Fedora Security Advisories

FEDORA-2026-1885157e34 Packages in this update:

• vim-9.2.148-1.fc42

Update description:

patchlevel 148

Security fixes for CVE-2026-28417, CVE-2026-28418, CVE-2026-28419, CVE-2026-28420, CVE-2026-28421, CVE-2026-28422

FEDORA-2026-f5d072060b Packages in this update:

• vim-9.2.148-1.fc44

Update description:

patchlevel 148

Security fixes for CVE-2026-28417, CVE-2026-28418, CVE-2026-28419, CVE-2026-28420, CVE-2026-28421, CVE-2026-28422

Security fixes for CVE-2026-28417, CVE-2026-28418, CVE-2026-28419, CVE-2026-28420, CVE-2026-28421, CVE-2026-28422

FEDORA-EPEL-2026-004b05bae9 Packages in this update:

• chromium-146.0.7680.71-1.el10_2

Update description:

Update to 146.0.7680.71

* CVE-2026-3913: Heap buffer overflow in WebML * CVE-2026-3914: Integer overflow in WebML * CVE-2026-3915: Heap buffer overflow in WebML * CVE-2026-3916: Out of bounds read in Web Speech * CVE-2026-3917: Use after free in Agents * CVE-2026-3918: Use after free in WebMCP * CVE-2026-3919: Use after free in Extensions * CVE-2026-3920: Out of bounds memory access in WebML * CVE-2026-3921: Use after free in TextEncoding * CVE-2026-3922: Use after free in MediaStream * CVE-2026-3923: Use after free in WebMIDI * CVE-2026-3924: Use after free in WindowDialog * CVE-2026-3925: Incorrect security UI in LookalikeChecks * CVE-2026-3926: Out of bounds read in V8 * CVE-2026-3927: Incorrect security UI in PictureInPicture * CVE-2026-3928: Insufficient policy enforcement in Extensions * CVE-2026-3929: Side-channel information leakage in ResourceTiming * CVE-2026-3930: Unsafe navigation in Navigation * CVE-2026-3931: Heap buffer overflow in Skia * CVE-2026-3932: Insufficient policy enforcement in PDF * CVE-2026-3934: Insufficient policy enforcement in ChromeDriver * CVE-2026-3935: Incorrect security UI in WebAppInstalls * CVE-2026-3936: Use after free in WebView * CVE-2026-3937: Incorrect security UI in Downloads * CVE-2026-3938: Insufficient policy enforcement in Clipboard * CVE-2026-3939: Insufficient policy enforcement in PDF * CVE-2026-3940: Insufficient policy enforcement in DevTools * CVE-2026-3941: Insufficient policy enforcement in DevTools * CVE-2026-3942: Incorrect security UI in PictureInPicture

FEDORA-EPEL-2026-4ecb36d14c Packages in this update:

• chromium-146.0.7680.71-1.el10_3

Update description:

Update to 146.0.7680.71

* CVE-2026-3913: Heap buffer overflow in WebML * CVE-2026-3914: Integer overflow in WebML * CVE-2026-3915: Heap buffer overflow in WebML * CVE-2026-3916: Out of bounds read in Web Speech * CVE-2026-3917: Use after free in Agents * CVE-2026-3918: Use after free in WebMCP * CVE-2026-3919: Use after free in Extensions * CVE-2026-3920: Out of bounds memory access in WebML * CVE-2026-3921: Use after free in TextEncoding * CVE-2026-3922: Use after free in MediaStream * CVE-2026-3923: Use after free in WebMIDI * CVE-2026-3924: Use after free in WindowDialog * CVE-2026-3925: Incorrect security UI in LookalikeChecks * CVE-2026-3926: Out of bounds read in V8 * CVE-2026-3927: Incorrect security UI in PictureInPicture * CVE-2026-3928: Insufficient policy enforcement in Extensions * CVE-2026-3929: Side-channel information leakage in ResourceTiming * CVE-2026-3930: Unsafe navigation in Navigation * CVE-2026-3931: Heap buffer overflow in Skia * CVE-2026-3932: Insufficient policy enforcement in PDF * CVE-2026-3934: Insufficient policy enforcement in ChromeDriver * CVE-2026-3935: Incorrect security UI in WebAppInstalls * CVE-2026-3936: Use after free in WebView * CVE-2026-3937: Incorrect security UI in Downloads * CVE-2026-3938: Insufficient policy enforcement in Clipboard * CVE-2026-3939: Insufficient policy enforcement in PDF * CVE-2026-3940: Insufficient policy enforcement in DevTools * CVE-2026-3941: Insufficient policy enforcement in DevTools * CVE-2026-3942: Incorrect security UI in PictureInPicture

FEDORA-2026-0dc0c88f83 Packages in this update:

• chromium-146.0.7680.71-1.fc43

Update description:

Update to 146.0.7680.71

* CVE-2026-3913: Heap buffer overflow in WebML * CVE-2026-3914: Integer overflow in WebML * CVE-2026-3915: Heap buffer overflow in WebML * CVE-2026-3916: Out of bounds read in Web Speech * CVE-2026-3917: Use after free in Agents * CVE-2026-3918: Use after free in WebMCP * CVE-2026-3919: Use after free in Extensions * CVE-2026-3920: Out of bounds memory access in WebML * CVE-2026-3921: Use after free in TextEncoding * CVE-2026-3922: Use after free in MediaStream * CVE-2026-3923: Use after free in WebMIDI * CVE-2026-3924: Use after free in WindowDialog * CVE-2026-3925: Incorrect security UI in LookalikeChecks * CVE-2026-3926: Out of bounds read in V8 * CVE-2026-3927: Incorrect security UI in PictureInPicture * CVE-2026-3928: Insufficient policy enforcement in Extensions * CVE-2026-3929: Side-channel information leakage in ResourceTiming * CVE-2026-3930: Unsafe navigation in Navigation * CVE-2026-3931: Heap buffer overflow in Skia * CVE-2026-3932: Insufficient policy enforcement in PDF * CVE-2026-3934: Insufficient policy enforcement in ChromeDriver * CVE-2026-3935: Incorrect security UI in WebAppInstalls * CVE-2026-3936: Use after free in WebView * CVE-2026-3937: Incorrect security UI in Downloads * CVE-2026-3938: Insufficient policy enforcement in Clipboard * CVE-2026-3939: Insufficient policy enforcement in PDF * CVE-2026-3940: Insufficient policy enforcement in DevTools * CVE-2026-3941: Insufficient policy enforcement in DevTools * CVE-2026-3942: Incorrect security UI in PictureInPicture

FEDORA-2026-6e868c481c Packages in this update:

• chromium-146.0.7680.71-1.fc44

Update description:

Update to 146.0.7680.71

* CVE-2026-3913: Heap buffer overflow in WebML * CVE-2026-3914: Integer overflow in WebML * CVE-2026-3915: Heap buffer overflow in WebML * CVE-2026-3916: Out of bounds read in Web Speech * CVE-2026-3917: Use after free in Agents * CVE-2026-3918: Use after free in WebMCP * CVE-2026-3919: Use after free in Extensions * CVE-2026-3920: Out of bounds memory access in WebML * CVE-2026-3921: Use after free in TextEncoding * CVE-2026-3922: Use after free in MediaStream * CVE-2026-3923: Use after free in WebMIDI * CVE-2026-3924: Use after free in WindowDialog * CVE-2026-3925: Incorrect security UI in LookalikeChecks * CVE-2026-3926: Out of bounds read in V8 * CVE-2026-3927: Incorrect security UI in PictureInPicture * CVE-2026-3928: Insufficient policy enforcement in Extensions * CVE-2026-3929: Side-channel information leakage in ResourceTiming * CVE-2026-3930: Unsafe navigation in Navigation * CVE-2026-3931: Heap buffer overflow in Skia * CVE-2026-3932: Insufficient policy enforcement in PDF * CVE-2026-3934: Insufficient policy enforcement in ChromeDriver * CVE-2026-3935: Incorrect security UI in WebAppInstalls * CVE-2026-3936: Use after free in WebView * CVE-2026-3937: Incorrect security UI in Downloads * CVE-2026-3938: Insufficient policy enforcement in Clipboard * CVE-2026-3939: Insufficient policy enforcement in PDF * CVE-2026-3940: Insufficient policy enforcement in DevTools * CVE-2026-3941: Insufficient policy enforcement in DevTools * CVE-2026-3942: Incorrect security UI in PictureInPicture

FEDORA-EPEL-2026-321e8e0d34 Packages in this update:

• python-ujson-5.12.0-1.el10_3

Update description:

Update to 5.12.0. This release updates the license field in the Python metadata and fixes a buffer overflow/infinite loop from indent handling.

FEDORA-2026-0f099ed388 Packages in this update:

• python-ujson-5.12.0-1.fc42

Update description:

Update to 5.12.0. This release updates the license field in the Python metadata and fixes a buffer overflow/infinite loop from indent handling.

FEDORA-2026-bf741e26e4 Packages in this update:

• python-ujson-5.12.0-1.fc43

Update description:

Update to 5.12.0. This release updates the license field in the Python metadata and fixes a buffer overflow/infinite loop from indent handling.

FEDORA-2026-5725d633ec Packages in this update:

• python-ujson-5.12.0-1.fc44

Update description:

Update to 5.12.0. This release updates the license field in the Python metadata and fixes a buffer overflow/infinite loop from indent handling.

FEDORA-2026-965f164001 Packages in this update:

• systemd-258.6-1.fc43

Update description:

• A bunch of bugfixes
• More sanitization for invalid values received from hardware and firmware

FEDORA-2026-0cde3e4697 Packages in this update:

• systemd-259.4-1.fc44

Update description:

• A bunch of bugfixes
• More sanitization for invalid values received from hardware and firmware

FEDORA-2026-cb86172c17 Packages in this update:

• python3.6-3.6.15-54.fc44

Update description:

Rebuilt for improvements of %python_wheel_inject_sbom in python-rpm-macros-3.14-11.

Security fix for CVE-2025-12084

FEDORA-EPEL-2026-439d2b09db Packages in this update:

• wordpress-6.9.4-1.el10_1

Update description:

Upstream announcements:

• WordPress 6.9.2 Release
• WordPress 6.9.3 and 7.0 beta 4
• WordPress 6.9.4 Release

FEDORA-EPEL-2026-7fdbeef41b Packages in this update:

• wordpress-6.9.4-1.el9

Update description:

Upstream announcements:

• WordPress 6.9.2 Release
• WordPress 6.9.3 and 7.0 beta 4
• WordPress 6.9.4 Release

FEDORA-2026-bf984d4931 Packages in this update:

• wordpress-6.9.4-1.fc44

Update description:

Upstream announcements:

• WordPress 6.9.2 Release
• WordPress 6.9.3 and 7.0 beta 4
• WordPress 6.9.4 Release

FEDORA-2026-5774d46593 Packages in this update:

• wordpress-6.9.4-1.fc43

Update description:

Upstream announcements:

• WordPress 6.9.2 Release
• WordPress 6.9.3 and 7.0 beta 4
• WordPress 6.9.4 Release

FEDORA-2026-675dd9b166 Packages in this update:

• wordpress-6.9.4-1.fc42

Update description:

Upstream announcements:

• WordPress 6.9.2 Release
• WordPress 6.9.3 and 7.0 beta 4
• WordPress 6.9.4 Release

FEDORA-EPEL-2026-6d9113a8af Packages in this update:

• wordpress-6.9.4-1.el10_2

Update description:

Upstream announcements:

• WordPress 6.9.2 Release
• WordPress 6.9.3 and 7.0 beta 4
• WordPress 6.9.4 Release

FEDORA-EPEL-2026-c7993fe121 Packages in this update:

• wordpress-6.9.4-1.el10_3

Update description:

Upstream announcements:

• WordPress 6.9.2 Release
• WordPress 6.9.3 and 7.0 beta 4
• WordPress 6.9.4 Release