Fedora Security Advisories

FEDORA-2026-b42b8b1c00 Packages in this update:

• libarchive-3.8.6-1.fc44

Update description:

CVE-2026-4111 libarchive: Infinite Loop Denial of Service in RAR5 Decompression via archive_read_data() in libarchive

FEDORA-EPEL-2026-de2c69d4e4 Packages in this update:

• chromium-146.0.7680.164-1.el10_3

Update description:

Update to 146.0.7680.164

* High CVE-2026-4673: Heap buffer overflow in WebAudio * High CVE-2026-4674: Out of bounds read in CSS * High CVE-2026-4675: Heap buffer overflow in WebGL * High CVE-2026-4676: Use after free in Dawn * High CVE-2026-4677: Out of bounds read in WebAudio * High CVE-2026-4678: Use after free in WebGPU * High CVE-2026-4679: Integer overflow in Fonts * High CVE-2026-4680: Use after free in FedCM

FEDORA-EPEL-2026-034dddc133 Packages in this update:

• chromium-146.0.7680.164-1.el10_1

Update description:

Update to 146.0.7680.164

* High CVE-2026-4673: Heap buffer overflow in WebAudio * High CVE-2026-4674: Out of bounds read in CSS * High CVE-2026-4675: Heap buffer overflow in WebGL * High CVE-2026-4676: Use after free in Dawn * High CVE-2026-4677: Out of bounds read in WebAudio * High CVE-2026-4678: Use after free in WebGPU * High CVE-2026-4679: Integer overflow in Fonts * High CVE-2026-4680: Use after free in FedCM

Update to 146.0.7680.153

* CVE-2026-4439: Out of bounds memory access in WebGL * CVE-2026-4440: Out of bounds read and write in WebGL * CVE-2026-4441: Use after free in Base * CVE-2026-4442: Heap buffer overflow in CSS * CVE-2026-4443: Heap buffer overflow in WebAudio * CVE-2026-4444: Stack buffer overflow in WebRTC * CVE-2026-4445: Use after free in WebRTC * CVE-2026-4446: Use after free in WebRTC * CVE-2026-4447: Inappropriate implementation in V8 * CVE-2026-4448: Heap buffer overflow in ANGLE * CVE-2026-4449: Use after free in Blink * CVE-2026-4450: Out of bounds write in V8 * CVE-2026-4451: Insufficient validation of untrusted input in Navigation * CVE-2026-4452: Integer overflow in ANGLE * CVE-2026-4453: Integer overflow in Dawn * CVE-2026-4454: Use after free in Network * CVE-2026-4455: Heap buffer overflow in PDFium * CVE-2026-4456: Use after free in Digital Credentials API * CVE-2026-4457: Type Confusion in V8 * CVE-2026-4458: Use after free in Extensions * CVE-2026-4459: Out of bounds read and write in WebAudio * CVE-2026-4460: Out of bounds read in Skia * CVE-2026-4461: Inappropriate implementation in V8 * CVE-2026-4462: Out of bounds read in Blink * CVE-2026-4463: Heap buffer overflow in WebRTC * CVE-2026-4464: Integer overflow in ANGLE

FEDORA-EPEL-2026-1abb979baa Packages in this update:

• chromium-146.0.7680.164-1.el10_2

Update description:

Update to 146.0.7680.164

* High CVE-2026-4673: Heap buffer overflow in WebAudio * High CVE-2026-4674: Out of bounds read in CSS * High CVE-2026-4675: Heap buffer overflow in WebGL * High CVE-2026-4676: Use after free in Dawn * High CVE-2026-4677: Out of bounds read in WebAudio * High CVE-2026-4678: Use after free in WebGPU * High CVE-2026-4679: Integer overflow in Fonts * High CVE-2026-4680: Use after free in FedCM

FEDORA-EPEL-2026-d3092556ab Packages in this update:

• chromium-146.0.7680.164-1.el9

Update description:

Update to 146.0.7680.164

* High CVE-2026-4673: Heap buffer overflow in WebAudio * High CVE-2026-4674: Out of bounds read in CSS * High CVE-2026-4675: Heap buffer overflow in WebGL * High CVE-2026-4676: Use after free in Dawn * High CVE-2026-4677: Out of bounds read in WebAudio * High CVE-2026-4678: Use after free in WebGPU * High CVE-2026-4679: Integer overflow in Fonts * High CVE-2026-4680: Use after free in FedCM

Update to 146.0.7680.153

* CVE-2026-4439: Out of bounds memory access in WebGL * CVE-2026-4440: Out of bounds read and write in WebGL * CVE-2026-4441: Use after free in Base * CVE-2026-4442: Heap buffer overflow in CSS * CVE-2026-4443: Heap buffer overflow in WebAudio * CVE-2026-4444: Stack buffer overflow in WebRTC * CVE-2026-4445: Use after free in WebRTC * CVE-2026-4446: Use after free in WebRTC * CVE-2026-4447: Inappropriate implementation in V8 * CVE-2026-4448: Heap buffer overflow in ANGLE * CVE-2026-4449: Use after free in Blink * CVE-2026-4450: Out of bounds write in V8 * CVE-2026-4451: Insufficient validation of untrusted input in Navigation * CVE-2026-4452: Integer overflow in ANGLE * CVE-2026-4453: Integer overflow in Dawn * CVE-2026-4454: Use after free in Network * CVE-2026-4455: Heap buffer overflow in PDFium * CVE-2026-4456: Use after free in Digital Credentials API * CVE-2026-4457: Type Confusion in V8 * CVE-2026-4458: Use after free in Extensions * CVE-2026-4459: Out of bounds read and write in WebAudio * CVE-2026-4460: Out of bounds read in Skia * CVE-2026-4461: Inappropriate implementation in V8 * CVE-2026-4462: Out of bounds read in Blink * CVE-2026-4463: Heap buffer overflow in WebRTC * CVE-2026-4464: Integer overflow in ANGLE

FEDORA-2026-cc466cfb57 Packages in this update:

• chromium-146.0.7680.164-1.fc42

Update description:

Update to 146.0.7680.164

* High CVE-2026-4673: Heap buffer overflow in WebAudio * High CVE-2026-4674: Out of bounds read in CSS * High CVE-2026-4675: Heap buffer overflow in WebGL * High CVE-2026-4676: Use after free in Dawn * High CVE-2026-4677: Out of bounds read in WebAudio * High CVE-2026-4678: Use after free in WebGPU * High CVE-2026-4679: Integer overflow in Fonts * High CVE-2026-4680: Use after free in FedCM

Update to 146.0.7680.153

* CVE-2026-4439: Out of bounds memory access in WebGL * CVE-2026-4440: Out of bounds read and write in WebGL * CVE-2026-4441: Use after free in Base * CVE-2026-4442: Heap buffer overflow in CSS * CVE-2026-4443: Heap buffer overflow in WebAudio * CVE-2026-4444: Stack buffer overflow in WebRTC * CVE-2026-4445: Use after free in WebRTC * CVE-2026-4446: Use after free in WebRTC * CVE-2026-4447: Inappropriate implementation in V8 * CVE-2026-4448: Heap buffer overflow in ANGLE * CVE-2026-4449: Use after free in Blink * CVE-2026-4450: Out of bounds write in V8 * CVE-2026-4451: Insufficient validation of untrusted input in Navigation * CVE-2026-4452: Integer overflow in ANGLE * CVE-2026-4453: Integer overflow in Dawn * CVE-2026-4454: Use after free in Network * CVE-2026-4455: Heap buffer overflow in PDFium * CVE-2026-4456: Use after free in Digital Credentials API * CVE-2026-4457: Type Confusion in V8 * CVE-2026-4458: Use after free in Extensions * CVE-2026-4459: Out of bounds read and write in WebAudio * CVE-2026-4460: Out of bounds read in Skia * CVE-2026-4461: Inappropriate implementation in V8 * CVE-2026-4462: Out of bounds read in Blink * CVE-2026-4463: Heap buffer overflow in WebRTC * CVE-2026-4464: Integer overflow in ANGLE

FEDORA-2026-4d42fffb2b Packages in this update:

• chromium-146.0.7680.164-1.fc44

Update description:

Update to 146.0.7680.164

* High CVE-2026-4673: Heap buffer overflow in WebAudio * High CVE-2026-4674: Out of bounds read in CSS * High CVE-2026-4675: Heap buffer overflow in WebGL * High CVE-2026-4676: Use after free in Dawn * High CVE-2026-4677: Out of bounds read in WebAudio * High CVE-2026-4678: Use after free in WebGPU * High CVE-2026-4679: Integer overflow in Fonts * High CVE-2026-4680: Use after free in FedCM

FEDORA-2026-ad5b2b6b68 Packages in this update:

• chromium-146.0.7680.164-1.fc43

Update description:

Update to 146.0.7680.164

* High CVE-2026-4673: Heap buffer overflow in WebAudio * High CVE-2026-4674: Out of bounds read in CSS * High CVE-2026-4675: Heap buffer overflow in WebGL * High CVE-2026-4676: Use after free in Dawn * High CVE-2026-4677: Out of bounds read in WebAudio * High CVE-2026-4678: Use after free in WebGPU * High CVE-2026-4679: Integer overflow in Fonts * High CVE-2026-4680: Use after free in FedCM

FEDORA-2026-b58c5b3cc0 Packages in this update:

• libopenmpt-0.8.6-1.fc44

Update description:

Update from 0.8.5 to 0.8.6 to fix regression: https://lib.openmpt.org/libopenmpt/2026/03/24/security-updates-0.8.6-0.7.19-0.6.28-0.5.42-0.4.54/

Potential security fix plus bug-fixes in 0.8.5: https://lib.openmpt.org/libopenmpt/2026/03/22/security-updates-0.8.5-0.7.18-0.6.27-0.5.41-0.4.53/

FEDORA-2026-e2621c29b2 Packages in this update:

• libopenmpt-0.8.6-1.fc42

Update description:

Update from 0.8.5 to 0.8.6 to fix regression: https://lib.openmpt.org/libopenmpt/2026/03/24/security-updates-0.8.6-0.7.19-0.6.28-0.5.42-0.4.54/

Potential security fix plus bug-fixes in 0.8.5: https://lib.openmpt.org/libopenmpt/2026/03/22/security-updates-0.8.5-0.7.18-0.6.27-0.5.41-0.4.53/

FEDORA-2026-f9d2152328 Packages in this update:

• libopenmpt-0.8.6-1.fc43

Update description:

Update from 0.8.5 to 0.8.6 to fix regression: https://lib.openmpt.org/libopenmpt/2026/03/24/security-updates-0.8.6-0.7.19-0.6.28-0.5.42-0.4.54/

FEDORA-2026-36594550b0 Packages in this update:

• webkitgtk-2.52.0-1.fc42

Update description:

Update to 2.52.0:

• Make text look like in other browsers by blending in linear color space.
• Improved rendering performance by using a different tile size depending on whether GPU rendering is enabled or not.
• Improved composition scheduling to avoid blocking waiting for tile painting.
• Improved performance of accelerated 2D canvas by recording operations for batched replay.
• Improved async scrolling when main thread is busy by avoiding locks and rendering the scrollbars from the scrolling thread.
• Enabled dynamic MSAA for accelerated 2D canvas rendering.
• Improved text rendering performance
• Videos with BT2100-PQ colorspace are now tone-mapped to SDR, ensuring colours do not appear washed out.
• Added support for the Audio Output Devices API.
• Added API to handle WebXR permission requests.
• Added API to query the immersive session status.
• Added initial API for web extensions.

FEDORA-2026-b4d393799a Packages in this update:

• bpfman-0.5.4-6.fc42

Update description:

Fix CVE-2026-33056 (tar-rs 0.4.45); Closes rhbz#2449672

FEDORA-2026-d62d7fe77e Packages in this update:

• bpfman-0.5.4-5.fc43

Update description:

Fix CVE-2026-31812: Bump tar-rs to .5.45 - Closes rhbz#2449672

FEDORA-2026-2fc36ddefe Packages in this update:

• bpfman-0.5.4-7.fc44

Update description:

Fix CVE-2026-31812: Bump tar-rs to .5.45 - Closes rhbz#2449672

FEDORA-2026-e14350a7de Packages in this update:

• rust-rustls-webpki-0.103.10-1.fc44

Update description:

Update to version 0.103.10. Addresses RUSTSEC-2026-0049.

Update to version 0.103.9.

FEDORA-EPEL-2026-1460f79f2c Packages in this update:

• rust-rustls-webpki-0.103.10-1.el10_3

Update description:

Update to version 0.103.10. Addresses RUSTSEC-2026-0049.

Update to version 0.103.9.

FEDORA-EPEL-2026-860e57b32b Packages in this update:

• rust-rustls-webpki-0.103.10-1.el10_2

Update description:

Update to version 0.103.10. Addresses RUSTSEC-2026-0049.

Update to version 0.103.9.

FEDORA-EPEL-2026-e6e6228edf Packages in this update:

• rust-rustls-webpki-0.103.10-1.el9

Update description:

Update to version 0.103.10. Addresses RUSTSEC-2026-0049.

Update to version 0.103.9.

FEDORA-2026-efe3ef6f55 Packages in this update:

• rust-rustls-webpki-0.103.10-1.fc43

Update description:

Update to version 0.103.10. Addresses RUSTSEC-2026-0049.

Update to version 0.103.9.