3 days 17 hours ago
FEDORA-2026-4d42fffb2b
Packages in this update:
- chromium-146.0.7680.164-1.fc44
Update description:
Update to 146.0.7680.164
* High CVE-2026-4673: Heap buffer overflow in WebAudio
* High CVE-2026-4674: Out of bounds read in CSS
* High CVE-2026-4675: Heap buffer overflow in WebGL
* High CVE-2026-4676: Use after free in Dawn
* High CVE-2026-4677: Out of bounds read in WebAudio
* High CVE-2026-4678: Use after free in WebGPU
* High CVE-2026-4679: Integer overflow in Fonts
* High CVE-2026-4680: Use after free in FedCM
3 days 17 hours ago
FEDORA-2026-ad5b2b6b68
Packages in this update:
- chromium-146.0.7680.164-1.fc43
Update description:
Update to 146.0.7680.164
* High CVE-2026-4673: Heap buffer overflow in WebAudio
* High CVE-2026-4674: Out of bounds read in CSS
* High CVE-2026-4675: Heap buffer overflow in WebGL
* High CVE-2026-4676: Use after free in Dawn
* High CVE-2026-4677: Out of bounds read in WebAudio
* High CVE-2026-4678: Use after free in WebGPU
* High CVE-2026-4679: Integer overflow in Fonts
* High CVE-2026-4680: Use after free in FedCM
3 days 22 hours ago
3 days 22 hours ago
4 days 4 hours ago
4 days 4 hours ago
4 days 4 hours ago
4 days 5 hours ago
Youngsung Kim discovered that PJSIP did not properly parse numeric header
fields in SIP messages. A remote attacker could use this issue to cause
PJSIP to crash, resulting in a denial of service, or possibly execute
arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-16872)
Peter Koletzki discovered that PJSIP did not properly handle certain
connection requests. A remote attacker could possibly use this issue to
cause PJSIP to enter an unrecoverable state and reject further connections,
resulting in a denial of service. This issue only affected Ubuntu 16.04
LTS. (CVE-2017-16875)
Alfred Farrugia, Sandro Gauci, and Kevin Harwell discovered that PJSIP did
not properly parse certain SDP messages. A remote attacker could possibly
use this issue to cause PJSIP to crash, resulting in a denial of service.
This issue only affected Ubuntu 16.04 LTS. (CVE-2018-1000098,
CVE-2018-1000099)
Lauri Vänskä discovered that PJSIP did not verify hostnames when reusing
TLS connections. If a remote attacker were able to intercept communication,
this flaw could possibly be exploited to view sensitive information.
(CVE-2020-15260)
It was discovered that PJSIP did not properly handle certain sequences of
SDP messages. A remote attacker could possibly use this issue to cause
PJSIP to crash, resulting in a denial of service. (CVE-2021-21375)
It was discovered that the SSL socket implementation in PJSIP contained a
race condition. A remote attacker could possibly use this issue to cause
PJSIP to crash, resulting in a denial of service. This issue was only
addressed in Ubuntu 18.04 LTS. (CVE-2021-32686)
It was discovered that PJSIP did not properly parse certain STUN messages.
A remote attacker could use this issue to cause PJSIP to crash, resulting
in a denial of service, or possibly execute arbitrary code.
(CVE-2021-37706)
Uriya Yavnieli discovered that PJSIP did not properly manage memory under
certain conditions. A remote attacker could use this issue to cause PJSIP
to crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2021-43299, CVE-2021-43300, CVE-2021-43301, CVE-2021-43302,
CVE-2021-43303)
It was discovered that PJSIP did not properly manage memory when processing
ICE session credentials. A remote attacker could use this issue to cause
PJSIP to crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2026-25994)
4 days 7 hours ago
FEDORA-2026-36594550b0
Packages in this update:
Update description:
Update to 2.52.0:
- Make text look like in other browsers by blending in linear color space.
- Improved rendering performance by using a different tile size depending on whether GPU rendering is enabled or not.
- Improved composition scheduling to avoid blocking waiting for tile painting.
- Improved performance of accelerated 2D canvas by recording operations for batched replay.
- Improved async scrolling when main thread is busy by avoiding locks and rendering the scrollbars from the scrolling thread.
- Enabled dynamic MSAA for accelerated 2D canvas rendering.
- Improved text rendering performance
- Videos with BT2100-PQ colorspace are now tone-mapped to SDR, ensuring colours do not appear washed out.
- Added support for the Audio Output Devices API.
- Added API to handle WebXR permission requests.
- Added API to query the immersive session status.
- Added initial API for web extensions.
4 days 7 hours ago
FEDORA-2026-b4d393799a
Packages in this update:
Update description:
Fix CVE-2026-33056 (tar-rs 0.4.45); Closes rhbz#2449672
4 days 8 hours ago
Qualys discovered that several vulnerabilities existed in the AppArmor
Linux kernel Security Module (LSM). An unprivileged local attacker could
use these issues to load, replace, and remove arbitrary AppArmor profiles
causing denial of service, exposure of sensitive information (kernel
memory), local privilege escalation, or possibly escape a container.
(LP: #2143853)
4 days 9 hours ago
Qualys discovered that several vulnerabilities existed in the AppArmor
Linux kernel Security Module (LSM). An unprivileged local attacker could
use these issues to load, replace, and remove arbitrary AppArmor profiles
causing denial of service, exposure of sensitive information (kernel
memory), local privilege escalation, or possibly escape a container.
(LP: #2143853)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- x86 architecture;
- GPIO subsystem;
- GPU drivers;
- MMC subsystem;
- BTRFS file system;
- XFRM subsystem;
- IPv4 networking;
- IPv6 networking;
- MAC80211 subsystem;
- SMC sockets;
(CVE-2021-47599, CVE-2022-48875, CVE-2022-49072, CVE-2022-49267,
CVE-2024-49927, CVE-2024-56640, CVE-2025-21780, CVE-2025-40215)
4 days 10 hours ago
Qualys discovered that several vulnerabilities existed in the AppArmor
Linux kernel Security Module (LSM). An unprivileged local attacker could
use these issues to load, replace, and remove arbitrary AppArmor profiles
causing denial of service, exposure of sensitive information (kernel
memory), local privilege escalation, or possibly escape a container.
(LP: #2143853)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- x86 architecture;
- GPIO subsystem;
- GPU drivers;
- MMC subsystem;
- BTRFS file system;
- XFRM subsystem;
- IPv4 networking;
- IPv6 networking;
- MAC80211 subsystem;
- SMC sockets;
(CVE-2021-47599, CVE-2022-48875, CVE-2022-49072, CVE-2022-49267,
CVE-2024-49927, CVE-2024-56640, CVE-2025-21780, CVE-2025-40215)
4 days 10 hours ago
Version:next-20260324 (linux-next)
Released:2026-03-24
4 days 10 hours ago
FEDORA-2026-d62d7fe77e
Packages in this update:
Update description:
Fix CVE-2026-31812: Bump tar-rs to .5.45 - Closes rhbz#2449672
4 days 11 hours ago
FEDORA-2026-2fc36ddefe
Packages in this update:
Update description:
Fix CVE-2026-31812: Bump tar-rs to .5.45 - Closes rhbz#2449672
4 days 13 hours ago
Seunghyun Lee discovered that Redis incorrectly handled memory during
hyperloglog operations. An attacker could use this issue to cause a denial
of service, or possibly achieve remote code execution.
4 days 13 hours ago
FEDORA-2026-e14350a7de
Packages in this update:
- rust-rustls-webpki-0.103.10-1.fc44
Update description:
Update to version 0.103.10. Addresses RUSTSEC-2026-0049.
Update to version 0.103.9.
4 days 13 hours ago
FEDORA-EPEL-2026-1460f79f2c
Packages in this update:
- rust-rustls-webpki-0.103.10-1.el10_3
Update description:
Update to version 0.103.10. Addresses RUSTSEC-2026-0049.
Update to version 0.103.9.
4 days 13 hours ago
FEDORA-EPEL-2026-860e57b32b
Packages in this update:
- rust-rustls-webpki-0.103.10-1.el10_2
Update description:
Update to version 0.103.10. Addresses RUSTSEC-2026-0049.
Update to version 0.103.9.
