Aggregator

FEDORA-2026-0ebdbc98c5 Packages in this update:

• mupdf-1.27.1-10.fc44

Update description:

fix CVE-2026-3308 (rhbz#2454361)

FEDORA-2026-563f85e690 Packages in this update:

• mupdf-1.27.1-10.fc45

Update description:

Automatic update for mupdf-1.27.1-10.fc45.

Changelog * Thu Apr 2 2026 Michael J Gruber <mjg@fedoraproject.org> - 1.27.1-10 - fix CVE-2026-3308 (rhbz#2454361)

Daniel Novomeský discovered that libjxl did not properly manage memory when decoding certain files. An attacker could use this issue to cause libjxl to crash, resulting in denial of service, or possibly execute arbitrary code.

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - Netfilter; - Network traffic control; (CVE-2026-23060, CVE-2026-23074, CVE-2026-23111)

It was discovered that libarchive incorrectly handled certain archive files. An attacker could possibly use this issue to access sensitive information. This issue only affected Ubuntu 14.04 LTS. (CVE-2019-19221) It was discovered that libarchive incorrectly handled certain RAR archive files. If a user or automated system were tricked into processing a specially crafted RAR archive, an attacker could possibly use this issue to cause libarchive to crash, resulting in a denial of service, or execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2024-20696) It was discovered that libarchive incorrectly handled certain RAR archive files. An attacker could possibly use this issue to execute arbitrary code or cause a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2025-5914) It was discovered that libarchive incorrectly handled certain WARC archive files. If a user or automated system were tricked into processing a specially crafted WARC archive, an attacker could possibly use this issue to cause libarchive to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2025-5916) It was discovered that libarchive incorrectly handled certain file names when handling prefixes and suffixes. An attacker could possibly use this issue to cause libarchive to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2025-5917) It was discovered that libarchive could read past the end of file streams when processing input to bsdtar. An attacker could possibly use this issue to cause memory corruption or a denial of service. (CVE-2025-5918) It was discovered that libarchive incorrectly handled certain TAR archive files. If a user or automated system were tricked into processing a specially crafted TAR archive, an attacker could possibly use this issue to cause libarchive to crash, resulting in a denial of service, or execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2025-25724) HyungJung Joo discovered that libarchive did not properly limit memory allocation when processing substitution rules in bsdtar. An attacker could possibly use this issue to cause excessive memory consumption, leading to a denial of service. (CVE-2025-60753) Elhanan Haenel discovered that libarchive could enter an infinite loop when processing crafted RAR5 archives. An attacker could possibly use this issue to cause excessive CPU consumption, leading to a denial of service. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 25.10. (CVE-2026-4111)

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - Netfilter; - Network traffic control; (CVE-2026-23060, CVE-2026-23074, CVE-2026-23111)

FEDORA-EPEL-2026-3dc5de63cc Packages in this update:

• chromium-146.0.7680.177-1.el10_1

Update description:

Update to 146.0.7680.177

• High CVE-2026-5273: Use after free in CSS
• High CVE-2026-5272: Heap buffer overflow in GPU
• High CVE-2026-5274: Integer overflow in Codecs
• High CVE-2026-5275: Heap buffer overflow in ANGLE
• High CVE-2026-5276: Insufficient policy enforcement in WebUSB
• High CVE-2026-5277: Integer overflow in ANGLE
• High CVE-2026-5278: Use after free in Web MIDI
• High CVE-2026-5279: Object corruption in V8
• High CVE-2026-5280: Use after free in WebCodecs
• High CVE-2026-5281: Use after free in Dawn
• High CVE-2026-5282: Out of bounds read in WebCodecs
• High CVE-2026-5283: Inappropriate implementation in ANGLE
• High CVE-2026-5284: Use after free in Dawn
• High CVE-2026-5285: Use after free in WebGL
• High CVE-2026-5286: Use after free in Dawn
• High CVE-2026-5287: Use after free in PDF
• High CVE-2026-5288: Use after free in WebView
• High CVE-2026-5289: Use after free in Navigation
• High CVE-2026-5290: Use after free in Compositing
• Medium CVE-2026-5291: Inappropriate implementation in WebGL
• Medium CVE-2026-5292: Out of bounds read in WebCodecs

FEDORA-EPEL-2026-6a5f534eb8 Packages in this update:

• chromium-146.0.7680.177-1.el9

Update description:

Update to 146.0.7680.177

• High CVE-2026-5273: Use after free in CSS
• High CVE-2026-5272: Heap buffer overflow in GPU
• High CVE-2026-5274: Integer overflow in Codecs
• High CVE-2026-5275: Heap buffer overflow in ANGLE
• High CVE-2026-5276: Insufficient policy enforcement in WebUSB
• High CVE-2026-5277: Integer overflow in ANGLE
• High CVE-2026-5278: Use after free in Web MIDI
• High CVE-2026-5279: Object corruption in V8
• High CVE-2026-5280: Use after free in WebCodecs
• High CVE-2026-5281: Use after free in Dawn
• High CVE-2026-5282: Out of bounds read in WebCodecs
• High CVE-2026-5283: Inappropriate implementation in ANGLE
• High CVE-2026-5284: Use after free in Dawn
• High CVE-2026-5285: Use after free in WebGL
• High CVE-2026-5286: Use after free in Dawn
• High CVE-2026-5287: Use after free in PDF
• High CVE-2026-5288: Use after free in WebView
• High CVE-2026-5289: Use after free in Navigation
• High CVE-2026-5290: Use after free in Compositing
• Medium CVE-2026-5291: Inappropriate implementation in WebGL
• Medium CVE-2026-5292: Out of bounds read in WebCodecs

FEDORA-2026-450ba465fd Packages in this update:

• chromium-146.0.7680.177-1.fc44

Update description:

Update to 146.0.7680.177

• High CVE-2026-5273: Use after free in CSS
• High CVE-2026-5272: Heap buffer overflow in GPU
• High CVE-2026-5274: Integer overflow in Codecs
• High CVE-2026-5275: Heap buffer overflow in ANGLE
• High CVE-2026-5276: Insufficient policy enforcement in WebUSB
• High CVE-2026-5277: Integer overflow in ANGLE
• High CVE-2026-5278: Use after free in Web MIDI
• High CVE-2026-5279: Object corruption in V8
• High CVE-2026-5280: Use after free in WebCodecs
• High CVE-2026-5281: Use after free in Dawn
• High CVE-2026-5282: Out of bounds read in WebCodecs
• High CVE-2026-5283: Inappropriate implementation in ANGLE
• High CVE-2026-5284: Use after free in Dawn
• High CVE-2026-5285: Use after free in WebGL
• High CVE-2026-5286: Use after free in Dawn
• High CVE-2026-5287: Use after free in PDF
• High CVE-2026-5288: Use after free in WebView
• High CVE-2026-5289: Use after free in Navigation
• High CVE-2026-5290: Use after free in Compositing
• Medium CVE-2026-5291: Inappropriate implementation in WebGL
• Medium CVE-2026-5292: Out of bounds read in WebCodecs

FEDORA-2026-2b2e6a12de Packages in this update:

• chromium-146.0.7680.177-1.fc42

Update description:

Update to 146.0.7680.177

• High CVE-2026-5273: Use after free in CSS
• High CVE-2026-5272: Heap buffer overflow in GPU
• High CVE-2026-5274: Integer overflow in Codecs
• High CVE-2026-5275: Heap buffer overflow in ANGLE
• High CVE-2026-5276: Insufficient policy enforcement in WebUSB
• High CVE-2026-5277: Integer overflow in ANGLE
• High CVE-2026-5278: Use after free in Web MIDI
• High CVE-2026-5279: Object corruption in V8
• High CVE-2026-5280: Use after free in WebCodecs
• High CVE-2026-5281: Use after free in Dawn
• High CVE-2026-5282: Out of bounds read in WebCodecs
• High CVE-2026-5283: Inappropriate implementation in ANGLE
• High CVE-2026-5284: Use after free in Dawn
• High CVE-2026-5285: Use after free in WebGL
• High CVE-2026-5286: Use after free in Dawn
• High CVE-2026-5287: Use after free in PDF
• High CVE-2026-5288: Use after free in WebView
• High CVE-2026-5289: Use after free in Navigation
• High CVE-2026-5290: Use after free in Compositing
• Medium CVE-2026-5291: Inappropriate implementation in WebGL
• Medium CVE-2026-5292: Out of bounds read in WebCodecs

FEDORA-2026-bdd01d79ba Packages in this update:

• chromium-146.0.7680.177-1.fc43

Update description:

Update to 146.0.7680.177

• High CVE-2026-5273: Use after free in CSS
• High CVE-2026-5272: Heap buffer overflow in GPU
• High CVE-2026-5274: Integer overflow in Codecs
• High CVE-2026-5275: Heap buffer overflow in ANGLE
• High CVE-2026-5276: Insufficient policy enforcement in WebUSB
• High CVE-2026-5277: Integer overflow in ANGLE
• High CVE-2026-5278: Use after free in Web MIDI
• High CVE-2026-5279: Object corruption in V8
• High CVE-2026-5280: Use after free in WebCodecs
• High CVE-2026-5281: Use after free in Dawn
• High CVE-2026-5282: Out of bounds read in WebCodecs
• High CVE-2026-5283: Inappropriate implementation in ANGLE
• High CVE-2026-5284: Use after free in Dawn
• High CVE-2026-5285: Use after free in WebGL
• High CVE-2026-5286: Use after free in Dawn
• High CVE-2026-5287: Use after free in PDF
• High CVE-2026-5288: Use after free in WebView
• High CVE-2026-5289: Use after free in Navigation
• High CVE-2026-5290: Use after free in Compositing
• Medium CVE-2026-5291: Inappropriate implementation in WebGL
• Medium CVE-2026-5292: Out of bounds read in WebCodecs

FEDORA-EPEL-2026-189ae4f7fc Packages in this update:

• chromium-146.0.7680.177-1.el10_2

Update description:

Update to 146.0.7680.177

• High CVE-2026-5273: Use after free in CSS
• High CVE-2026-5272: Heap buffer overflow in GPU
• High CVE-2026-5274: Integer overflow in Codecs
• High CVE-2026-5275: Heap buffer overflow in ANGLE
• High CVE-2026-5276: Insufficient policy enforcement in WebUSB
• High CVE-2026-5277: Integer overflow in ANGLE
• High CVE-2026-5278: Use after free in Web MIDI
• High CVE-2026-5279: Object corruption in V8
• High CVE-2026-5280: Use after free in WebCodecs
• High CVE-2026-5281: Use after free in Dawn
• High CVE-2026-5282: Out of bounds read in WebCodecs
• High CVE-2026-5283: Inappropriate implementation in ANGLE
• High CVE-2026-5284: Use after free in Dawn
• High CVE-2026-5285: Use after free in WebGL
• High CVE-2026-5286: Use after free in Dawn
• High CVE-2026-5287: Use after free in PDF
• High CVE-2026-5288: Use after free in WebView
• High CVE-2026-5289: Use after free in Navigation
• High CVE-2026-5290: Use after free in Compositing
• Medium CVE-2026-5291: Inappropriate implementation in WebGL
• Medium CVE-2026-5292: Out of bounds read in WebCodecs

FEDORA-EPEL-2026-efc00c94b6 Packages in this update:

• chromium-146.0.7680.177-1.el10_3

Update description:

Update to 146.0.7680.177

• High CVE-2026-5273: Use after free in CSS
• High CVE-2026-5272: Heap buffer overflow in GPU
• High CVE-2026-5274: Integer overflow in Codecs
• High CVE-2026-5275: Heap buffer overflow in ANGLE
• High CVE-2026-5276: Insufficient policy enforcement in WebUSB
• High CVE-2026-5277: Integer overflow in ANGLE
• High CVE-2026-5278: Use after free in Web MIDI
• High CVE-2026-5279: Object corruption in V8
• High CVE-2026-5280: Use after free in WebCodecs
• High CVE-2026-5281: Use after free in Dawn
• High CVE-2026-5282: Out of bounds read in WebCodecs
• High CVE-2026-5283: Inappropriate implementation in ANGLE
• High CVE-2026-5284: Use after free in Dawn
• High CVE-2026-5285: Use after free in WebGL
• High CVE-2026-5286: Use after free in Dawn
• High CVE-2026-5287: Use after free in PDF
• High CVE-2026-5288: Use after free in WebView
• High CVE-2026-5289: Use after free in Navigation
• High CVE-2026-5290: Use after free in Compositing
• Medium CVE-2026-5291: Inappropriate implementation in WebGL
• Medium CVE-2026-5292: Out of bounds read in WebCodecs

FEDORA-2026-3a9536df40 Packages in this update:

• mbedtls-3.6.6-1.fc44

Update description:

Update to 3.6.6

FEDORA-2026-8c332fbf00 Packages in this update:

• mbedtls-3.6.6-1.fc43

Update description:

Update to 3.6.6

FEDORA-2026-10443c65e3 Packages in this update:

• mbedtls-3.6.6-1.fc42

Update description:

Update to 3.6.6

FEDORA-2026-7b719a7a58 Packages in this update:

• trafficserver-10.1.2-1.fc43

Update description:

Resolves: CVE-2025-58136 - A simple legitimate POST request causes a crash CVE-2025-65114 - Malformed chunked message body allows request smuggling

Changes with Apache Traffic Server 10.1.2 #12864 - Fix ppa log field #13037 - Fix prev_is_cr flag handling in chunked encoding parser #13040 - HttpSM - make sure we have a valid buffer to write on.

FEDORA-2026-7839a46d9d Packages in this update:

• trafficserver-10.1.2-1.fc44

Update description:

Resolves: CVE-2025-58136 - A simple legitimate POST request causes a crash CVE-2025-65114 - Malformed chunked message body allows request smuggling

Changes with Apache Traffic Server 10.1.2 #12864 - Fix ppa log field #13037 - Fix prev_is_cr flag handling in chunked encoding parser #13040 - HttpSM - make sure we have a valid buffer to write on.

FEDORA-2026-a157bd84c4 Packages in this update:

• trafficserver-10.1.2-1.fc42

Update description:

Resolves: CVE-2025-58136 - A simple legitimate POST request causes a crash CVE-2025-65114 - Malformed chunked message body allows request smuggling

Changes with Apache Traffic Server 10.1.2 #12864 - Fix ppa log field #13037 - Fix prev_is_cr flag handling in chunked encoding parser #13040 - HttpSM - make sure we have a valid buffer to write on.

FEDORA-EPEL-2026-7d17b6d554 Packages in this update:

• trafficserver-9.2.13-1.el9

Update description:

Resolves: CVE-2025-58136 - A simple legitimate POST request causes a crash CVE-2025-65114 - Malformed chunked message body allows request smuggling

Changes with Apache Traffic Server 9.2.13 #12834 - Make 9.2.x buildable on macOS 26 #12909 - Updating make/configure for hdrrwr lib includes #13038 - 9.2.x: Fix prev_is_cr flag handling in chunked encoding parser #13039 - 9.2.x: HttpSM - make sure we have a valid buffer to write on.