #13038 - 9.2.x: Fix prev_is_cr flag handling in chunked encoding parser #13039 - 9.2.x: HttpSM - make sure we have a valid buffer to write on.

FEDORA-2026-95ee0edcd5 Packages in this update:

• corosync-3.1.9-4.fc42

Update description:

Security fix for CVE-2026-35091 and CVE-2026-35092

FEDORA-2026-ee4ff58256 Packages in this update:

• corosync-3.1.10-2.fc43

Update description:

Security fix for CVE-2026-35091 and CVE-2026-35092

FEDORA-2026-e34a334e81 Packages in this update:

• corosync-3.1.10-5.fc44

Update description:

Security fix for CVE-2026-35091 and CVE-2026-35092

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - Cryptographic API; - UDF file system; - NFC subsystem; - Network traffic control; (CVE-2024-46777, CVE-2025-21735, CVE-2025-37849, CVE-2026-23060, CVE-2026-23074)