Aggregator

Version:6.12.77 (longterm) Released:2026-03-13 Source:linux-6.12.77.tar.xz PGP Signature:linux-6.12.77.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-6.12.77

Version:next-20260313 (linux-next) Released:2026-03-13

FEDORA-EPEL-2026-fcc952d28d Packages in this update:

• python-ujson-5.12.0-1.el10_1

Update description:

Update to 5.12.0. This release updates the license field in the Python metadata and fixes a buffer overflow/infinite loop from indent handling.

FEDORA-EPEL-2026-c1187798e7 Packages in this update:

• python-ujson-5.12.0-1.el10_2

Update description:

Update to 5.12.0. This release updates the license field in the Python metadata and fixes a buffer overflow/infinite loop from indent handling.

FEDORA-2026-1885157e34 Packages in this update:

• vim-9.2.148-1.fc42

Update description:

patchlevel 148

Security fixes for CVE-2026-28417, CVE-2026-28418, CVE-2026-28419, CVE-2026-28420, CVE-2026-28421, CVE-2026-28422

FEDORA-2026-f5d072060b Packages in this update:

• vim-9.2.148-1.fc44

Update description:

patchlevel 148

Security fixes for CVE-2026-28417, CVE-2026-28418, CVE-2026-28419, CVE-2026-28420, CVE-2026-28421, CVE-2026-28422

Security fixes for CVE-2026-28417, CVE-2026-28418, CVE-2026-28419, CVE-2026-28420, CVE-2026-28421, CVE-2026-28422

FEDORA-EPEL-2026-004b05bae9 Packages in this update:

• chromium-146.0.7680.71-1.el10_2

Update description:

Update to 146.0.7680.71

* CVE-2026-3913: Heap buffer overflow in WebML * CVE-2026-3914: Integer overflow in WebML * CVE-2026-3915: Heap buffer overflow in WebML * CVE-2026-3916: Out of bounds read in Web Speech * CVE-2026-3917: Use after free in Agents * CVE-2026-3918: Use after free in WebMCP * CVE-2026-3919: Use after free in Extensions * CVE-2026-3920: Out of bounds memory access in WebML * CVE-2026-3921: Use after free in TextEncoding * CVE-2026-3922: Use after free in MediaStream * CVE-2026-3923: Use after free in WebMIDI * CVE-2026-3924: Use after free in WindowDialog * CVE-2026-3925: Incorrect security UI in LookalikeChecks * CVE-2026-3926: Out of bounds read in V8 * CVE-2026-3927: Incorrect security UI in PictureInPicture * CVE-2026-3928: Insufficient policy enforcement in Extensions * CVE-2026-3929: Side-channel information leakage in ResourceTiming * CVE-2026-3930: Unsafe navigation in Navigation * CVE-2026-3931: Heap buffer overflow in Skia * CVE-2026-3932: Insufficient policy enforcement in PDF * CVE-2026-3934: Insufficient policy enforcement in ChromeDriver * CVE-2026-3935: Incorrect security UI in WebAppInstalls * CVE-2026-3936: Use after free in WebView * CVE-2026-3937: Incorrect security UI in Downloads * CVE-2026-3938: Insufficient policy enforcement in Clipboard * CVE-2026-3939: Insufficient policy enforcement in PDF * CVE-2026-3940: Insufficient policy enforcement in DevTools * CVE-2026-3941: Insufficient policy enforcement in DevTools * CVE-2026-3942: Incorrect security UI in PictureInPicture

FEDORA-EPEL-2026-4ecb36d14c Packages in this update:

• chromium-146.0.7680.71-1.el10_3

Update description:

Update to 146.0.7680.71

* CVE-2026-3913: Heap buffer overflow in WebML * CVE-2026-3914: Integer overflow in WebML * CVE-2026-3915: Heap buffer overflow in WebML * CVE-2026-3916: Out of bounds read in Web Speech * CVE-2026-3917: Use after free in Agents * CVE-2026-3918: Use after free in WebMCP * CVE-2026-3919: Use after free in Extensions * CVE-2026-3920: Out of bounds memory access in WebML * CVE-2026-3921: Use after free in TextEncoding * CVE-2026-3922: Use after free in MediaStream * CVE-2026-3923: Use after free in WebMIDI * CVE-2026-3924: Use after free in WindowDialog * CVE-2026-3925: Incorrect security UI in LookalikeChecks * CVE-2026-3926: Out of bounds read in V8 * CVE-2026-3927: Incorrect security UI in PictureInPicture * CVE-2026-3928: Insufficient policy enforcement in Extensions * CVE-2026-3929: Side-channel information leakage in ResourceTiming * CVE-2026-3930: Unsafe navigation in Navigation * CVE-2026-3931: Heap buffer overflow in Skia * CVE-2026-3932: Insufficient policy enforcement in PDF * CVE-2026-3934: Insufficient policy enforcement in ChromeDriver * CVE-2026-3935: Incorrect security UI in WebAppInstalls * CVE-2026-3936: Use after free in WebView * CVE-2026-3937: Incorrect security UI in Downloads * CVE-2026-3938: Insufficient policy enforcement in Clipboard * CVE-2026-3939: Insufficient policy enforcement in PDF * CVE-2026-3940: Insufficient policy enforcement in DevTools * CVE-2026-3941: Insufficient policy enforcement in DevTools * CVE-2026-3942: Incorrect security UI in PictureInPicture

FEDORA-2026-0dc0c88f83 Packages in this update:

• chromium-146.0.7680.71-1.fc43

Update description:

Update to 146.0.7680.71

* CVE-2026-3913: Heap buffer overflow in WebML * CVE-2026-3914: Integer overflow in WebML * CVE-2026-3915: Heap buffer overflow in WebML * CVE-2026-3916: Out of bounds read in Web Speech * CVE-2026-3917: Use after free in Agents * CVE-2026-3918: Use after free in WebMCP * CVE-2026-3919: Use after free in Extensions * CVE-2026-3920: Out of bounds memory access in WebML * CVE-2026-3921: Use after free in TextEncoding * CVE-2026-3922: Use after free in MediaStream * CVE-2026-3923: Use after free in WebMIDI * CVE-2026-3924: Use after free in WindowDialog * CVE-2026-3925: Incorrect security UI in LookalikeChecks * CVE-2026-3926: Out of bounds read in V8 * CVE-2026-3927: Incorrect security UI in PictureInPicture * CVE-2026-3928: Insufficient policy enforcement in Extensions * CVE-2026-3929: Side-channel information leakage in ResourceTiming * CVE-2026-3930: Unsafe navigation in Navigation * CVE-2026-3931: Heap buffer overflow in Skia * CVE-2026-3932: Insufficient policy enforcement in PDF * CVE-2026-3934: Insufficient policy enforcement in ChromeDriver * CVE-2026-3935: Incorrect security UI in WebAppInstalls * CVE-2026-3936: Use after free in WebView * CVE-2026-3937: Incorrect security UI in Downloads * CVE-2026-3938: Insufficient policy enforcement in Clipboard * CVE-2026-3939: Insufficient policy enforcement in PDF * CVE-2026-3940: Insufficient policy enforcement in DevTools * CVE-2026-3941: Insufficient policy enforcement in DevTools * CVE-2026-3942: Incorrect security UI in PictureInPicture

FEDORA-2026-6e868c481c Packages in this update:

• chromium-146.0.7680.71-1.fc44

Update description:

Update to 146.0.7680.71

* CVE-2026-3913: Heap buffer overflow in WebML * CVE-2026-3914: Integer overflow in WebML * CVE-2026-3915: Heap buffer overflow in WebML * CVE-2026-3916: Out of bounds read in Web Speech * CVE-2026-3917: Use after free in Agents * CVE-2026-3918: Use after free in WebMCP * CVE-2026-3919: Use after free in Extensions * CVE-2026-3920: Out of bounds memory access in WebML * CVE-2026-3921: Use after free in TextEncoding * CVE-2026-3922: Use after free in MediaStream * CVE-2026-3923: Use after free in WebMIDI * CVE-2026-3924: Use after free in WindowDialog * CVE-2026-3925: Incorrect security UI in LookalikeChecks * CVE-2026-3926: Out of bounds read in V8 * CVE-2026-3927: Incorrect security UI in PictureInPicture * CVE-2026-3928: Insufficient policy enforcement in Extensions * CVE-2026-3929: Side-channel information leakage in ResourceTiming * CVE-2026-3930: Unsafe navigation in Navigation * CVE-2026-3931: Heap buffer overflow in Skia * CVE-2026-3932: Insufficient policy enforcement in PDF * CVE-2026-3934: Insufficient policy enforcement in ChromeDriver * CVE-2026-3935: Incorrect security UI in WebAppInstalls * CVE-2026-3936: Use after free in WebView * CVE-2026-3937: Incorrect security UI in Downloads * CVE-2026-3938: Insufficient policy enforcement in Clipboard * CVE-2026-3939: Insufficient policy enforcement in PDF * CVE-2026-3940: Insufficient policy enforcement in DevTools * CVE-2026-3941: Insufficient policy enforcement in DevTools * CVE-2026-3942: Incorrect security UI in PictureInPicture

FEDORA-EPEL-2026-321e8e0d34 Packages in this update:

• python-ujson-5.12.0-1.el10_3

Update description:

Update to 5.12.0. This release updates the license field in the Python metadata and fixes a buffer overflow/infinite loop from indent handling.

FEDORA-2026-0f099ed388 Packages in this update:

• python-ujson-5.12.0-1.fc42

Update description:

Update to 5.12.0. This release updates the license field in the Python metadata and fixes a buffer overflow/infinite loop from indent handling.

FEDORA-2026-bf741e26e4 Packages in this update:

• python-ujson-5.12.0-1.fc43

Update description:

Update to 5.12.0. This release updates the license field in the Python metadata and fixes a buffer overflow/infinite loop from indent handling.

FEDORA-2026-5725d633ec Packages in this update:

• python-ujson-5.12.0-1.fc44

Update description:

Update to 5.12.0. This release updates the license field in the Python metadata and fixes a buffer overflow/infinite loop from indent handling.

FEDORA-2026-965f164001 Packages in this update:

• systemd-258.6-1.fc43

Update description:

• A bunch of bugfixes
• More sanitization for invalid values received from hardware and firmware

FEDORA-2026-0cde3e4697 Packages in this update:

• systemd-259.4-1.fc44

Update description:

• A bunch of bugfixes
• More sanitization for invalid values received from hardware and firmware

It was discovered that Sudo incorrectly checked return codes when dropping privileges to run the mailer. A local attacker could possibly use this issue to escalate privileges.

It was discovered that the util-linux su utility did not drop capabilities when being used with the --pty option. While not a security issue by itself, a local attacker could possibly use the su tool to exploit vulnerabilities in other applications.

FEDORA-2026-cb86172c17 Packages in this update:

• python3.6-3.6.15-54.fc44

Update description:

Rebuilt for improvements of %python_wheel_inject_sbom in python-rpm-macros-3.14-11.

Security fix for CVE-2025-12084

USN-8090-1 fixed vulnerabilities in OpenSSH. This update provides the corresponding updates for Ubuntu 20.04 LTS. Original advisory details: Jeremy Brown discovered that the OpenSSH GSSAPI Key Exchange incorrectly handled disconnecting clients. In non-default configurations where the GSSAPIKeyExchange setting is enabled, a remote attacker could use this issue to cause OpenSSH to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2026-3497) David Leadbeater discovered that OpenSSH incorrectly handled certain control characters in usernames. When untrusted usernames and the ProxyCommand are being used, an attacker could possibly use this issue to execute arbitrary code. (CVE-2025-61984) David Leadbeater discovered that OpenSSH incorrectly handled NULL characters in ssh:// URIs. When the ProxyCommand is being used, an attacker could possibly use this issue to execute arbitrary code. (CVE-2025-61985)