Aggregator

FEDORA-2026-1a9f019f60 Packages in this update:

• libcgif-0.5.3-1.fc43

Update description:

Version 0.5.3

• Fix potential undefined behavior in cgif_addframe which could have led to an integer overflow CVE-2026-4985

FEDORA-2026-7716e480cb Packages in this update:

• libcgif-0.5.3-1.fc42

Update description:

Version 0.5.3

• Fix potential undefined behavior in cgif_addframe which could have led to an integer overflow CVE-2026-4985

FEDORA-2026-8de97987a6 Packages in this update:

• libcap-2.77-3.fc44

Update description:

Version 0.5.3

• Fix potential undefined behavior in cgif_addframe which could have led to an integer overflow

USN-8089-1 fixed vulnerabilities in Go Networking. This update provides the corresponding update to code vendored in golang-golang-x-net-dev. Original advisory details: Bahruz Jabiyev, Tommaso Innocenti, Anthony Gavazzi, Steven Sprecher, and Kaan Onarlioglu discovered that servers using Go Networking could hang during shutdown if preempted by a fatal error. An attacker could possibly use this to cause a denial of service. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-27664) Arpad Ryszka and Jakob Ackermann discovered that a maliciously crafted stream could cause excessive CPU usage in Go Networking's HPACK decoder. An attacker could possibly use this to cause a denial of service. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-41723) Mohammad Thoriq Aziz discovered that Go Networking did not properly sanitize some text nodes. An attacker could possibly use this to execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. (CVE-2023-3978) Sean Ng discovered an error in Go Networking's HTML tag handling. An attacker could possibly use this to cause a denial of service. (CVE-2025-22872) Guido Vranken and Jakub Ciolek discovered that a maliciously crafted HTML document could exhaust system resources on servers using Go Networking. An attacker could possibly use this to cause a denial of service. (CVE-2025-47911) Guido Vranken discovered that a maliciously crafted HTML document could put servers using Go Networking into an infinite loop. An attacker could possibly use this to cause a denial of service. (CVE-2025-58190)

FEDORA-2026-4440b00e25 Packages in this update:

• opensc-0.27.1-1.fc43

Update description:

New upstream release (#2442363) fixing various security issues:

FEDORA-2026-8c5856afbb Packages in this update:

• opensc-0.27.1-1.fc44

Update description:

New upstream release (#2442363) fixing various security issues.

Version:next-20260331 (linux-next) Released:2026-03-31

FEDORA-2026-6188cc51be Packages in this update:

• cef-146.0.9^chromium146.0.7680.164-1.fc42

Update description:

Update to cef-146.0.9+g3ca6a87 + chromium 146.0.7680.164

• High CVE-2026-4673: Heap buffer overflow in WebAudio
• High CVE-2026-4674: Out of bounds read in CSS
• High CVE-2026-4675: Heap buffer overflow in WebGL
• High CVE-2026-4676: Use after free in Dawn
• High CVE-2026-4677: Out of bounds read in WebAudio
• High CVE-2026-4678: Use after free in WebGPU
• High CVE-2026-4679: Integer overflow in Fonts
• High CVE-2026-4680: Use after free in FedCM
• CVE-2026-4439: Out of bounds memory access in WebGL
• CVE-2026-4440: Out of bounds read and write in WebGL
• CVE-2026-4441: Use after free in Base
• CVE-2026-4442: Heap buffer overflow in CSS
• CVE-2026-4443: Heap buffer overflow in WebAudio
• CVE-2026-4444: Stack buffer overflow in WebRTC
• CVE-2026-4445: Use after free in WebRTC
• CVE-2026-4446: Use after free in WebRTC
• CVE-2026-4447: Inappropriate implementation in V8
• CVE-2026-4448: Heap buffer overflow in ANGLE
• CVE-2026-4449: Use after free in Blink
• CVE-2026-4450: Out of bounds write in V8
• CVE-2026-4451: Insufficient validation of untrusted input in Navigation
• CVE-2026-4452: Integer overflow in ANGLE
• CVE-2026-4453: Integer overflow in Dawn
• CVE-2026-4454: Use after free in Network
• CVE-2026-4455: Heap buffer overflow in PDFium
• CVE-2026-4456: Use after free in Digital Credentials API
• CVE-2026-4457: Type Confusion in V8
• CVE-2026-4458: Use after free in Extensions
• CVE-2026-4459: Out of bounds read and write in WebAudio
• CVE-2026-4460: Out of bounds read in Skia
• CVE-2026-4461: Inappropriate implementation in V8
• CVE-2026-4462: Out of bounds read in Blink
• CVE-2026-4463: Heap buffer overflow in WebRTC
• CVE-2026-4464: Integer overflow in ANGLE
• CVE-2026-3909: Out of bounds write in Ski
• CVE-2026-3909: Out of bounds write in Skia
• CVE-2026-3910: Inappropriate implementation in V8
• CVE-2026-3913: Heap buffer overflow in WebML
• CVE-2026-3914: Integer overflow in WebML
• CVE-2026-3915: Heap buffer overflow in WebML
• CVE-2026-3916: Out of bounds read in Web Speech
• CVE-2026-3917: Use after free in Agents
• CVE-2026-3909: Out of bounds write in Skia
• CVE-2026-3910: Inappropriate implementation in V8
• CVE-2026-3913: Heap buffer overflow in WebML
• CVE-2026-3914: Integer overflow in WebML
• CVE-2026-3915: Heap buffer overflow in WebML
• CVE-2026-3916: Out of bounds read in Web Speech
• CVE-2026-3917: Use after free in Agents
• CVE-2026-3918: Use after free in WebMCP
• CVE-2026-3919: Use after free in Extensions
• CVE-2026-3920: Out of bounds memory access in WebML
• CVE-2026-3921: Use after free in TextEncoding
• CVE-2026-3922: Use after free in MediaStream
• CVE-2026-3923: Use after free in WebMIDI
• CVE-2026-3924: Use after free in WindowDialog
• CVE-2026-3925: Incorrect security UI in LookalikeChecks
• CVE-2026-3926: Out of bounds read in V8
• CVE-2026-3927: Incorrect security UI in PictureInPicture
• CVE-2026-3928: Insufficient policy enforcement in Extensions
• CVE-2026-3929: Side-channel information leakage in ResourceTiming
• CVE-2026-3930: Unsafe navigation in Navigation
• CVE-2026-3931: Heap buffer overflow in Skia
• CVE-2026-3932: Insufficient policy enforcement in PDF
• CVE-2026-3934: Insufficient policy enforcement in ChromeDriver
• CVE-2026-3935: Incorrect security UI in WebAppInstalls
• CVE-2026-3936: Use after free in WebView
• CVE-2026-3937: Incorrect security UI in Downloads
• CVE-2026-3938: Insufficient policy enforcement in Clipboard
• CVE-2026-3939: Insufficient policy enforcement in PDF
• CVE-2026-3940: Insufficient policy enforcement in DevTools
• CVE-2026-3941: Insufficient policy enforcement in DevTools
• CVE-2026-3942: Incorrect security UI in PictureInPicture

FEDORA-2026-f89e555af4 Packages in this update:

• python-pydicom-3.0.2-1.fc42

Update description:

Patch release for security advisory CVE-2026-32711. A crafted DICOMDIR could create a path traversal by setting ReferencedFileID to a path outside the File-set root.

FEDORA-2026-86867aff2e Packages in this update:

• vim-9.2.272-1.fc44

Update description:

Security fix for CVE-2026-34714

FEDORA-2026-4802a7dbd4 Packages in this update:

• python-biopython-1.87-1.fc44

Update description:

• Release 1.87

FEDORA-2026-2953954ff3 Packages in this update:

• python-biopython-1.87-1.fc43

Update description:

• Release 1.87

FEDORA-2026-a67eba175f Packages in this update:

• cef-146.0.9^chromium146.0.7680.164-1.fc43

Update description:

Update to cef-146.0.9+g3ca6a87 + chromium 146.0.7680.164

• High CVE-2026-4673: Heap buffer overflow in WebAudio
• High CVE-2026-4674: Out of bounds read in CSS
• High CVE-2026-4675: Heap buffer overflow in WebGL
• High CVE-2026-4676: Use after free in Dawn
• High CVE-2026-4677: Out of bounds read in WebAudio
• High CVE-2026-4678: Use after free in WebGPU
• High CVE-2026-4679: Integer overflow in Fonts
• High CVE-2026-4680: Use after free in FedCM
• CVE-2026-4439: Out of bounds memory access in WebGL
• CVE-2026-4440: Out of bounds read and write in WebGL
• CVE-2026-4441: Use after free in Base
• CVE-2026-4442: Heap buffer overflow in CSS
• CVE-2026-4443: Heap buffer overflow in WebAudio
• CVE-2026-4444: Stack buffer overflow in WebRTC
• CVE-2026-4445: Use after free in WebRTC
• CVE-2026-4446: Use after free in WebRTC
• CVE-2026-4447: Inappropriate implementation in V8
• CVE-2026-4448: Heap buffer overflow in ANGLE
• CVE-2026-4449: Use after free in Blink
• CVE-2026-4450: Out of bounds write in V8
• CVE-2026-4451: Insufficient validation of untrusted input in Navigation
• CVE-2026-4452: Integer overflow in ANGLE
• CVE-2026-4453: Integer overflow in Dawn
• CVE-2026-4454: Use after free in Network
• CVE-2026-4455: Heap buffer overflow in PDFium
• CVE-2026-4456: Use after free in Digital Credentials API
• CVE-2026-4457: Type Confusion in V8
• CVE-2026-4458: Use after free in Extensions
• CVE-2026-4459: Out of bounds read and write in WebAudio
• CVE-2026-4460: Out of bounds read in Skia
• CVE-2026-4461: Inappropriate implementation in V8
• CVE-2026-4462: Out of bounds read in Blink
• CVE-2026-4463: Heap buffer overflow in WebRTC
• CVE-2026-4464: Integer overflow in ANGLE
• CVE-2026-3909: Out of bounds write in Ski
• CVE-2026-3909: Out of bounds write in Skia
• CVE-2026-3910: Inappropriate implementation in V8
• CVE-2026-3913: Heap buffer overflow in WebML
• CVE-2026-3914: Integer overflow in WebML
• CVE-2026-3915: Heap buffer overflow in WebML
• CVE-2026-3916: Out of bounds read in Web Speech
• CVE-2026-3917: Use after free in Agents
• CVE-2026-3909: Out of bounds write in Skia
• CVE-2026-3910: Inappropriate implementation in V8
• CVE-2026-3913: Heap buffer overflow in WebML
• CVE-2026-3914: Integer overflow in WebML
• CVE-2026-3915: Heap buffer overflow in WebML
• CVE-2026-3916: Out of bounds read in Web Speech
• CVE-2026-3917: Use after free in Agents
• CVE-2026-3918: Use after free in WebMCP
• CVE-2026-3919: Use after free in Extensions
• CVE-2026-3920: Out of bounds memory access in WebML
• CVE-2026-3921: Use after free in TextEncoding
• CVE-2026-3922: Use after free in MediaStream
• CVE-2026-3923: Use after free in WebMIDI
• CVE-2026-3924: Use after free in WindowDialog
• CVE-2026-3925: Incorrect security UI in LookalikeChecks
• CVE-2026-3926: Out of bounds read in V8
• CVE-2026-3927: Incorrect security UI in PictureInPicture
• CVE-2026-3928: Insufficient policy enforcement in Extensions
• CVE-2026-3929: Side-channel information leakage in ResourceTiming
• CVE-2026-3930: Unsafe navigation in Navigation
• CVE-2026-3931: Heap buffer overflow in Skia
• CVE-2026-3932: Insufficient policy enforcement in PDF
• CVE-2026-3934: Insufficient policy enforcement in ChromeDriver
• CVE-2026-3935: Incorrect security UI in WebAppInstalls
• CVE-2026-3936: Use after free in WebView
• CVE-2026-3937: Incorrect security UI in Downloads
• CVE-2026-3938: Insufficient policy enforcement in Clipboard
• CVE-2026-3939: Insufficient policy enforcement in PDF
• CVE-2026-3940: Insufficient policy enforcement in DevTools
• CVE-2026-3941: Insufficient policy enforcement in DevTools
• CVE-2026-3942: Incorrect security UI in PictureInPicture

FEDORA-2026-1d6da76bba Packages in this update:

• cef-146.0.9^chromium146.0.7680.164-1.fc44

Update description:

Update to cef-146.0.9+g3ca6a87 + chromium 146.0.7680.164

• High CVE-2026-4673: Heap buffer overflow in WebAudio
• High CVE-2026-4674: Out of bounds read in CSS
• High CVE-2026-4675: Heap buffer overflow in WebGL
• High CVE-2026-4676: Use after free in Dawn
• High CVE-2026-4677: Out of bounds read in WebAudio
• High CVE-2026-4678: Use after free in WebGPU
• High CVE-2026-4679: Integer overflow in Fonts
• High CVE-2026-4680: Use after free in FedCM
• CVE-2026-4439: Out of bounds memory access in WebGL
• CVE-2026-4440: Out of bounds read and write in WebGL
• CVE-2026-4441: Use after free in Base
• CVE-2026-4442: Heap buffer overflow in CSS
• CVE-2026-4443: Heap buffer overflow in WebAudio
• CVE-2026-4444: Stack buffer overflow in WebRTC
• CVE-2026-4445: Use after free in WebRTC
• CVE-2026-4446: Use after free in WebRTC
• CVE-2026-4447: Inappropriate implementation in V8
• CVE-2026-4448: Heap buffer overflow in ANGLE
• CVE-2026-4449: Use after free in Blink
• CVE-2026-4450: Out of bounds write in V8
• CVE-2026-4451: Insufficient validation of untrusted input in Navigation
• CVE-2026-4452: Integer overflow in ANGLE
• CVE-2026-4453: Integer overflow in Dawn
• CVE-2026-4454: Use after free in Network
• CVE-2026-4455: Heap buffer overflow in PDFium
• CVE-2026-4456: Use after free in Digital Credentials API
• CVE-2026-4457: Type Confusion in V8
• CVE-2026-4458: Use after free in Extensions
• CVE-2026-4459: Out of bounds read and write in WebAudio
• CVE-2026-4460: Out of bounds read in Skia
• CVE-2026-4461: Inappropriate implementation in V8
• CVE-2026-4462: Out of bounds read in Blink
• CVE-2026-4463: Heap buffer overflow in WebRTC
• CVE-2026-4464: Integer overflow in ANGLE
• CVE-2026-3909: Out of bounds write in Ski
• CVE-2026-3909: Out of bounds write in Skia
• CVE-2026-3910: Inappropriate implementation in V8
• CVE-2026-3913: Heap buffer overflow in WebML
• CVE-2026-3914: Integer overflow in WebML
• CVE-2026-3915: Heap buffer overflow in WebML
• CVE-2026-3916: Out of bounds read in Web Speech
• CVE-2026-3917: Use after free in Agents
• CVE-2026-3909: Out of bounds write in Skia
• CVE-2026-3910: Inappropriate implementation in V8
• CVE-2026-3913: Heap buffer overflow in WebML
• CVE-2026-3914: Integer overflow in WebML
• CVE-2026-3915: Heap buffer overflow in WebML
• CVE-2026-3916: Out of bounds read in Web Speech
• CVE-2026-3917: Use after free in Agents
• CVE-2026-3918: Use after free in WebMCP
• CVE-2026-3919: Use after free in Extensions
• CVE-2026-3920: Out of bounds memory access in WebML
• CVE-2026-3921: Use after free in TextEncoding
• CVE-2026-3922: Use after free in MediaStream
• CVE-2026-3923: Use after free in WebMIDI
• CVE-2026-3924: Use after free in WindowDialog
• CVE-2026-3925: Incorrect security UI in LookalikeChecks
• CVE-2026-3926: Out of bounds read in V8
• CVE-2026-3927: Incorrect security UI in PictureInPicture
• CVE-2026-3928: Insufficient policy enforcement in Extensions
• CVE-2026-3929: Side-channel information leakage in ResourceTiming
• CVE-2026-3930: Unsafe navigation in Navigation
• CVE-2026-3931: Heap buffer overflow in Skia
• CVE-2026-3932: Insufficient policy enforcement in PDF
• CVE-2026-3934: Insufficient policy enforcement in ChromeDriver
• CVE-2026-3935: Incorrect security UI in WebAppInstalls
• CVE-2026-3936: Use after free in WebView
• CVE-2026-3937: Incorrect security UI in Downloads
• CVE-2026-3938: Insufficient policy enforcement in Clipboard
• CVE-2026-3939: Insufficient policy enforcement in PDF
• CVE-2026-3940: Insufficient policy enforcement in DevTools
• CVE-2026-3941: Insufficient policy enforcement in DevTools
• CVE-2026-3942: Incorrect security UI in PictureInPicture

It was discovered that Dovecot incorrectly handled invalid base64 SASL data. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 25.10. (CVE-2025-59028) It was discovered that Dovecot script decode2text.sh incorrectly handled zip files. An attacker could possibly use this issue to obtain sensitive information. (CVE-2025-59031) It was discovered that Dovecot incorrectly handled certain AUTHENTICATE requests. An attacker could possibly use this issue to cause a denial of service. (CVE-2025-59032) It was discovered that Dovecot incorrectly handled certain SQL based authentication. An attacker could possibly use this issue to bypass authentication. This issue only affected Ubuntu 25.10. (CVE-2026-24031) It was discovered that Dovecot incorrectly handled certain LDAP based authentication. An attacker could possibly use this issue to bypass restrictions and allow probing of LDAP structure. This issue only affected Ubuntu 25.10. (CVE-2026-27860) It was discovered that Dovecot is vulnerable to replay attack under certain conditions. An attacker could possibly use this issue to bypass authentication. (CVE-2026-27855) It was discovered that Dovecot is vulnerable to a timing attack under certain conditions. An attacker could possibly use this issue to bypass authentication. (CVE-2026-27856) It was discovered that Dovecot incorrectly handled certain IMAP login requests. An attacker could possibly use this issue to cause a denial of service. (CVE-2026-27857) It was discovered that Dovecot incorrectly handled certain specially crafted messages. An attacker could possibly use this issue to cause a denial of service. (CVE-2026-27858) It was discovered that Dovecot incorrectly handled certain specially crafted mail messages. An attacker could possibly use this issue to cause a denial of service. (CVE-2026-27859) It was discovered that Dovecot incorrectly handles file paths. A attacker could possibly use this issue to perform a path traversal and obtain or modify arbitrary files. This issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2026-0394)

FEDORA-2026-58dd426edd Packages in this update:

• perl-5.40.4-520.fc42
• perl-Devel-Cover-1.44-7.fc42
• perl-PAR-Packer-1.064-3.fc42
• polymake-4.15-3.fc42

Update description:

Update for Perl 5.40.4

FEDORA-2026-a9e11de877 Packages in this update:

• libcgif-0.5.2-2.fc44

Update description:

fix potential undefined behavior in cgif_addframe CVE-2026-4985

FEDORA-2026-a526fda5ec Packages in this update:

• libcgif-0.5.2-2.fc43

Update description:

fix potential undefined behavior in cgif_addframe CVE-2026-4985