Aggregator

FEDORA-2026-a67eba175f Packages in this update:

• cef-146.0.9^chromium146.0.7680.164-1.fc43

Update description:

Update to cef-146.0.9+g3ca6a87 + chromium 146.0.7680.164

• High CVE-2026-4673: Heap buffer overflow in WebAudio
• High CVE-2026-4674: Out of bounds read in CSS
• High CVE-2026-4675: Heap buffer overflow in WebGL
• High CVE-2026-4676: Use after free in Dawn
• High CVE-2026-4677: Out of bounds read in WebAudio
• High CVE-2026-4678: Use after free in WebGPU
• High CVE-2026-4679: Integer overflow in Fonts
• High CVE-2026-4680: Use after free in FedCM
• CVE-2026-4439: Out of bounds memory access in WebGL
• CVE-2026-4440: Out of bounds read and write in WebGL
• CVE-2026-4441: Use after free in Base
• CVE-2026-4442: Heap buffer overflow in CSS
• CVE-2026-4443: Heap buffer overflow in WebAudio
• CVE-2026-4444: Stack buffer overflow in WebRTC
• CVE-2026-4445: Use after free in WebRTC
• CVE-2026-4446: Use after free in WebRTC
• CVE-2026-4447: Inappropriate implementation in V8
• CVE-2026-4448: Heap buffer overflow in ANGLE
• CVE-2026-4449: Use after free in Blink
• CVE-2026-4450: Out of bounds write in V8
• CVE-2026-4451: Insufficient validation of untrusted input in Navigation
• CVE-2026-4452: Integer overflow in ANGLE
• CVE-2026-4453: Integer overflow in Dawn
• CVE-2026-4454: Use after free in Network
• CVE-2026-4455: Heap buffer overflow in PDFium
• CVE-2026-4456: Use after free in Digital Credentials API
• CVE-2026-4457: Type Confusion in V8
• CVE-2026-4458: Use after free in Extensions
• CVE-2026-4459: Out of bounds read and write in WebAudio
• CVE-2026-4460: Out of bounds read in Skia
• CVE-2026-4461: Inappropriate implementation in V8
• CVE-2026-4462: Out of bounds read in Blink
• CVE-2026-4463: Heap buffer overflow in WebRTC
• CVE-2026-4464: Integer overflow in ANGLE
• CVE-2026-3909: Out of bounds write in Ski
• CVE-2026-3909: Out of bounds write in Skia
• CVE-2026-3910: Inappropriate implementation in V8
• CVE-2026-3913: Heap buffer overflow in WebML
• CVE-2026-3914: Integer overflow in WebML
• CVE-2026-3915: Heap buffer overflow in WebML
• CVE-2026-3916: Out of bounds read in Web Speech
• CVE-2026-3917: Use after free in Agents
• CVE-2026-3909: Out of bounds write in Skia
• CVE-2026-3910: Inappropriate implementation in V8
• CVE-2026-3913: Heap buffer overflow in WebML
• CVE-2026-3914: Integer overflow in WebML
• CVE-2026-3915: Heap buffer overflow in WebML
• CVE-2026-3916: Out of bounds read in Web Speech
• CVE-2026-3917: Use after free in Agents
• CVE-2026-3918: Use after free in WebMCP
• CVE-2026-3919: Use after free in Extensions
• CVE-2026-3920: Out of bounds memory access in WebML
• CVE-2026-3921: Use after free in TextEncoding
• CVE-2026-3922: Use after free in MediaStream
• CVE-2026-3923: Use after free in WebMIDI
• CVE-2026-3924: Use after free in WindowDialog
• CVE-2026-3925: Incorrect security UI in LookalikeChecks
• CVE-2026-3926: Out of bounds read in V8
• CVE-2026-3927: Incorrect security UI in PictureInPicture
• CVE-2026-3928: Insufficient policy enforcement in Extensions
• CVE-2026-3929: Side-channel information leakage in ResourceTiming
• CVE-2026-3930: Unsafe navigation in Navigation
• CVE-2026-3931: Heap buffer overflow in Skia
• CVE-2026-3932: Insufficient policy enforcement in PDF
• CVE-2026-3934: Insufficient policy enforcement in ChromeDriver
• CVE-2026-3935: Incorrect security UI in WebAppInstalls
• CVE-2026-3936: Use after free in WebView
• CVE-2026-3937: Incorrect security UI in Downloads
• CVE-2026-3938: Insufficient policy enforcement in Clipboard
• CVE-2026-3939: Insufficient policy enforcement in PDF
• CVE-2026-3940: Insufficient policy enforcement in DevTools
• CVE-2026-3941: Insufficient policy enforcement in DevTools
• CVE-2026-3942: Incorrect security UI in PictureInPicture

FEDORA-2026-1d6da76bba Packages in this update:

• cef-146.0.9^chromium146.0.7680.164-1.fc44

Update description:

Update to cef-146.0.9+g3ca6a87 + chromium 146.0.7680.164

• High CVE-2026-4673: Heap buffer overflow in WebAudio
• High CVE-2026-4674: Out of bounds read in CSS
• High CVE-2026-4675: Heap buffer overflow in WebGL
• High CVE-2026-4676: Use after free in Dawn
• High CVE-2026-4677: Out of bounds read in WebAudio
• High CVE-2026-4678: Use after free in WebGPU
• High CVE-2026-4679: Integer overflow in Fonts
• High CVE-2026-4680: Use after free in FedCM
• CVE-2026-4439: Out of bounds memory access in WebGL
• CVE-2026-4440: Out of bounds read and write in WebGL
• CVE-2026-4441: Use after free in Base
• CVE-2026-4442: Heap buffer overflow in CSS
• CVE-2026-4443: Heap buffer overflow in WebAudio
• CVE-2026-4444: Stack buffer overflow in WebRTC
• CVE-2026-4445: Use after free in WebRTC
• CVE-2026-4446: Use after free in WebRTC
• CVE-2026-4447: Inappropriate implementation in V8
• CVE-2026-4448: Heap buffer overflow in ANGLE
• CVE-2026-4449: Use after free in Blink
• CVE-2026-4450: Out of bounds write in V8
• CVE-2026-4451: Insufficient validation of untrusted input in Navigation
• CVE-2026-4452: Integer overflow in ANGLE
• CVE-2026-4453: Integer overflow in Dawn
• CVE-2026-4454: Use after free in Network
• CVE-2026-4455: Heap buffer overflow in PDFium
• CVE-2026-4456: Use after free in Digital Credentials API
• CVE-2026-4457: Type Confusion in V8
• CVE-2026-4458: Use after free in Extensions
• CVE-2026-4459: Out of bounds read and write in WebAudio
• CVE-2026-4460: Out of bounds read in Skia
• CVE-2026-4461: Inappropriate implementation in V8
• CVE-2026-4462: Out of bounds read in Blink
• CVE-2026-4463: Heap buffer overflow in WebRTC
• CVE-2026-4464: Integer overflow in ANGLE
• CVE-2026-3909: Out of bounds write in Ski
• CVE-2026-3909: Out of bounds write in Skia
• CVE-2026-3910: Inappropriate implementation in V8
• CVE-2026-3913: Heap buffer overflow in WebML
• CVE-2026-3914: Integer overflow in WebML
• CVE-2026-3915: Heap buffer overflow in WebML
• CVE-2026-3916: Out of bounds read in Web Speech
• CVE-2026-3917: Use after free in Agents
• CVE-2026-3909: Out of bounds write in Skia
• CVE-2026-3910: Inappropriate implementation in V8
• CVE-2026-3913: Heap buffer overflow in WebML
• CVE-2026-3914: Integer overflow in WebML
• CVE-2026-3915: Heap buffer overflow in WebML
• CVE-2026-3916: Out of bounds read in Web Speech
• CVE-2026-3917: Use after free in Agents
• CVE-2026-3918: Use after free in WebMCP
• CVE-2026-3919: Use after free in Extensions
• CVE-2026-3920: Out of bounds memory access in WebML
• CVE-2026-3921: Use after free in TextEncoding
• CVE-2026-3922: Use after free in MediaStream
• CVE-2026-3923: Use after free in WebMIDI
• CVE-2026-3924: Use after free in WindowDialog
• CVE-2026-3925: Incorrect security UI in LookalikeChecks
• CVE-2026-3926: Out of bounds read in V8
• CVE-2026-3927: Incorrect security UI in PictureInPicture
• CVE-2026-3928: Insufficient policy enforcement in Extensions
• CVE-2026-3929: Side-channel information leakage in ResourceTiming
• CVE-2026-3930: Unsafe navigation in Navigation
• CVE-2026-3931: Heap buffer overflow in Skia
• CVE-2026-3932: Insufficient policy enforcement in PDF
• CVE-2026-3934: Insufficient policy enforcement in ChromeDriver
• CVE-2026-3935: Incorrect security UI in WebAppInstalls
• CVE-2026-3936: Use after free in WebView
• CVE-2026-3937: Incorrect security UI in Downloads
• CVE-2026-3938: Insufficient policy enforcement in Clipboard
• CVE-2026-3939: Insufficient policy enforcement in PDF
• CVE-2026-3940: Insufficient policy enforcement in DevTools
• CVE-2026-3941: Insufficient policy enforcement in DevTools
• CVE-2026-3942: Incorrect security UI in PictureInPicture

It was discovered that Dovecot incorrectly handled invalid base64 SASL data. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 25.10. (CVE-2025-59028) It was discovered that Dovecot script decode2text.sh incorrectly handled zip files. An attacker could possibly use this issue to obtain sensitive information. (CVE-2025-59031) It was discovered that Dovecot incorrectly handled certain AUTHENTICATE requests. An attacker could possibly use this issue to cause a denial of service. (CVE-2025-59032) It was discovered that Dovecot incorrectly handled certain SQL based authentication. An attacker could possibly use this issue to bypass authentication. This issue only affected Ubuntu 25.10. (CVE-2026-24031) It was discovered that Dovecot incorrectly handled certain LDAP based authentication. An attacker could possibly use this issue to bypass restrictions and allow probing of LDAP structure. This issue only affected Ubuntu 25.10. (CVE-2026-27860) It was discovered that Dovecot is vulnerable to replay attack under certain conditions. An attacker could possibly use this issue to bypass authentication. (CVE-2026-27855) It was discovered that Dovecot is vulnerable to a timing attack under certain conditions. An attacker could possibly use this issue to bypass authentication. (CVE-2026-27856) It was discovered that Dovecot incorrectly handled certain IMAP login requests. An attacker could possibly use this issue to cause a denial of service. (CVE-2026-27857) It was discovered that Dovecot incorrectly handled certain specially crafted messages. An attacker could possibly use this issue to cause a denial of service. (CVE-2026-27858) It was discovered that Dovecot incorrectly handled certain specially crafted mail messages. An attacker could possibly use this issue to cause a denial of service. (CVE-2026-27859) It was discovered that Dovecot incorrectly handles file paths. A attacker could possibly use this issue to perform a path traversal and obtain or modify arbitrary files. This issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2026-0394)

FEDORA-2026-58dd426edd Packages in this update:

• perl-5.40.4-520.fc42
• perl-Devel-Cover-1.44-7.fc42
• perl-PAR-Packer-1.064-3.fc42
• polymake-4.15-3.fc42

Update description:

Update for Perl 5.40.4

FEDORA-2026-a9e11de877 Packages in this update:

• libcgif-0.5.2-2.fc44

Update description:

fix potential undefined behavior in cgif_addframe CVE-2026-4985

FEDORA-2026-a526fda5ec Packages in this update:

• libcgif-0.5.2-2.fc43

Update description:

fix potential undefined behavior in cgif_addframe CVE-2026-4985

FEDORA-2026-7c2a9830d7 Packages in this update:

• libcgif-0.5.2-2.fc42

Update description:

fix potential undefined behavior in cgif_addframe CVE-2026-4985

It was discovered that the Ruby URI gem did not properly handle sensitive information when combining URIs. A remote attacker could possibly use this issue to leak authentication credentials.

FEDORA-2026-f5c971af6c Packages in this update:

• python-pydicom-3.0.2-1.fc43

Update description:

Patch release for security advisory CVE-2026-32711. A crafted DICOMDIR could create a path traversal by setting ReferencedFileID to a path outside the File-set root.

FEDORA-2026-9eecdef4e0 Packages in this update:

• python-pydicom-3.0.2-1.fc44

Update description:

Patch release for security advisory CVE-2026-32711. A crafted DICOMDIR could create a path traversal by setting ReferencedFileID to a path outside the File-set root.

FEDORA-2026-6d293b6889 Packages in this update:

• roundcubemail-1.7~rc6-1.fc44

Update description:

Version 1.7-rc6

This is hopefully the last release candidate for the next major version 1.7 of Roundcube Webmail. It provides a fix to recently reported security vulnerability:

• SVG Animate FUNCIRI Attribute Bypass — Remote Image Loading via fill/filter/stroke, reported by class_nzm.

We believe it is production ready, but we recommend to test it on a separate environment.

Migrate existing configs with either the installto.sh or the update.sh scripts.

And don't forget to backup your data before installing it!

CHANGELOG

• Added support for arrays in smtp_user and smtp_pass config options (#10083)
• Added system health checker CLI script (#10106)
• Stricter recognition of an Ajax request (#10118)
• Password: Added Stalwart driver (#10114)
• Fix regression where some data url images could get ignored/lost (#10128)
• Fix SVG Animate FUNCIRI Attribute Bypass — Remote Image Loading via fill/filter/stroke

FEDORA-EPEL-2026-646aebe990 Packages in this update:

• roundcubemail-1.6.15-1.el10_2

Update description:

Version 1.6.15

This is a security update to the stable version 1.6 of Roundcube Webmail. It provides fixes to some regressions introduced in the previous release as well a recently reported security vulnerability:

• SVG Animate FUNCIRI Attribute Bypass — Remote Image Loading via fill/filter/stroke, reported by class_nzm.

This version is considered stable and we recommend to update all productive installations of Roundcube 1.6.x with it. Please do backup your data before updating!

CHANGELOG

• Fix regression where mail search would fail on non-ascii search criteria (#10121)
• Fix regression where some data url images could get ignored/lost (#10128)
• Fix SVG Animate FUNCIRI Attribute Bypass — Remote Image Loading via fill/filter/stroke

FEDORA-2026-051825ca18 Packages in this update:

• roundcubemail-1.6.15-1.fc42

Update description:

Version 1.6.15

This is a security update to the stable version 1.6 of Roundcube Webmail. It provides fixes to some regressions introduced in the previous release as well a recently reported security vulnerability:

• SVG Animate FUNCIRI Attribute Bypass — Remote Image Loading via fill/filter/stroke, reported by class_nzm.

This version is considered stable and we recommend to update all productive installations of Roundcube 1.6.x with it. Please do backup your data before updating!

CHANGELOG

• Fix regression where mail search would fail on non-ascii search criteria (#10121)
• Fix regression where some data url images could get ignored/lost (#10128)
• Fix SVG Animate FUNCIRI Attribute Bypass — Remote Image Loading via fill/filter/stroke

FEDORA-EPEL-2026-82b702d826 Packages in this update:

• roundcubemail-1.6.15-1.el10_1

Update description:

Version 1.6.15

This is a security update to the stable version 1.6 of Roundcube Webmail. It provides fixes to some regressions introduced in the previous release as well a recently reported security vulnerability:

• SVG Animate FUNCIRI Attribute Bypass — Remote Image Loading via fill/filter/stroke, reported by class_nzm.

This version is considered stable and we recommend to update all productive installations of Roundcube 1.6.x with it. Please do backup your data before updating!

CHANGELOG

• Fix regression where mail search would fail on non-ascii search criteria (#10121)
• Fix regression where some data url images could get ignored/lost (#10128)
• Fix SVG Animate FUNCIRI Attribute Bypass — Remote Image Loading via fill/filter/stroke

FEDORA-EPEL-2026-f7a0d90857 Packages in this update:

• roundcubemail-1.6.15-1.el10_3

Update description:

Version 1.6.15

This is a security update to the stable version 1.6 of Roundcube Webmail. It provides fixes to some regressions introduced in the previous release as well a recently reported security vulnerability:

• SVG Animate FUNCIRI Attribute Bypass — Remote Image Loading via fill/filter/stroke, reported by class_nzm.

This version is considered stable and we recommend to update all productive installations of Roundcube 1.6.x with it. Please do backup your data before updating!

CHANGELOG

• Fix regression where mail search would fail on non-ascii search criteria (#10121)
• Fix regression where some data url images could get ignored/lost (#10128)
• Fix SVG Animate FUNCIRI Attribute Bypass — Remote Image Loading via fill/filter/stroke

FEDORA-2026-8ba1a085a9 Packages in this update:

• roundcubemail-1.6.15-1.fc43

Update description:

Version 1.6.15

This is a security update to the stable version 1.6 of Roundcube Webmail. It provides fixes to some regressions introduced in the previous release as well a recently reported security vulnerability:

• SVG Animate FUNCIRI Attribute Bypass — Remote Image Loading via fill/filter/stroke, reported by class_nzm.

This version is considered stable and we recommend to update all productive installations of Roundcube 1.6.x with it. Please do backup your data before updating!

CHANGELOG

• Fix regression where mail search would fail on non-ascii search criteria (#10121)
• Fix regression where some data url images could get ignored/lost (#10128)
• Fix SVG Animate FUNCIRI Attribute Bypass — Remote Image Loading via fill/filter/stroke

FEDORA-EPEL-2026-bf73d904ba Packages in this update:

• roundcubemail-1.5.15-1.el9

Update description:

Version 1.5.15

This is a security update to the stable version 1.5 of Roundcube Webmail. It provides fixes to some regressions introduced in the previous release as well a recently reported security vulnerability:

• SVG Animate FUNCIRI Attribute Bypass — Remote Image Loading via fill/filter/stroke, reported by class_nzm.

This version is considered stable and we recommend to update all productive installations of Roundcube 1.5.x with it. Please do backup your data before updating!

CHANGELOG

• Fix so distribution packages (and composer.json) don't include development dependencies
• Fix regression where mail search would fail on non-ascii search criteria (#10121)
• Fix regression where some data url images could get ignored/lost (#10128)
• Fix SVG Animate FUNCIRI Attribute Bypass — Remote Image Loading via fill/filter/stroke

It was discovered that Pillow did not correctly handle reading J2K files, which could lead to an out-of-bounds read vulnerability. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2021-25287, CVE-2021-25288) It was discovered that Pillow did not correctly handle certain integer arithmetic, which could lead to a buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2021-25290) It was discovered that Pillow did not correctly perform bounds checking for certain operations. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2021-28675, CVE-2021-28676, CVE-2021-28677) It was discovered that Pillow did not correctly handle certain memory operations. An attacker could possibly use this issue to cause a denial of service. (CVE-2023-44271) It was discovered that Pillow did not correctly sanitize certain inputs. An attacker could possibly use this issue to execute arbitrary code. (CVE-2023-50447)