Aggregator

USN-8146-1: libjxl vulnerability

6 days 20 hours ago
Daniel Novomeský discovered that libjxl did not properly manage memory when decoding certain files. An attacker could use this issue to cause libjxl to crash, resulting in denial of service, or possibly execute arbitrary code.

USN-8149-1: Linux kernel vulnerabilities

6 days 21 hours ago
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - Netfilter; - Network traffic control; (CVE-2026-23060, CVE-2026-23074, CVE-2026-23111)

USN-8147-1: libarchive vulnerabilities

6 days 21 hours ago
It was discovered that libarchive incorrectly handled certain archive files. An attacker could possibly use this issue to access sensitive information. This issue only affected Ubuntu 14.04 LTS. (CVE-2019-19221) It was discovered that libarchive incorrectly handled certain RAR archive files. If a user or automated system were tricked into processing a specially crafted RAR archive, an attacker could possibly use this issue to cause libarchive to crash, resulting in a denial of service, or execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2024-20696) It was discovered that libarchive incorrectly handled certain RAR archive files. An attacker could possibly use this issue to execute arbitrary code or cause a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2025-5914) It was discovered that libarchive incorrectly handled certain WARC archive files. If a user or automated system were tricked into processing a specially crafted WARC archive, an attacker could possibly use this issue to cause libarchive to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2025-5916) It was discovered that libarchive incorrectly handled certain file names when handling prefixes and suffixes. An attacker could possibly use this issue to cause libarchive to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2025-5917) It was discovered that libarchive could read past the end of file streams when processing input to bsdtar. An attacker could possibly use this issue to cause memory corruption or a denial of service. (CVE-2025-5918) It was discovered that libarchive incorrectly handled certain TAR archive files. If a user or automated system were tricked into processing a specially crafted TAR archive, an attacker could possibly use this issue to cause libarchive to crash, resulting in a denial of service, or execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2025-25724) HyungJung Joo discovered that libarchive did not properly limit memory allocation when processing substitution rules in bsdtar. An attacker could possibly use this issue to cause excessive memory consumption, leading to a denial of service. (CVE-2025-60753) Elhanan Haenel discovered that libarchive could enter an infinite loop when processing crafted RAR5 archives. An attacker could possibly use this issue to cause excessive CPU consumption, leading to a denial of service. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 25.10. (CVE-2026-4111)

USN-8148-1: Linux kernel vulnerabilities

6 days 21 hours ago
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - Netfilter; - Network traffic control; (CVE-2026-23060, CVE-2026-23074, CVE-2026-23111)

chromium-146.0.7680.177-1.el10_1

6 days 22 hours ago
FEDORA-EPEL-2026-3dc5de63cc Packages in this update:
  • chromium-146.0.7680.177-1.el10_1
Update description:

Update to 146.0.7680.177

  • High CVE-2026-5273: Use after free in CSS
  • High CVE-2026-5272: Heap buffer overflow in GPU
  • High CVE-2026-5274: Integer overflow in Codecs
  • High CVE-2026-5275: Heap buffer overflow in ANGLE
  • High CVE-2026-5276: Insufficient policy enforcement in WebUSB
  • High CVE-2026-5277: Integer overflow in ANGLE
  • High CVE-2026-5278: Use after free in Web MIDI
  • High CVE-2026-5279: Object corruption in V8
  • High CVE-2026-5280: Use after free in WebCodecs
  • High CVE-2026-5281: Use after free in Dawn
  • High CVE-2026-5282: Out of bounds read in WebCodecs
  • High CVE-2026-5283: Inappropriate implementation in ANGLE
  • High CVE-2026-5284: Use after free in Dawn
  • High CVE-2026-5285: Use after free in WebGL
  • High CVE-2026-5286: Use after free in Dawn
  • High CVE-2026-5287: Use after free in PDF
  • High CVE-2026-5288: Use after free in WebView
  • High CVE-2026-5289: Use after free in Navigation
  • High CVE-2026-5290: Use after free in Compositing
  • Medium CVE-2026-5291: Inappropriate implementation in WebGL
  • Medium CVE-2026-5292: Out of bounds read in WebCodecs

chromium-146.0.7680.177-1.el9

6 days 22 hours ago
FEDORA-EPEL-2026-6a5f534eb8 Packages in this update:
  • chromium-146.0.7680.177-1.el9
Update description:

Update to 146.0.7680.177

  • High CVE-2026-5273: Use after free in CSS
  • High CVE-2026-5272: Heap buffer overflow in GPU
  • High CVE-2026-5274: Integer overflow in Codecs
  • High CVE-2026-5275: Heap buffer overflow in ANGLE
  • High CVE-2026-5276: Insufficient policy enforcement in WebUSB
  • High CVE-2026-5277: Integer overflow in ANGLE
  • High CVE-2026-5278: Use after free in Web MIDI
  • High CVE-2026-5279: Object corruption in V8
  • High CVE-2026-5280: Use after free in WebCodecs
  • High CVE-2026-5281: Use after free in Dawn
  • High CVE-2026-5282: Out of bounds read in WebCodecs
  • High CVE-2026-5283: Inappropriate implementation in ANGLE
  • High CVE-2026-5284: Use after free in Dawn
  • High CVE-2026-5285: Use after free in WebGL
  • High CVE-2026-5286: Use after free in Dawn
  • High CVE-2026-5287: Use after free in PDF
  • High CVE-2026-5288: Use after free in WebView
  • High CVE-2026-5289: Use after free in Navigation
  • High CVE-2026-5290: Use after free in Compositing
  • Medium CVE-2026-5291: Inappropriate implementation in WebGL
  • Medium CVE-2026-5292: Out of bounds read in WebCodecs

chromium-146.0.7680.177-1.fc44

6 days 22 hours ago
FEDORA-2026-450ba465fd Packages in this update:
  • chromium-146.0.7680.177-1.fc44
Update description:

Update to 146.0.7680.177

  • High CVE-2026-5273: Use after free in CSS
  • High CVE-2026-5272: Heap buffer overflow in GPU
  • High CVE-2026-5274: Integer overflow in Codecs
  • High CVE-2026-5275: Heap buffer overflow in ANGLE
  • High CVE-2026-5276: Insufficient policy enforcement in WebUSB
  • High CVE-2026-5277: Integer overflow in ANGLE
  • High CVE-2026-5278: Use after free in Web MIDI
  • High CVE-2026-5279: Object corruption in V8
  • High CVE-2026-5280: Use after free in WebCodecs
  • High CVE-2026-5281: Use after free in Dawn
  • High CVE-2026-5282: Out of bounds read in WebCodecs
  • High CVE-2026-5283: Inappropriate implementation in ANGLE
  • High CVE-2026-5284: Use after free in Dawn
  • High CVE-2026-5285: Use after free in WebGL
  • High CVE-2026-5286: Use after free in Dawn
  • High CVE-2026-5287: Use after free in PDF
  • High CVE-2026-5288: Use after free in WebView
  • High CVE-2026-5289: Use after free in Navigation
  • High CVE-2026-5290: Use after free in Compositing
  • Medium CVE-2026-5291: Inappropriate implementation in WebGL
  • Medium CVE-2026-5292: Out of bounds read in WebCodecs

chromium-146.0.7680.177-1.fc42

6 days 22 hours ago
FEDORA-2026-2b2e6a12de Packages in this update:
  • chromium-146.0.7680.177-1.fc42
Update description:

Update to 146.0.7680.177

  • High CVE-2026-5273: Use after free in CSS
  • High CVE-2026-5272: Heap buffer overflow in GPU
  • High CVE-2026-5274: Integer overflow in Codecs
  • High CVE-2026-5275: Heap buffer overflow in ANGLE
  • High CVE-2026-5276: Insufficient policy enforcement in WebUSB
  • High CVE-2026-5277: Integer overflow in ANGLE
  • High CVE-2026-5278: Use after free in Web MIDI
  • High CVE-2026-5279: Object corruption in V8
  • High CVE-2026-5280: Use after free in WebCodecs
  • High CVE-2026-5281: Use after free in Dawn
  • High CVE-2026-5282: Out of bounds read in WebCodecs
  • High CVE-2026-5283: Inappropriate implementation in ANGLE
  • High CVE-2026-5284: Use after free in Dawn
  • High CVE-2026-5285: Use after free in WebGL
  • High CVE-2026-5286: Use after free in Dawn
  • High CVE-2026-5287: Use after free in PDF
  • High CVE-2026-5288: Use after free in WebView
  • High CVE-2026-5289: Use after free in Navigation
  • High CVE-2026-5290: Use after free in Compositing
  • Medium CVE-2026-5291: Inappropriate implementation in WebGL
  • Medium CVE-2026-5292: Out of bounds read in WebCodecs

chromium-146.0.7680.177-1.fc43

6 days 22 hours ago
FEDORA-2026-bdd01d79ba Packages in this update:
  • chromium-146.0.7680.177-1.fc43
Update description:

Update to 146.0.7680.177

  • High CVE-2026-5273: Use after free in CSS
  • High CVE-2026-5272: Heap buffer overflow in GPU
  • High CVE-2026-5274: Integer overflow in Codecs
  • High CVE-2026-5275: Heap buffer overflow in ANGLE
  • High CVE-2026-5276: Insufficient policy enforcement in WebUSB
  • High CVE-2026-5277: Integer overflow in ANGLE
  • High CVE-2026-5278: Use after free in Web MIDI
  • High CVE-2026-5279: Object corruption in V8
  • High CVE-2026-5280: Use after free in WebCodecs
  • High CVE-2026-5281: Use after free in Dawn
  • High CVE-2026-5282: Out of bounds read in WebCodecs
  • High CVE-2026-5283: Inappropriate implementation in ANGLE
  • High CVE-2026-5284: Use after free in Dawn
  • High CVE-2026-5285: Use after free in WebGL
  • High CVE-2026-5286: Use after free in Dawn
  • High CVE-2026-5287: Use after free in PDF
  • High CVE-2026-5288: Use after free in WebView
  • High CVE-2026-5289: Use after free in Navigation
  • High CVE-2026-5290: Use after free in Compositing
  • Medium CVE-2026-5291: Inappropriate implementation in WebGL
  • Medium CVE-2026-5292: Out of bounds read in WebCodecs

chromium-146.0.7680.177-1.el10_2

6 days 22 hours ago
FEDORA-EPEL-2026-189ae4f7fc Packages in this update:
  • chromium-146.0.7680.177-1.el10_2
Update description:

Update to 146.0.7680.177

  • High CVE-2026-5273: Use after free in CSS
  • High CVE-2026-5272: Heap buffer overflow in GPU
  • High CVE-2026-5274: Integer overflow in Codecs
  • High CVE-2026-5275: Heap buffer overflow in ANGLE
  • High CVE-2026-5276: Insufficient policy enforcement in WebUSB
  • High CVE-2026-5277: Integer overflow in ANGLE
  • High CVE-2026-5278: Use after free in Web MIDI
  • High CVE-2026-5279: Object corruption in V8
  • High CVE-2026-5280: Use after free in WebCodecs
  • High CVE-2026-5281: Use after free in Dawn
  • High CVE-2026-5282: Out of bounds read in WebCodecs
  • High CVE-2026-5283: Inappropriate implementation in ANGLE
  • High CVE-2026-5284: Use after free in Dawn
  • High CVE-2026-5285: Use after free in WebGL
  • High CVE-2026-5286: Use after free in Dawn
  • High CVE-2026-5287: Use after free in PDF
  • High CVE-2026-5288: Use after free in WebView
  • High CVE-2026-5289: Use after free in Navigation
  • High CVE-2026-5290: Use after free in Compositing
  • Medium CVE-2026-5291: Inappropriate implementation in WebGL
  • Medium CVE-2026-5292: Out of bounds read in WebCodecs

chromium-146.0.7680.177-1.el10_3

6 days 22 hours ago
FEDORA-EPEL-2026-efc00c94b6 Packages in this update:
  • chromium-146.0.7680.177-1.el10_3
Update description:

Update to 146.0.7680.177

  • High CVE-2026-5273: Use after free in CSS
  • High CVE-2026-5272: Heap buffer overflow in GPU
  • High CVE-2026-5274: Integer overflow in Codecs
  • High CVE-2026-5275: Heap buffer overflow in ANGLE
  • High CVE-2026-5276: Insufficient policy enforcement in WebUSB
  • High CVE-2026-5277: Integer overflow in ANGLE
  • High CVE-2026-5278: Use after free in Web MIDI
  • High CVE-2026-5279: Object corruption in V8
  • High CVE-2026-5280: Use after free in WebCodecs
  • High CVE-2026-5281: Use after free in Dawn
  • High CVE-2026-5282: Out of bounds read in WebCodecs
  • High CVE-2026-5283: Inappropriate implementation in ANGLE
  • High CVE-2026-5284: Use after free in Dawn
  • High CVE-2026-5285: Use after free in WebGL
  • High CVE-2026-5286: Use after free in Dawn
  • High CVE-2026-5287: Use after free in PDF
  • High CVE-2026-5288: Use after free in WebView
  • High CVE-2026-5289: Use after free in Navigation
  • High CVE-2026-5290: Use after free in Compositing
  • Medium CVE-2026-5291: Inappropriate implementation in WebGL
  • Medium CVE-2026-5292: Out of bounds read in WebCodecs

trafficserver-10.1.2-1.fc43

6 days 23 hours ago
FEDORA-2026-7b719a7a58 Packages in this update:
  • trafficserver-10.1.2-1.fc43
Update description:

Resolves: CVE-2025-58136 - A simple legitimate POST request causes a crash CVE-2025-65114 - Malformed chunked message body allows request smuggling

Changes with Apache Traffic Server 10.1.2 #12864 - Fix ppa log field #13037 - Fix prev_is_cr flag handling in chunked encoding parser #13040 - HttpSM - make sure we have a valid buffer to write on.

trafficserver-10.1.2-1.fc44

6 days 23 hours ago
FEDORA-2026-7839a46d9d Packages in this update:
  • trafficserver-10.1.2-1.fc44
Update description:

Resolves: CVE-2025-58136 - A simple legitimate POST request causes a crash CVE-2025-65114 - Malformed chunked message body allows request smuggling

Changes with Apache Traffic Server 10.1.2 #12864 - Fix ppa log field #13037 - Fix prev_is_cr flag handling in chunked encoding parser #13040 - HttpSM - make sure we have a valid buffer to write on.

trafficserver-10.1.2-1.fc42

6 days 23 hours ago
FEDORA-2026-a157bd84c4 Packages in this update:
  • trafficserver-10.1.2-1.fc42
Update description:

Resolves: CVE-2025-58136 - A simple legitimate POST request causes a crash CVE-2025-65114 - Malformed chunked message body allows request smuggling

Changes with Apache Traffic Server 10.1.2 #12864 - Fix ppa log field #13037 - Fix prev_is_cr flag handling in chunked encoding parser #13040 - HttpSM - make sure we have a valid buffer to write on.

trafficserver-9.2.13-1.el9

1 week ago
FEDORA-EPEL-2026-7d17b6d554 Packages in this update:
  • trafficserver-9.2.13-1.el9
Update description:

Resolves: CVE-2025-58136 - A simple legitimate POST request causes a crash CVE-2025-65114 - Malformed chunked message body allows request smuggling

Changes with Apache Traffic Server 9.2.13 #12834 - Make 9.2.x buildable on macOS 26 #12909 - Updating make/configure for hdrrwr lib includes #13038 - 9.2.x: Fix prev_is_cr flag handling in chunked encoding parser #13039 - 9.2.x: HttpSM - make sure we have a valid buffer to write on.