Fedora Security Advisories

erlang-26.2.5.21-4.fc43

3 hours 19 minutes ago
FEDORA-2026-965be97ac0 Packages in this update:
  • erlang-26.2.5.21-4.fc43
Update description:

Backport fixes for CVE-2026-48858 (ftp SSRF), CVE-2026-49759 (SCTP DoS), CVE-2026-48860 (dist-over-TLS auth bypass), CVE-2026-54886 (ssh SFTP DoS), CVE-2026-54891 (TLS handshake data injection), and CVE-2026-55952 (TLS 1.3 session ticket DoS). These are fixed upstream in OTP 27.x (rawhide/f45); backported here to the OTP 26.x line.

erlang-26.2.5.21-4.fc44

3 hours 19 minutes ago
FEDORA-2026-dcf80dc1ff Packages in this update:
  • erlang-26.2.5.21-4.fc44
Update description:

Backport fixes for CVE-2026-48858 (ftp SSRF), CVE-2026-49759 (SCTP DoS), CVE-2026-48860 (dist-over-TLS auth bypass), CVE-2026-54886 (ssh SFTP DoS), CVE-2026-54891 (TLS handshake data injection), and CVE-2026-55952 (TLS 1.3 session ticket DoS). These are fixed upstream in OTP 27.x (rawhide/f45); backported here to the OTP 26.x line.

c-ares-1.34.8-1.fc43

5 hours 11 minutes ago
FEDORA-2026-d70d93fcd7 Packages in this update:
  • c-ares-1.34.8-1.fc43
Update description:

1.34.7 accidentally broke the API compatibility, this is fixed in 1.34.8.

  • update to 1.34.7
  • fixes CVE-2026-33630 (GHSA-6wfj-rwm7-3542) and GHSA-pjmc-gx33-gc76 and GHSA-jv8r-gqr9-68wj

p11-kit-0.26.4-1.fc43

6 hours 40 minutes ago
FEDORA-2026-566791181a Packages in this update:
  • p11-kit-0.26.4-1.fc43
Update description:
  • server: fixed stack exhaustion via unbounded recursion in RPC attribute parsing by enforcing a recursion depth limit (CVE-2026-13757)
  • fixed confusing error message when trying to store an existing cert with trust anchor
  • fixed assert when parsing p11-kit files with value (")
  • fixed numerous memory management issues
  • Build and test fixes
  • Updated translations

p11-kit-0.26.4-1.fc44

6 hours 41 minutes ago
FEDORA-2026-695fd36daa Packages in this update:
  • p11-kit-0.26.4-1.fc44
Update description:
  • server: fixed stack exhaustion via unbounded recursion in RPC attribute parsing by enforcing a recursion depth limit (CVE-2026-13757)
  • fixed confusing error message when trying to store an existing cert with trust anchor
  • fixed assert when parsing p11-kit files with value (")
  • fixed numerous memory management issues
  • Build and test fixes
  • Updated translations

webkitgtk-2.52.5-1.fc44

7 hours 34 minutes ago
FEDORA-2026-3bc4b3ccb3 Packages in this update:
  • webkitgtk-2.52.5-1.fc44
Update description:
  • Fire scrollend event for instant programmatic scrolls.
  • Increase network idle connection timeout to 115 seconds.
  • Fix several crashes and rendering issues.
  • Fix CVE-2024-4367, CVE-2026-39872, CVE-2026-43663, CVE-2026-43676, CVE-2026-43699, CVE-2026-43701, CVE-2026-43705, CVE-2026-43707, CVE-2026-43712, CVE-2026-43713, CVE-2026-43715, CVE-2026-43716, CVE-2026-43720, CVE-2026-43721, CVE-2026-43725, CVE-2026-43726, CVE-2026-43727, CVE-2026-43731, CVE-2026-43732, CVE-2026-43734, CVE-2026-43740, CVE-2026-43742, CVE-2026-43745

webkitgtk-2.52.5-1.fc43

7 hours 34 minutes ago
FEDORA-2026-ec8e535c6e Packages in this update:
  • webkitgtk-2.52.5-1.fc43
Update description:
  • Fire scrollend event for instant programmatic scrolls.
  • Increase network idle connection timeout to 115 seconds.
  • Fix several crashes and rendering issues.
  • Fix CVE-2024-4367, CVE-2026-39872, CVE-2026-43663, CVE-2026-43676, CVE-2026-43699, CVE-2026-43701, CVE-2026-43705, CVE-2026-43707, CVE-2026-43712, CVE-2026-43713, CVE-2026-43715, CVE-2026-43716, CVE-2026-43720, CVE-2026-43721, CVE-2026-43725, CVE-2026-43726, CVE-2026-43727, CVE-2026-43731, CVE-2026-43732, CVE-2026-43734, CVE-2026-43740, CVE-2026-43742, CVE-2026-43745

sssd-2.13.1-3.fc45

9 hours 15 minutes ago
FEDORA-2026-8fad0036a5 Packages in this update:
  • sssd-2.13.1-3.fc45
Update description:

Automatic update for sssd-2.13.1-3.fc45.

Changelog * Wed Jul 8 2026 Sumit Bose <sbose@redhat.com> - 2.13.1-3 - CVE fixes: CVE-2026-12610 CVE-2026-14474 CVE-2026-14476 - rhbz#2494777: CVE-2026-12610 sssd: Use-after-free crash in SSSD' 'sssd_pam' process - rhbz#2497650: CVE-2026-14476 sssd: sssd: GPO cache path traversal via unsanitized gPCFileSysPath allows Kerberos authentication bypass - rhbz#2497651: CVE-2026-14474 sssd: sssd: sudo LDAP provider searches entire directory tree for sudoRole objects by default, enabling privilege escalation

python-idna-3.18-1.fc44

10 hours 15 minutes ago
FEDORA-2026-822c07add4 Packages in this update:
  • python-idna-3.18-1.fc44
Update description:

Update to the latest version to bring fixes for CVE-2026-45409 and CVE-2024-3651 into the stable releases.

python-idna-3.18-1.fc43

10 hours 15 minutes ago
FEDORA-2026-6215e65f6c Packages in this update:
  • python-idna-3.18-1.fc43
Update description:

Update to the latest version to bring fixes for CVE-2026-45409 and CVE-2024-3651 into the stable releases.

chromium-150.0.7871.114-1.el10_2

12 hours 5 minutes ago
FEDORA-EPEL-2026-4f9779f295 Packages in this update:
  • chromium-150.0.7871.114-1.el10_2
Update description:

Update to 150.0.7871.114

* CVE-2026-15112: Use after free in Ozone * CVE-2026-15129: Use after free in Views * CVE-2026-15132: Uninitialized Use in V8 * CVE-2026-15133: Use after free in InterestGroups * CVE-2026-15108: Integer overflow in Extensions API * CVE-2026-15109: Uninitialized Use in ANGLE * CVE-2026-15110: Use after free in Extensions * CVE-2026-15111: Use after free in Views * CVE-2026-15113: Use after free in Autofill * CVE-2026-15114: Out of bounds read and write in Codecs * CVE-2026-15115: Insufficient validation of untrusted input in WebAppInstalls * CVE-2026-15116: Use after free in Actor * CVE-2026-15117: Use after free in Payments * CVE-2026-15118: Use after free in Input * CVE-2026-15119: Inappropriate implementation in GetUserMedia * CVE-2026-15120: Use after free in Core * CVE-2026-15121: Use after free in WebRTC * CVE-2026-15122: Insufficient validation of untrusted input in Codecs * CVE-2026-15123: Insufficient data validation in DOM * CVE-2026-15124: Insufficient policy enforcement in Passwords * CVE-2026-15125: Inappropriate implementation in Forms * CVE-2026-15126: Use after free in Forms * CVE-2026-15127: Inappropriate implementation in WebGL * CVE-2026-15128: Inappropriate implementation in Forms * CVE-2026-15130: Insufficient policy enforcement in Navigation * CVE-2026-15107: Use after free in IndexedDB * CVE-2026-15131: Insufficient data validation in Navigation

chromium-150.0.7871.114-1.fc44

12 hours 5 minutes ago
FEDORA-2026-7e82bf89f4 Packages in this update:
  • chromium-150.0.7871.114-1.fc44
Update description:

Update to 150.0.7871.114

* CVE-2026-15112: Use after free in Ozone * CVE-2026-15129: Use after free in Views * CVE-2026-15132: Uninitialized Use in V8 * CVE-2026-15133: Use after free in InterestGroups * CVE-2026-15108: Integer overflow in Extensions API * CVE-2026-15109: Uninitialized Use in ANGLE * CVE-2026-15110: Use after free in Extensions * CVE-2026-15111: Use after free in Views * CVE-2026-15113: Use after free in Autofill * CVE-2026-15114: Out of bounds read and write in Codecs * CVE-2026-15115: Insufficient validation of untrusted input in WebAppInstalls * CVE-2026-15116: Use after free in Actor * CVE-2026-15117: Use after free in Payments * CVE-2026-15118: Use after free in Input * CVE-2026-15119: Inappropriate implementation in GetUserMedia * CVE-2026-15120: Use after free in Core * CVE-2026-15121: Use after free in WebRTC * CVE-2026-15122: Insufficient validation of untrusted input in Codecs * CVE-2026-15123: Insufficient data validation in DOM * CVE-2026-15124: Insufficient policy enforcement in Passwords * CVE-2026-15125: Inappropriate implementation in Forms * CVE-2026-15126: Use after free in Forms * CVE-2026-15127: Inappropriate implementation in WebGL * CVE-2026-15128: Inappropriate implementation in Forms * CVE-2026-15130: Insufficient policy enforcement in Navigation * CVE-2026-15107: Use after free in IndexedDB * CVE-2026-15131: Insufficient data validation in Navigation
Checked
27 minutes 14 seconds ago