Aggregator

USN-8087-2: python-cryptography regression

Ubuntu Security Advisories
3 days 18 hours ago
USN-8087-1 fixed a vulnerability in python-cryptography. The update caused a regression when using ECC algorithms with certain software. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that python-cryptography incorrectly handled subgroup validation for SECT curves. A remote attacker could use this issue to perform a subgroup attack and possibly recover the least significant bits of private keys.

freerdp-3.24.0-1.fc42

Fedora Security Advisories
3 days 20 hours ago
FEDORA-2026-aae50dc427 Packages in this update:
  • freerdp-3.24.0-1.fc42
Update description:

Update to 3.24.0 (CVE-2026-29774, CVE-2026-29775, CVE-2026-29776, CVE-2026-31806, CVE-2026-31883, CVE-2026-31884, CVE-2026-31885, CVE-2026-31897)

freerdp-3.24.0-1.fc43

Fedora Security Advisories
3 days 20 hours ago
FEDORA-2026-34886abfad Packages in this update:
  • freerdp-3.24.0-1.fc43
Update description:

Update to 3.24.0 (CVE-2026-29774, CVE-2026-29775, CVE-2026-29776, CVE-2026-31806, CVE-2026-31883, CVE-2026-31884, CVE-2026-31885, CVE-2026-31897)

freerdp-3.24.0-1.fc44

Fedora Security Advisories
3 days 20 hours ago
FEDORA-2026-2c1ab5b23b Packages in this update:
  • freerdp-3.24.0-1.fc44
Update description:

Update to 3.24.0 (CVE-2026-29774, CVE-2026-29775, CVE-2026-29776, CVE-2026-31806, CVE-2026-31883, CVE-2026-31884, CVE-2026-31885, CVE-2026-31897)

freerdp-3.24.0-1.fc45

Fedora Security Advisories
3 days 20 hours ago
FEDORA-2026-bf4c5bb9c5 Packages in this update:
  • freerdp-3.24.0-1.fc45
Update description:

Automatic update for freerdp-3.24.0-1.fc45.

Changelog * Mon Mar 16 2026 Ondrej Holy <oholy@redhat.com> - 2:3.24.0-1 - Update to 3.24.0 (CVE-2026-29774, CVE-2026-29775, CVE-2026-29776, CVE-2026-31806, CVE-2026-31883, CVE-2026-31884, CVE-2026-31885, CVE-2026-31897) Resolves: rhbz#2447295, rhbz#2447393, rhbz#2447412, rhbz#2447415 Resolves: rhbz#2447417, rhbz#2447419, rhbz#2447423, rhbz#2447428 Resolves: rhbz#2447431

chromium-146.0.7680.71-1.el9

Fedora Security Advisories
4 days 20 hours ago
FEDORA-EPEL-2026-4346a0ff32 Packages in this update:
  • chromium-146.0.7680.71-1.el9
Update description:

Update to 146.0.7680.71

  • CVE-2026-3913: Heap buffer overflow in WebML
  • CVE-2026-3914: Integer overflow in WebML
  • CVE-2026-3915: Heap buffer overflow in WebML
  • CVE-2026-3916: Out of bounds read in Web Speech
  • CVE-2026-3917: Use after free in Agents
  • CVE-2026-3918: Use after free in WebMCP
  • CVE-2026-3919: Use after free in Extensions
  • CVE-2026-3920: Out of bounds memory access in WebML
  • CVE-2026-3921: Use after free in TextEncoding
  • CVE-2026-3922: Use after free in MediaStream
  • CVE-2026-3923: Use after free in WebMIDI
  • CVE-2026-3924: Use after free in WindowDialog
  • CVE-2026-3925: Incorrect security UI in LookalikeChecks
  • CVE-2026-3926: Out of bounds read in V8
  • CVE-2026-3927: Incorrect security UI in PictureInPicture
  • CVE-2026-3928: Insufficient policy enforcement in Extensions
  • CVE-2026-3929: Side-channel information leakage in ResourceTiming
  • CVE-2026-3930: Unsafe navigation in Navigation
  • CVE-2026-3931: Heap buffer overflow in Skia
  • CVE-2026-3932: Insufficient policy enforcement in PDF
  • CVE-2026-3934: Insufficient policy enforcement in ChromeDriver
  • CVE-2026-3935: Incorrect security UI in WebAppInstalls
  • CVE-2026-3936: Use after free in WebView
  • CVE-2026-3937: Incorrect security UI in Downloads
  • CVE-2026-3938: Insufficient policy enforcement in Clipboard
  • CVE-2026-3939: Insufficient policy enforcement in PDF
  • CVE-2026-3940: Insufficient policy enforcement in DevTools
  • CVE-2026-3941: Insufficient policy enforcement in DevTools
  • CVE-2026-3942: Incorrect security UI in PictureInPicture

chromium-146.0.7680.71-1.el10_1

Fedora Security Advisories
5 days 20 hours ago
FEDORA-EPEL-2026-9209f91f93 Packages in this update:
  • chromium-146.0.7680.71-1.el10_1
Update description:

Update to 146.0.7680.71

  • CVE-2026-3913: Heap buffer overflow in WebML
  • CVE-2026-3914: Integer overflow in WebML
  • CVE-2026-3915: Heap buffer overflow in WebML
  • CVE-2026-3916: Out of bounds read in Web Speech
  • CVE-2026-3917: Use after free in Agents
  • CVE-2026-3918: Use after free in WebMCP
  • CVE-2026-3919: Use after free in Extensions
  • CVE-2026-3920: Out of bounds memory access in WebML
  • CVE-2026-3921: Use after free in TextEncoding
  • CVE-2026-3922: Use after free in MediaStream
  • CVE-2026-3923: Use after free in WebMIDI
  • CVE-2026-3924: Use after free in WindowDialog
  • CVE-2026-3925: Incorrect security UI in LookalikeChecks
  • CVE-2026-3926: Out of bounds read in V8
  • CVE-2026-3927: Incorrect security UI in PictureInPicture
  • CVE-2026-3928: Insufficient policy enforcement in Extensions
  • CVE-2026-3929: Side-channel information leakage in ResourceTiming
  • CVE-2026-3930: Unsafe navigation in Navigation
  • CVE-2026-3931: Heap buffer overflow in Skia
  • CVE-2026-3932: Insufficient policy enforcement in PDF
  • CVE-2026-3934: Insufficient policy enforcement in ChromeDriver
  • CVE-2026-3935: Incorrect security UI in WebAppInstalls
  • CVE-2026-3936: Use after free in WebView
  • CVE-2026-3937: Incorrect security UI in Downloads
  • CVE-2026-3938: Insufficient policy enforcement in Clipboard
  • CVE-2026-3939: Insufficient policy enforcement in PDF
  • CVE-2026-3940: Insufficient policy enforcement in DevTools
  • CVE-2026-3941: Insufficient policy enforcement in DevTools
  • CVE-2026-3942: Incorrect security UI in PictureInPicture

chromium-146.0.7680.71-1.fc42

Fedora Security Advisories
5 days 20 hours ago
FEDORA-2026-e71e71d1fe Packages in this update:
  • chromium-146.0.7680.71-1.fc42
Update description:

Update to 146.0.7680.71

  • CVE-2026-3913: Heap buffer overflow in WebML
  • CVE-2026-3914: Integer overflow in WebML
  • CVE-2026-3915: Heap buffer overflow in WebML
  • CVE-2026-3916: Out of bounds read in Web Speech
  • CVE-2026-3917: Use after free in Agents
  • CVE-2026-3918: Use after free in WebMCP
  • CVE-2026-3919: Use after free in Extensions
  • CVE-2026-3920: Out of bounds memory access in WebML
  • CVE-2026-3921: Use after free in TextEncoding
  • CVE-2026-3922: Use after free in MediaStream
  • CVE-2026-3923: Use after free in WebMIDI
  • CVE-2026-3924: Use after free in WindowDialog
  • CVE-2026-3925: Incorrect security UI in LookalikeChecks
  • CVE-2026-3926: Out of bounds read in V8
  • CVE-2026-3927: Incorrect security UI in PictureInPicture
  • CVE-2026-3928: Insufficient policy enforcement in Extensions
  • CVE-2026-3929: Side-channel information leakage in ResourceTiming
  • CVE-2026-3930: Unsafe navigation in Navigation
  • CVE-2026-3931: Heap buffer overflow in Skia
  • CVE-2026-3932: Insufficient policy enforcement in PDF
  • CVE-2026-3934: Insufficient policy enforcement in ChromeDriver
  • CVE-2026-3935: Incorrect security UI in WebAppInstalls
  • CVE-2026-3936: Use after free in WebView
  • CVE-2026-3937: Incorrect security UI in Downloads
  • CVE-2026-3938: Insufficient policy enforcement in Clipboard
  • CVE-2026-3939: Insufficient policy enforcement in PDF
  • CVE-2026-3940: Insufficient policy enforcement in DevTools
  • CVE-2026-3941: Insufficient policy enforcement in DevTools
  • CVE-2026-3942: Incorrect security UI in PictureInPicture

systemd-258.7-1.fc43

Fedora Security Advisories
6 days 5 hours ago
FEDORA-2026-0e8eeb6a8a Packages in this update:
  • systemd-258.7-1.fc43
Update description:
  • A bunch of bugfixes
  • More sanitization for invalid values received from hardware and firmware

systemd-259.5-1.fc44

Fedora Security Advisories
6 days 5 hours ago
FEDORA-2026-67f57405ee Packages in this update:
  • systemd-259.5-1.fc44
Update description:

More bugfixes.

  • A bunch of bugfixes
  • More sanitization for invalid values received from hardware and firmware

scitokens-cpp-1.4.1-1.el10_3

Fedora Security Advisories
6 days 8 hours ago
FEDORA-EPEL-2026-292969a0ee Packages in this update:
  • scitokens-cpp-1.4.1-1.el10_3
Update description:
  • Fix scope path boundary validation to deny sibling-prefix authorization bypasses
  • Reject parent-directory traversal in scope paths, including encoded traversal forms
  • Add regression tests covering sibling-prefix and traversal authorization checks

scitokens-cpp-1.4.1-1.el10_1

Fedora Security Advisories
6 days 8 hours ago
FEDORA-EPEL-2026-5e624b43af Packages in this update:
  • scitokens-cpp-1.4.1-1.el10_1
Update description:
  • Fix scope path boundary validation to deny sibling-prefix authorization bypasses
  • Reject parent-directory traversal in scope paths, including encoded traversal forms
  • Add regression tests covering sibling-prefix and traversal authorization checks

scitokens-cpp-1.4.1-1.el8

Fedora Security Advisories
6 days 8 hours ago
FEDORA-EPEL-2026-179159d77f Packages in this update:
  • scitokens-cpp-1.4.1-1.el8
Update description:
  • Fix scope path boundary validation to deny sibling-prefix authorization bypasses
  • Reject parent-directory traversal in scope paths, including encoded traversal forms
  • Add regression tests covering sibling-prefix and traversal authorization checks