Fedora Security Advisories

FEDORA-2026-885a3f8c70 Packages in this update:

• chromium-148.0.7778.167-1.fc44

Update description:

Update to 148.0.7778.167

• CVE-2026-8509: Heap buffer overflow in WebML
• CVE-2026-8510: Integer overflow in Skia
• CVE-2026-8511: Use after free in UI
• CVE-2026-8512: Use after free in FileSystem
• CVE-2026-8513: Use after free in Input
• CVE-2026-8514: Use after free in Aura
• CVE-2026-8515: Use after free in HID
• CVE-2026-8516: Insufficient validation of untrusted input in DataTransfer
• CVE-2026-8517: Object lifecycle issue in WebShare
• CVE-2026-8518: Use after free in Blink
• CVE-2026-8519: Integer overflow in ANGLE
• CVE-2026-8520: Race in Payments
• CVE-2026-8521: Use after free in Tab Groups
• CVE-2026-8522: Use after free in Downloads
• CVE-2026-8523: Use after free in Mojo
• CVE-2026-8558: Out of bounds write in Fonts
• CVE-2026-8524: Out of bounds write in WebAudio
• CVE-2026-8525: Heap buffer overflow in ANGLE
• CVE-2026-8526: Out of bounds write in WebRTC
• CVE-2026-8527: Insufficient validation of untrusted input in Downloads
• CVE-2026-8528: Insufficient validation of untrusted input in SiteIsolation
• CVE-2026-8529: Heap buffer overflow in Codecs
• CVE-2026-8530: Use after free in Network
• CVE-2026-8531: Heap buffer overflow in WebML
• CVE-2026-8532: Integer overflow in XML
• CVE-2026-8533: Use after free in Accessibility
• CVE-2026-8534: Integer overflow in GPU
• CVE-2026-8535: Out of bounds read in Media
• CVE-2026-8536: Insufficient validation of untrusted input in ReadingMode
• CVE-2026-8537: Insufficient policy enforcement in ViewTransitions
• CVE-2026-8538: Insufficient validation of untrusted input in GPU
• CVE-2026-8539: Script injection in SanitizerAPI
• CVE-2026-8540: Type Confusion in V8
• CVE-2026-8541: Out of bounds read in UI
• CVE-2026-8542: Use after free in Core
• CVE-2026-8543: Out of bounds read in FileSystem
• CVE-2026-8544: Use after free in Media
• CVE-2026-8545: Object corruption in Compositing
• CVE-2026-8546: Out of bounds read in GPU
• CVE-2026-8547: Insufficient policy enforcement in Passwords
• CVE-2026-8548: Out of bounds write in Media
• CVE-2026-8549: Use after free in Media
• CVE-2026-8550: Use after free in Google Lens
• CVE-2026-8551: Use after free in Downloads
• CVE-2026-8552: Heap buffer overflow in GPU
• CVE-2026-8553: Use after free in GPU
• CVE-2026-8554: Type Confusion in ANGLE
• CVE-2026-8555: Use after free in GTK
• CVE-2026-8556: Inappropriate implementation in ANGLE
• CVE-2026-8557: Use after free in Accessibility
• CVE-2026-8559: Integer overflow in Internationalization
• CVE-2026-8560: Heap buffer overflow in SwiftShader
• CVE-2026-8561: Incorrect security UI in Fullscreen
• CVE-2026-8562: Side-channel information leakage in Navigation
• CVE-2026-8563: Insufficient policy enforcement in IFrame Sandbox
• CVE-2026-8564: Incorrect security UI in Downloads
• CVE-2026-8565: Inappropriate implementation in Downloads
• CVE-2026-8566: Insufficient policy enforcement in Payments
• CVE-2026-8567: Integer overflow in ANGLE
• CVE-2026-8568: Insufficient policy enforcement in AI
• CVE-2026-8569: Out of bounds write in Codecs
• CVE-2026-8570: Type Confusion in V8
• CVE-2026-8571: Insufficient policy enforcement in GPU
• CVE-2026-8572: Insufficient policy enforcement in Network
• CVE-2026-8573: Integer overflow in Codecs
• CVE-2026-8574: Use after free in Core
• CVE-2026-8575: Use after free in UI
• CVE-2026-8576: Inappropriate implementation in CORS
• CVE-2026-8577: Integer overflow in Fonts
• CVE-2026-8578: Out of bounds read in GPU
• CVE-2026-8579: Insufficient validation of untrusted input in Skia
• CVE-2026-8580: Use after free in Mojo
• CVE-2026-8581: Use after free in GPU
• CVE-2026-8582: Object lifecycle issue in Dawn
• CVE-2026-8583: Insufficient policy enforcement in WebXR
• CVE-2026-8584: Inappropriate implementation in Views
• CVE-2026-8585: Inappropriate implementation in Media
• CVE-2026-8586: Inappropriate implementation in Chromoting
• CVE-2026-8587: Use after free in Extensions

FEDORA-2026-f8c2552de7 Packages in this update:

• chromium-148.0.7778.167-1.fc43

Update description:

Update to 148.0.7778.167

• CVE-2026-8509: Heap buffer overflow in WebML
• CVE-2026-8510: Integer overflow in Skia
• CVE-2026-8511: Use after free in UI
• CVE-2026-8512: Use after free in FileSystem
• CVE-2026-8513: Use after free in Input
• CVE-2026-8514: Use after free in Aura
• CVE-2026-8515: Use after free in HID
• CVE-2026-8516: Insufficient validation of untrusted input in DataTransfer
• CVE-2026-8517: Object lifecycle issue in WebShare
• CVE-2026-8518: Use after free in Blink
• CVE-2026-8519: Integer overflow in ANGLE
• CVE-2026-8520: Race in Payments
• CVE-2026-8521: Use after free in Tab Groups
• CVE-2026-8522: Use after free in Downloads
• CVE-2026-8523: Use after free in Mojo
• CVE-2026-8558: Out of bounds write in Fonts
• CVE-2026-8524: Out of bounds write in WebAudio
• CVE-2026-8525: Heap buffer overflow in ANGLE
• CVE-2026-8526: Out of bounds write in WebRTC
• CVE-2026-8527: Insufficient validation of untrusted input in Downloads
• CVE-2026-8528: Insufficient validation of untrusted input in SiteIsolation
• CVE-2026-8529: Heap buffer overflow in Codecs
• CVE-2026-8530: Use after free in Network
• CVE-2026-8531: Heap buffer overflow in WebML
• CVE-2026-8532: Integer overflow in XML
• CVE-2026-8533: Use after free in Accessibility
• CVE-2026-8534: Integer overflow in GPU
• CVE-2026-8535: Out of bounds read in Media
• CVE-2026-8536: Insufficient validation of untrusted input in ReadingMode
• CVE-2026-8537: Insufficient policy enforcement in ViewTransitions
• CVE-2026-8538: Insufficient validation of untrusted input in GPU
• CVE-2026-8539: Script injection in SanitizerAPI
• CVE-2026-8540: Type Confusion in V8
• CVE-2026-8541: Out of bounds read in UI
• CVE-2026-8542: Use after free in Core
• CVE-2026-8543: Out of bounds read in FileSystem
• CVE-2026-8544: Use after free in Media
• CVE-2026-8545: Object corruption in Compositing
• CVE-2026-8546: Out of bounds read in GPU
• CVE-2026-8547: Insufficient policy enforcement in Passwords
• CVE-2026-8548: Out of bounds write in Media
• CVE-2026-8549: Use after free in Media
• CVE-2026-8550: Use after free in Google Lens
• CVE-2026-8551: Use after free in Downloads
• CVE-2026-8552: Heap buffer overflow in GPU
• CVE-2026-8553: Use after free in GPU
• CVE-2026-8554: Type Confusion in ANGLE
• CVE-2026-8555: Use after free in GTK
• CVE-2026-8556: Inappropriate implementation in ANGLE
• CVE-2026-8557: Use after free in Accessibility
• CVE-2026-8559: Integer overflow in Internationalization
• CVE-2026-8560: Heap buffer overflow in SwiftShader
• CVE-2026-8561: Incorrect security UI in Fullscreen
• CVE-2026-8562: Side-channel information leakage in Navigation
• CVE-2026-8563: Insufficient policy enforcement in IFrame Sandbox
• CVE-2026-8564: Incorrect security UI in Downloads
• CVE-2026-8565: Inappropriate implementation in Downloads
• CVE-2026-8566: Insufficient policy enforcement in Payments
• CVE-2026-8567: Integer overflow in ANGLE
• CVE-2026-8568: Insufficient policy enforcement in AI
• CVE-2026-8569: Out of bounds write in Codecs
• CVE-2026-8570: Type Confusion in V8
• CVE-2026-8571: Insufficient policy enforcement in GPU
• CVE-2026-8572: Insufficient policy enforcement in Network
• CVE-2026-8573: Integer overflow in Codecs
• CVE-2026-8574: Use after free in Core
• CVE-2026-8575: Use after free in UI
• CVE-2026-8576: Inappropriate implementation in CORS
• CVE-2026-8577: Integer overflow in Fonts
• CVE-2026-8578: Out of bounds read in GPU
• CVE-2026-8579: Insufficient validation of untrusted input in Skia
• CVE-2026-8580: Use after free in Mojo
• CVE-2026-8581: Use after free in GPU
• CVE-2026-8582: Object lifecycle issue in Dawn
• CVE-2026-8583: Insufficient policy enforcement in WebXR
• CVE-2026-8584: Inappropriate implementation in Views
• CVE-2026-8585: Inappropriate implementation in Media
• CVE-2026-8586: Inappropriate implementation in Chromoting
• CVE-2026-8587: Use after free in Extensions

FEDORA-2026-6d848132ee Packages in this update:

• chromium-148.0.7778.167-1.fc42

Update description:

Update to 148.0.7778.167

• CVE-2026-8509: Heap buffer overflow in WebML
• CVE-2026-8510: Integer overflow in Skia
• CVE-2026-8511: Use after free in UI
• CVE-2026-8512: Use after free in FileSystem
• CVE-2026-8513: Use after free in Input
• CVE-2026-8514: Use after free in Aura
• CVE-2026-8515: Use after free in HID
• CVE-2026-8516: Insufficient validation of untrusted input in DataTransfer
• CVE-2026-8517: Object lifecycle issue in WebShare
• CVE-2026-8518: Use after free in Blink
• CVE-2026-8519: Integer overflow in ANGLE
• CVE-2026-8520: Race in Payments
• CVE-2026-8521: Use after free in Tab Groups
• CVE-2026-8522: Use after free in Downloads
• CVE-2026-8523: Use after free in Mojo
• CVE-2026-8558: Out of bounds write in Fonts
• CVE-2026-8524: Out of bounds write in WebAudio
• CVE-2026-8525: Heap buffer overflow in ANGLE
• CVE-2026-8526: Out of bounds write in WebRTC
• CVE-2026-8527: Insufficient validation of untrusted input in Downloads
• CVE-2026-8528: Insufficient validation of untrusted input in SiteIsolation
• CVE-2026-8529: Heap buffer overflow in Codecs
• CVE-2026-8530: Use after free in Network
• CVE-2026-8531: Heap buffer overflow in WebML
• CVE-2026-8532: Integer overflow in XML
• CVE-2026-8533: Use after free in Accessibility
• CVE-2026-8534: Integer overflow in GPU
• CVE-2026-8535: Out of bounds read in Media
• CVE-2026-8536: Insufficient validation of untrusted input in ReadingMode
• CVE-2026-8537: Insufficient policy enforcement in ViewTransitions
• CVE-2026-8538: Insufficient validation of untrusted input in GPU
• CVE-2026-8539: Script injection in SanitizerAPI
• CVE-2026-8540: Type Confusion in V8
• CVE-2026-8541: Out of bounds read in UI
• CVE-2026-8542: Use after free in Core
• CVE-2026-8543: Out of bounds read in FileSystem
• CVE-2026-8544: Use after free in Media
• CVE-2026-8545: Object corruption in Compositing
• CVE-2026-8546: Out of bounds read in GPU
• CVE-2026-8547: Insufficient policy enforcement in Passwords
• CVE-2026-8548: Out of bounds write in Media
• CVE-2026-8549: Use after free in Media
• CVE-2026-8550: Use after free in Google Lens
• CVE-2026-8551: Use after free in Downloads
• CVE-2026-8552: Heap buffer overflow in GPU
• CVE-2026-8553: Use after free in GPU
• CVE-2026-8554: Type Confusion in ANGLE
• CVE-2026-8555: Use after free in GTK
• CVE-2026-8556: Inappropriate implementation in ANGLE
• CVE-2026-8557: Use after free in Accessibility
• CVE-2026-8559: Integer overflow in Internationalization
• CVE-2026-8560: Heap buffer overflow in SwiftShader
• CVE-2026-8561: Incorrect security UI in Fullscreen
• CVE-2026-8562: Side-channel information leakage in Navigation
• CVE-2026-8563: Insufficient policy enforcement in IFrame Sandbox
• CVE-2026-8564: Incorrect security UI in Downloads
• CVE-2026-8565: Inappropriate implementation in Downloads
• CVE-2026-8566: Insufficient policy enforcement in Payments
• CVE-2026-8567: Integer overflow in ANGLE
• CVE-2026-8568: Insufficient policy enforcement in AI
• CVE-2026-8569: Out of bounds write in Codecs
• CVE-2026-8570: Type Confusion in V8
• CVE-2026-8571: Insufficient policy enforcement in GPU
• CVE-2026-8572: Insufficient policy enforcement in Network
• CVE-2026-8573: Integer overflow in Codecs
• CVE-2026-8574: Use after free in Core
• CVE-2026-8575: Use after free in UI
• CVE-2026-8576: Inappropriate implementation in CORS
• CVE-2026-8577: Integer overflow in Fonts
• CVE-2026-8578: Out of bounds read in GPU
• CVE-2026-8579: Insufficient validation of untrusted input in Skia
• CVE-2026-8580: Use after free in Mojo
• CVE-2026-8581: Use after free in GPU
• CVE-2026-8582: Object lifecycle issue in Dawn
• CVE-2026-8583: Insufficient policy enforcement in WebXR
• CVE-2026-8584: Inappropriate implementation in Views
• CVE-2026-8585: Inappropriate implementation in Media
• CVE-2026-8586: Inappropriate implementation in Chromoting
• CVE-2026-8587: Use after free in Extensions

FEDORA-2026-53196fc291 Packages in this update:

• haproxy-3.0.23-1.fc44

Update description:

Upgrade to 3.0.23 (see https://www.haproxy.org/download/3.0/src/CHANGELOG for full upstream changelog)

FEDORA-2026-d790d66a08 Packages in this update:

• haproxy-3.0.23-1.fc42

Update description:

Upgrade to 3.0.23 (see https://www.haproxy.org/download/3.0/src/CHANGELOG for full upstream changelog)

FEDORA-2026-164a1e3151 Packages in this update:

• haproxy-3.0.23-1.fc43

Update description:

Upgrade to 3.0.23 (see https://www.haproxy.org/download/3.0/src/CHANGELOG for full upstream changelog)

FEDORA-2026-6dde06a6e9 Packages in this update:

• python-urllib3-2.7.0-2.fc43

Update description:

Update to 2.7.0 (rhbz#2467787)

FEDORA-2026-48989df336 Packages in this update:

• python-urllib3-2.7.0-1.fc44

Update description:

Update to 2.7.0 (rhbz#2467787)

FEDORA-2026-8b4a8d18d2 Packages in this update:

• kernel-6.19.14-104.fc42

Update description:

The 6.19.14-104 kernel update contains a fix for the keysign-pwn vulnerability CVE-2026-46333 as well as a mitigation for one more code path of fragnesia.

The 6.19.14-103 build contains an additional fix for the GRO path with fragnesia.

FEDORA-2026-2aeb7d033a Packages in this update:

• kernel-7.0.8-200.fc44

Update description:

The 7.0.8 stable kernel update contains a fix for the keysign-pwn vulnerability CVE-2026-46333 as well as a mitigation for one more code path of fragnesia.

FEDORA-2026-03be3dc34b Packages in this update:

• kernel-7.0.8-100.fc43

Update description:

The 7.0.8 stable kernel update contains a fix for the keysign-pwn vulnerability CVE-2026-46333 as well as a mitigation for one more code path of fragnesia.

FEDORA-2026-13e7efe33e Packages in this update:

• docker-compose-5.1.3-1.fc42

Update description:

• Update to release v5.1.3
• Resolves rhbz#2458697
• Resolves CVE-2026-33747: rhbz#2452188, rhbz#2452199
• Resolves CVE-2026-33748: rhbz#2453089
• Upstream fixes

FEDORA-2026-4a5f6691bf Packages in this update:

• docker-compose-5.1.3-1.fc43

Update description:

• Update to release v5.1.3
• Resolves rhbz#2458697
• Resolves CVE-2026-33747: rhbz#2452188, rhbz#2452199
• Resolves CVE-2026-33748: rhbz#2453089
• Upstream fixes

FEDORA-2026-9431982208 Packages in this update:

• kernel-6.19.14-103.fc42

Update description:

The 6.19.14-103 build contains an additional fix for the GRO path with fragnesia.

FEDORA-2026-223f4839fc Packages in this update:

• dotnet8.0-8.0.127-1.fc44

Update description:

Update to .NET SDK 8.0.127 and Runtime 8.0.27

Fixes: CVE-2026-32175,CVE-2026-32177,CVE-2026-35433,CVE-2026-42899

Release Notes:

• SDK: https://github.com/dotnet/core/blob/main/release-notes/8.0/8.0.27/8.0.127.md
• Runtime: https://github.com/dotnet/core/blob/main/release-notes/8.0/8.0.27/8.0.27.md

FEDORA-2026-3e509b1444 Packages in this update:

• dotnet8.0-8.0.127-1.fc43

Update description:

Update to .NET SDK 8.0.127 and Runtime 8.0.27

Fixes: CVE-2026-32175,CVE-2026-32177,CVE-2026-35433,CVE-2026-42899

Release Notes:

• SDK: https://github.com/dotnet/core/blob/main/release-notes/8.0/8.0.27/8.0.127.md
• Runtime: https://github.com/dotnet/core/blob/main/release-notes/8.0/8.0.27/8.0.27.md

FEDORA-2026-b1a2f623e7 Packages in this update:

• dotnet8.0-8.0.127-1.fc42

Update description:

Update to .NET SDK 8.0.127 and Runtime 8.0.27

Fixes: CVE-2026-32175,CVE-2026-32177,CVE-2026-35433,CVE-2026-42899

Release Notes:

• SDK: https://github.com/dotnet/core/blob/main/release-notes/8.0/8.0.27/8.0.127.md
• Runtime: https://github.com/dotnet/core/blob/main/release-notes/8.0/8.0.27/8.0.27.md

FEDORA-2026-645ac72ff4 Packages in this update:

• docker-compose-5.1.3-1.fc44

Update description:

• Update to release v5.1.3
• Resolves rhbz#2458697
• Resolves CVE-2026-33747: rhbz#2452188, rhbz#2452199
• Resolves CVE-2026-33748: rhbz#2453089
• Upstream fixes

FEDORA-2026-5e5a0f9621 Packages in this update:

• kernel-7.0.7-100.fc43

Update description:

The 7.0.7 stable kernel update contains a number of important fixes across the tree. It also patches up a vulnerable codepath for fragnesia that was not in the original patches for 7.0.6

FEDORA-2026-f5bc7ff320 Packages in this update:

• docker-compose-5.1.3-1.fc45

Update description:

Automatic update for docker-compose-5.1.3-1.fc45.

Changelog * Wed Apr 15 2026 Bradley G Smith <bradley.g.smith@gmail.com> - 5.1.3-1 - Update to release v5.1.3 - Resolves rhbz#2458697 - Resolves CVE-2026-33747: rhbz#2452188, rhbz#2452199 - Resolves CVE-2026-33748: rhbz#2453089 - Upstream fixes