Fedora Security Advisories

• nodejs22-22.22.2-2.fc43

Update to version 22.22.2

• nodejs22-22.22.2-3.fc44

Update to version 22.22.2

• nano-8.5-3.fc43

• fix CVE-2026-6842 and CVE-29026-6843

Resolves: CVE-2026-6842 Resolves: CVE-2026-6843 Resolves: rhbz#2455127 Resolves: rhbz#2455314

• nano-8.7.1-2.fc44

• fix CVE-2026-6842 and CVE-29026-6843

Resolves: CVE-2026-6842 Resolves: CVE-2026-6843 Resolves: rhbz#2455127 Resolves: rhbz#2455314

• nano-8.3-4.fc42

• fix CVE-2026-6842 and CVE-29026-6843

Resolves: CVE-2026-6842 Resolves: CVE-2026-6843 Resolves: rhbz#2455127 Resolves: rhbz#2455314

• chromium-147.0.7727.137-1.fc44

The updates include fixes for:

• Critical CVE-2026-7363: Use after free in Canvas
• Critical CVE-2026-7361: Use after free in iOS
• Critical CVE-2026-7344: Use after free in Accessibility
• Critical CVE-2026-7343: Use after free in Views
• High CVE-2026-7333: Use after free in GPU
• High CVE-2026-7360: Insufficient validation of untrusted input in Compositing
• High CVE-2026-7359: Use after free in ANGLE
• High CVE-2026-7358: Use after free in Animation
• High CVE-2026-7334: Use after free in Views
• High CVE-2026-7357: Use after free in GPU
• High CVE-2026-7356: Use after free in Navigation
• High CVE-2026-7354: Out of bounds read and write in Angle
• High CVE-2026-7353: Heap buffer overflow in Skia
• High CVE-2026-7352: Use after free in Media
• High CVE-2026-7351: Race in MHTML
• High CVE-2026-7350: Use after free in WebMIDI
• High CVE-2026-7349: Use after free in Cast
• High CVE-2026-7348: Use after free in Codecs
• High CVE-2026-7335: Use after free in media
• High CVE-2026-7336: Use after free in WebRTC
• High CVE-2026-7337: Type Confusion in V8
• High CVE-2026-7347: Use after free in Chromoting
• High CVE-2026-7346: Inappropriate implementation in Tint
• High CVE-2026-7345: Insufficient validation of untrusted input in Feedback
• High CVE-2026-7338: Use after free in Cast
• High CVE-2026-7342: Use after free in WebView
• High CVE-2026-7341: Use after free in WebRTC
• Medium CVE-2026-7339: Heap buffer overflow in WebRTC
• Medium CVE-2026-7340: Integer overflow in ANGLE
• Medium CVE-2026-7355: Use after free in Media

• chromium-147.0.7727.137-1.fc43

The updates include fixes for:

• Critical CVE-2026-7363: Use after free in Canvas
• Critical CVE-2026-7361: Use after free in iOS
• Critical CVE-2026-7344: Use after free in Accessibility
• Critical CVE-2026-7343: Use after free in Views
• High CVE-2026-7333: Use after free in GPU
• High CVE-2026-7360: Insufficient validation of untrusted input in Compositing
• High CVE-2026-7359: Use after free in ANGLE
• High CVE-2026-7358: Use after free in Animation
• High CVE-2026-7334: Use after free in Views
• High CVE-2026-7357: Use after free in GPU
• High CVE-2026-7356: Use after free in Navigation
• High CVE-2026-7354: Out of bounds read and write in Angle
• High CVE-2026-7353: Heap buffer overflow in Skia
• High CVE-2026-7352: Use after free in Media
• High CVE-2026-7351: Race in MHTML
• High CVE-2026-7350: Use after free in WebMIDI
• High CVE-2026-7349: Use after free in Cast
• High CVE-2026-7348: Use after free in Codecs
• High CVE-2026-7335: Use after free in media
• High CVE-2026-7336: Use after free in WebRTC
• High CVE-2026-7337: Type Confusion in V8
• High CVE-2026-7347: Use after free in Chromoting
• High CVE-2026-7346: Inappropriate implementation in Tint
• High CVE-2026-7345: Insufficient validation of untrusted input in Feedback
• High CVE-2026-7338: Use after free in Cast
• High CVE-2026-7342: Use after free in WebView
• High CVE-2026-7341: Use after free in WebRTC
• Medium CVE-2026-7339: Heap buffer overflow in WebRTC
• Medium CVE-2026-7340: Integer overflow in ANGLE
• Medium CVE-2026-7355: Use after free in Media

• chromium-147.0.7727.137-1.fc42

The updates include fixes for:

• Critical CVE-2026-7363: Use after free in Canvas
• Critical CVE-2026-7361: Use after free in iOS
• Critical CVE-2026-7344: Use after free in Accessibility
• Critical CVE-2026-7343: Use after free in Views
• High CVE-2026-7333: Use after free in GPU
• High CVE-2026-7360: Insufficient validation of untrusted input in Compositing
• High CVE-2026-7359: Use after free in ANGLE
• High CVE-2026-7358: Use after free in Animation
• High CVE-2026-7334: Use after free in Views
• High CVE-2026-7357: Use after free in GPU
• High CVE-2026-7356: Use after free in Navigation
• High CVE-2026-7354: Out of bounds read and write in Angle
• High CVE-2026-7353: Heap buffer overflow in Skia
• High CVE-2026-7352: Use after free in Media
• High CVE-2026-7351: Race in MHTML
• High CVE-2026-7350: Use after free in WebMIDI
• High CVE-2026-7349: Use after free in Cast
• High CVE-2026-7348: Use after free in Codecs
• High CVE-2026-7335: Use after free in media
• High CVE-2026-7336: Use after free in WebRTC
• High CVE-2026-7337: Type Confusion in V8
• High CVE-2026-7347: Use after free in Chromoting
• High CVE-2026-7346: Inappropriate implementation in Tint
• High CVE-2026-7345: Insufficient validation of untrusted input in Feedback
• High CVE-2026-7338: Use after free in Cast
• High CVE-2026-7342: Use after free in WebView
• High CVE-2026-7341: Use after free in WebRTC
• Medium CVE-2026-7339: Heap buffer overflow in WebRTC
• Medium CVE-2026-7340: Integer overflow in ANGLE
• Medium CVE-2026-7355: Use after free in Media

• proftpd-1.3.8d-2.el9

This update fixes a potential SQL injection via mod_sql (CVE-2026-42167).

The mod_sql module is not enabled by default.

• xen-4.19.5-2.fc42

oxenstored keeps quota related use counts across domain destruction [XSA-483, CVE-2026-23556] Xenstored DoS via XS_RESET_WATCHES command [XSA-484, CVE-2026-23557] grant table v2 race in status page mapping [XSA-486, CVE-2026-23558] x86: Floating Point Divider State Sampling [XSA-488, CVE-2025-54505]

• xen-4.20.3-2.fc43

oxenstored keeps quota related use counts across domain destruction [XSA-483, CVE-2026-23556] Xenstored DoS via XS_RESET_WATCHES command [XSA-484, CVE-2026-23557] grant table v2 race in status page mapping [XSA-486, CVE-2026-23558] x86: Floating Point Divider State Sampling [XSA-488, CVE-2025-54505]

• perl-Starman-0.4018-1.fc44

Starman versions before 0.4018 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Starman incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence. An attacker could exploit this to smuggle malicious HTTP requests via a front-end reverse proxy.

This package updates Starman to 0.4018 where Transfer-Encoding now takes precedence over Content-Length.

• perl-Starman-0.4018-1.fc43

Starman versions before 0.4018 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Starman incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence. An attacker could exploit this to smuggle malicious HTTP requests via a front-end reverse proxy.

This package updates Starman to 0.4018 where Transfer-Encoding now takes precedence over Content-Length.

• perl-Starman-0.4018-1.fc42

Starman versions before 0.4018 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Starman incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence. An attacker could exploit this to smuggle malicious HTTP requests via a front-end reverse proxy.

This package updates Starman to 0.4018 where Transfer-Encoding now takes precedence over Content-Length.

• pyOpenSSL-26.1.0-1.fc44

Update to pyOpenSSL 26.1.0

This update adds support for cryptography v47 and fixes a single security issue:

• Fixed X509Name field setters to correctly pass the value length to OpenSSL. Previously, values containing NUL bytes would be silently truncated, causing a divergence between the stored ASN.1 value and the value visible from Python. Credit to BudongJW for reporting the issue. CVE-2026-40475

• pyOpenSSL-26.1.0-1.fc43

Update to pyOpenSSL 26.1.0

This update adds support for cryptography v47 and fixes a single security issue:

• Fixed X509Name field setters to correctly pass the value length to OpenSSL. Previously, values containing NUL bytes would be silently truncated, causing a divergence between the stored ASN.1 value and the value visible from Python. Credit to BudongJW for reporting the issue. CVE-2026-40475

• kryoptic-1.5.0-2.fc45
• pyOpenSSL-26.1.0-1.fc45
• python-cryptography-47.0.0-1.fc45
• rust-asn1-0.24.1-1.fc45
• rust-asn1_derive-0.24.1-1.fc45

Update python-cryptography to 47.0.0

As a result, rust-asn1 is bumped to 0.24, and pyOpenSSL is bumped to 26.1. kryoptic is rebuilt with a patch to support asn1 0.24.

pyOpenSSL 26.1 contains a fix for CVE-2026-40475

• krb5-1.21.3-7.fc42

• Fix NegoEx parsing vulnerabilities (CVE-2026-40355, CVE-2026-40356)

• krb5-1.22.2-4.fc43

• Fix NegoEx parsing vulnerabilities (CVE-2026-40355, CVE-2026-40356)
• Add upstream patches to build against openssl 4.0
• Make configure.ac work with autoconf 2.73

• krb5-1.22.2-4.fc44

• Fix NegoEx parsing vulnerabilities (CVE-2026-40355, CVE-2026-40356)
• Add upstream patches to build against openssl 4.0
• Make configure.ac work with autoconf 2.73