Fedora Security Advisories

chromium-146.0.7680.71-1.el10_1

Fedora Security Advisories
5 hours 17 minutes ago
FEDORA-EPEL-2026-9209f91f93 Packages in this update:
  • chromium-146.0.7680.71-1.el10_1
Update description:

Update to 146.0.7680.71

  • CVE-2026-3913: Heap buffer overflow in WebML
  • CVE-2026-3914: Integer overflow in WebML
  • CVE-2026-3915: Heap buffer overflow in WebML
  • CVE-2026-3916: Out of bounds read in Web Speech
  • CVE-2026-3917: Use after free in Agents
  • CVE-2026-3918: Use after free in WebMCP
  • CVE-2026-3919: Use after free in Extensions
  • CVE-2026-3920: Out of bounds memory access in WebML
  • CVE-2026-3921: Use after free in TextEncoding
  • CVE-2026-3922: Use after free in MediaStream
  • CVE-2026-3923: Use after free in WebMIDI
  • CVE-2026-3924: Use after free in WindowDialog
  • CVE-2026-3925: Incorrect security UI in LookalikeChecks
  • CVE-2026-3926: Out of bounds read in V8
  • CVE-2026-3927: Incorrect security UI in PictureInPicture
  • CVE-2026-3928: Insufficient policy enforcement in Extensions
  • CVE-2026-3929: Side-channel information leakage in ResourceTiming
  • CVE-2026-3930: Unsafe navigation in Navigation
  • CVE-2026-3931: Heap buffer overflow in Skia
  • CVE-2026-3932: Insufficient policy enforcement in PDF
  • CVE-2026-3934: Insufficient policy enforcement in ChromeDriver
  • CVE-2026-3935: Incorrect security UI in WebAppInstalls
  • CVE-2026-3936: Use after free in WebView
  • CVE-2026-3937: Incorrect security UI in Downloads
  • CVE-2026-3938: Insufficient policy enforcement in Clipboard
  • CVE-2026-3939: Insufficient policy enforcement in PDF
  • CVE-2026-3940: Insufficient policy enforcement in DevTools
  • CVE-2026-3941: Insufficient policy enforcement in DevTools
  • CVE-2026-3942: Incorrect security UI in PictureInPicture

chromium-146.0.7680.71-1.fc42

Fedora Security Advisories
5 hours 17 minutes ago
FEDORA-2026-e71e71d1fe Packages in this update:
  • chromium-146.0.7680.71-1.fc42
Update description:

Update to 146.0.7680.71

  • CVE-2026-3913: Heap buffer overflow in WebML
  • CVE-2026-3914: Integer overflow in WebML
  • CVE-2026-3915: Heap buffer overflow in WebML
  • CVE-2026-3916: Out of bounds read in Web Speech
  • CVE-2026-3917: Use after free in Agents
  • CVE-2026-3918: Use after free in WebMCP
  • CVE-2026-3919: Use after free in Extensions
  • CVE-2026-3920: Out of bounds memory access in WebML
  • CVE-2026-3921: Use after free in TextEncoding
  • CVE-2026-3922: Use after free in MediaStream
  • CVE-2026-3923: Use after free in WebMIDI
  • CVE-2026-3924: Use after free in WindowDialog
  • CVE-2026-3925: Incorrect security UI in LookalikeChecks
  • CVE-2026-3926: Out of bounds read in V8
  • CVE-2026-3927: Incorrect security UI in PictureInPicture
  • CVE-2026-3928: Insufficient policy enforcement in Extensions
  • CVE-2026-3929: Side-channel information leakage in ResourceTiming
  • CVE-2026-3930: Unsafe navigation in Navigation
  • CVE-2026-3931: Heap buffer overflow in Skia
  • CVE-2026-3932: Insufficient policy enforcement in PDF
  • CVE-2026-3934: Insufficient policy enforcement in ChromeDriver
  • CVE-2026-3935: Incorrect security UI in WebAppInstalls
  • CVE-2026-3936: Use after free in WebView
  • CVE-2026-3937: Incorrect security UI in Downloads
  • CVE-2026-3938: Insufficient policy enforcement in Clipboard
  • CVE-2026-3939: Insufficient policy enforcement in PDF
  • CVE-2026-3940: Insufficient policy enforcement in DevTools
  • CVE-2026-3941: Insufficient policy enforcement in DevTools
  • CVE-2026-3942: Incorrect security UI in PictureInPicture

systemd-258.7-1.fc43

Fedora Security Advisories
14 hours 15 minutes ago
FEDORA-2026-0e8eeb6a8a Packages in this update:
  • systemd-258.7-1.fc43
Update description:
  • A bunch of bugfixes
  • More sanitization for invalid values received from hardware and firmware

systemd-259.5-1.fc44

Fedora Security Advisories
14 hours 17 minutes ago
FEDORA-2026-67f57405ee Packages in this update:
  • systemd-259.5-1.fc44
Update description:

More bugfixes.

  • A bunch of bugfixes
  • More sanitization for invalid values received from hardware and firmware

scitokens-cpp-1.4.1-1.el10_3

Fedora Security Advisories
16 hours 52 minutes ago
FEDORA-EPEL-2026-292969a0ee Packages in this update:
  • scitokens-cpp-1.4.1-1.el10_3
Update description:
  • Fix scope path boundary validation to deny sibling-prefix authorization bypasses
  • Reject parent-directory traversal in scope paths, including encoded traversal forms
  • Add regression tests covering sibling-prefix and traversal authorization checks

scitokens-cpp-1.4.1-1.el10_1

Fedora Security Advisories
16 hours 52 minutes ago
FEDORA-EPEL-2026-5e624b43af Packages in this update:
  • scitokens-cpp-1.4.1-1.el10_1
Update description:
  • Fix scope path boundary validation to deny sibling-prefix authorization bypasses
  • Reject parent-directory traversal in scope paths, including encoded traversal forms
  • Add regression tests covering sibling-prefix and traversal authorization checks

scitokens-cpp-1.4.1-1.el8

Fedora Security Advisories
16 hours 52 minutes ago
FEDORA-EPEL-2026-179159d77f Packages in this update:
  • scitokens-cpp-1.4.1-1.el8
Update description:
  • Fix scope path boundary validation to deny sibling-prefix authorization bypasses
  • Reject parent-directory traversal in scope paths, including encoded traversal forms
  • Add regression tests covering sibling-prefix and traversal authorization checks

scitokens-cpp-1.4.1-1.fc44

Fedora Security Advisories
16 hours 52 minutes ago
FEDORA-2026-176625c3fc Packages in this update:
  • scitokens-cpp-1.4.1-1.fc44
Update description:
  • Fix scope path boundary validation to deny sibling-prefix authorization bypasses
  • Reject parent-directory traversal in scope paths, including encoded traversal forms
  • Add regression tests covering sibling-prefix and traversal authorization checks

scitokens-cpp-1.4.1-1.fc42

Fedora Security Advisories
16 hours 52 minutes ago
FEDORA-2026-a6d1791c49 Packages in this update:
  • scitokens-cpp-1.4.1-1.fc42
Update description:
  • Fix scope path boundary validation to deny sibling-prefix authorization bypasses
  • Reject parent-directory traversal in scope paths, including encoded traversal forms
  • Add regression tests covering sibling-prefix and traversal authorization checks

scitokens-cpp-1.4.1-1.fc43

Fedora Security Advisories
16 hours 52 minutes ago
FEDORA-2026-52c99ecf64 Packages in this update:
  • scitokens-cpp-1.4.1-1.fc43
Update description:
  • Fix scope path boundary validation to deny sibling-prefix authorization bypasses
  • Reject parent-directory traversal in scope paths, including encoded traversal forms
  • Add regression tests covering sibling-prefix and traversal authorization checks

scitokens-cpp-1.4.1-1.el9

Fedora Security Advisories
16 hours 52 minutes ago
FEDORA-EPEL-2026-6d1034adaf Packages in this update:
  • scitokens-cpp-1.4.1-1.el9
Update description:
  • Fix scope path boundary validation to deny sibling-prefix authorization bypasses
  • Reject parent-directory traversal in scope paths, including encoded traversal forms
  • Add regression tests covering sibling-prefix and traversal authorization checks

python-scitokens-1.9.7-1.fc43

Fedora Security Advisories
17 hours 4 minutes ago
FEDORA-2026-727b73bfa0 Packages in this update:
  • python-scitokens-1.9.7-1.fc43
Update description:
  • Remove legacy parent SciToken chaining behavior from token initialization and claim handling
  • Harden Enforcer scope path traversal validation (including encoded traversal checks)
  • Clean up documentation references to parent/chained SciTokens
  • Fix SQL injection risk in KeyCache by using parameterized SQLite queries
  • Prevent sibling-path authorization bypass in Enforcer scope checks

python-scitokens-1.9.7-1.el9

Fedora Security Advisories
17 hours 4 minutes ago
FEDORA-EPEL-2026-f38b3ac925 Packages in this update:
  • python-scitokens-1.9.7-1.el9
Update description:
  • Remove legacy parent SciToken chaining behavior from token initialization and claim handling
  • Harden Enforcer scope path traversal validation (including encoded traversal checks)
  • Clean up documentation references to parent/chained SciTokens
  • Fix SQL injection risk in KeyCache by using parameterized SQLite queries
  • Prevent sibling-path authorization bypass in Enforcer scope checks

python-scitokens-1.9.7-1.el8

Fedora Security Advisories
17 hours 4 minutes ago
FEDORA-EPEL-2026-9aaf8075c2 Packages in this update:
  • python-scitokens-1.9.7-1.el8
Update description:
  • Remove legacy parent SciToken chaining behavior from token initialization and claim handling
  • Harden Enforcer scope path traversal validation (including encoded traversal checks)
  • Clean up documentation references to parent/chained SciTokens
  • Fix SQL injection risk in KeyCache by using parameterized SQLite queries
  • Prevent sibling-path authorization bypass in Enforcer scope checks

python-scitokens-1.9.7-1.fc42

Fedora Security Advisories
17 hours 4 minutes ago
FEDORA-2026-dec8f790f7 Packages in this update:
  • python-scitokens-1.9.7-1.fc42
Update description:
  • Remove legacy parent SciToken chaining behavior from token initialization and claim handling
  • Harden Enforcer scope path traversal validation (including encoded traversal checks)
  • Clean up documentation references to parent/chained SciTokens
  • Fix SQL injection risk in KeyCache by using parameterized SQLite queries
  • Prevent sibling-path authorization bypass in Enforcer scope checks

python-scitokens-1.9.7-1.fc44

Fedora Security Advisories
17 hours 4 minutes ago
FEDORA-2026-86ad7d8a1a Packages in this update:
  • python-scitokens-1.9.7-1.fc44
Update description:
  • Remove legacy parent SciToken chaining behavior from token initialization and claim handling
  • Harden Enforcer scope path traversal validation (including encoded traversal checks)
  • Clean up documentation references to parent/chained SciTokens
  • Fix SQL injection risk in KeyCache by using parameterized SQLite queries
  • Prevent sibling-path authorization bypass in Enforcer scope checks

python-scitokens-1.9.7-1.el10_3

Fedora Security Advisories
17 hours 4 minutes ago
FEDORA-EPEL-2026-ea5e5199eb Packages in this update:
  • python-scitokens-1.9.7-1.el10_3
Update description:
  • Remove legacy parent SciToken chaining behavior from token initialization and claim handling
  • Harden Enforcer scope path traversal validation (including encoded traversal checks)
  • Clean up documentation references to parent/chained SciTokens
  • Fix SQL injection risk in KeyCache by using parameterized SQLite queries
  • Prevent sibling-path authorization bypass in Enforcer scope checks

python-scitokens-1.9.6-1.fc44

Fedora Security Advisories
20 hours 48 minutes ago
FEDORA-2026-88c19a9021 Packages in this update:
  • python-scitokens-1.9.6-1.fc44
Update description:
  • Fix SQL injection risk in KeyCache by using parameterized SQLite queries
  • Prevent sibling-path authorization bypass in Enforcer scope checks

python-scitokens-1.9.6-1.el10_3

Fedora Security Advisories
20 hours 48 minutes ago
FEDORA-EPEL-2026-111290d799 Packages in this update:
  • python-scitokens-1.9.6-1.el10_3
Update description:
  • Fix SQL injection risk in KeyCache by using parameterized SQLite queries
  • Prevent sibling-path authorization bypass in Enforcer scope checks
Checked
44 seconds ago
URL
https://bodhi.fedoraproject.org/rss/updates/?type=security