Fedora Security Advisories

nginx-1.30.2-1.fc43 nginx-mod-brotli-1.0.0~rc-10.fc43 nginx-mod-fancyindex-0.6.0-5.fc43 nginx-mod-headers-more-0.39-10.fc43 nginx-mod-modsecurity-1.0.4-11.fc43 nginx-mod-naxsi-1.6-18.fc43 nginx-mod-vts-0.2.4-10.fc43

Fedora Security Advisories
10 hours 31 minutes ago
FEDORA-2026-dd9cd16b18 Packages in this update:
  • nginx-1.30.2-1.fc43
  • nginx-mod-brotli-1.0.0~rc-10.fc43
  • nginx-mod-fancyindex-0.6.0-5.fc43
  • nginx-mod-headers-more-0.39-10.fc43
  • nginx-mod-modsecurity-1.0.4-11.fc43
  • nginx-mod-naxsi-1.6-18.fc43
  • nginx-mod-vts-0.2.4-10.fc43
Update description:

nginx-mod-brotli:

  • Rebuild for 1.30.2

nginx-mod-fancyindex:

  • Rebuild for 1.30.2

nginx-mod-naxsi:

  • Rebuild for 1.30.2

nginx-mod-headers-more:

  • Rebuild for 1.30.2

nginx-mod-vts:

  • Rebuild for 1.30.2

nginx-mod-modsecurity:

  • Rebuild for 1.30.2

nginx:

  • update to 1.30.2
  • fixes CVE-2026-9256

nginx-1.30.2-1.fc44 nginx-mod-brotli-1.0.0~rc-10.fc44 nginx-mod-fancyindex-0.6.0-5.fc44 nginx-mod-headers-more-0.39-10.fc44 nginx-mod-js-challenge-0^20230517.gitda6852d-8.fc44 nginx-mod-modsecurity-1.0.4-11.fc44 nginx-mod-naxsi-1.6-18.fc44 nginx-mod-vts…

Fedora Security Advisories
10 hours 54 minutes ago
FEDORA-2026-da68d7bf53 Packages in this update:
  • nginx-1.30.2-1.fc44
  • nginx-mod-brotli-1.0.0~rc-10.fc44
  • nginx-mod-fancyindex-0.6.0-5.fc44
  • nginx-mod-headers-more-0.39-10.fc44
  • nginx-mod-js-challenge-0^20230517.gitda6852d-8.fc44
  • nginx-mod-modsecurity-1.0.4-11.fc44
  • nginx-mod-naxsi-1.6-18.fc44
  • nginx-mod-vts-0.2.4-10.fc44
Update description:

nginx-mod-headers-more:

  • Rebuild for 1.30.2

nginx-mod-vts:

  • Rebuild for 1.30.2

nginx-mod-fancyindex:

  • Rebuild for 1.30.2

nginx-mod-brotli:

  • Rebuild for 1.30.2

nginx-mod-naxsi:

  • Rebuild for 1.30.2

nginx-mod-js-challenge:

  • Rebuild for 1.30.2

nginx-mod-modsecurity:

  • Rebuild for 1.30.2

nginx:

  • update to 1.30.2
  • fixes CVE-2026-9256

libssh2-1.11.1-6.el9

Fedora Security Advisories
21 hours 8 minutes ago
FEDORA-EPEL-2026-e7b8776a02 Packages in this update:
  • libssh2-1.11.1-6.el9
Update description:

This update addresses CVE-2026-7598, a potential heap buffer overflow, which could be triggered remotely by supplying very long username and/or password strings.

libssh2-1.11.1-6.el10_2

Fedora Security Advisories
21 hours 8 minutes ago
FEDORA-EPEL-2026-afcb3443a1 Packages in this update:
  • libssh2-1.11.1-6.el10_2
Update description:

This update addresses CVE-2026-7598, a potential heap buffer overflow, which could be triggered remotely by supplying very long username and/or password strings.

libssh2-1.11.1-6.el10_3

Fedora Security Advisories
21 hours 8 minutes ago
FEDORA-EPEL-2026-afd26ad447 Packages in this update:
  • libssh2-1.11.1-6.el10_3
Update description:

This update addresses CVE-2026-7598, a potential heap buffer overflow, which could be triggered remotely by supplying very long username and/or password strings.

libssh2-1.11.1-6.fc43

Fedora Security Advisories
22 hours 12 minutes ago
FEDORA-2026-1b9134cdc9 Packages in this update:
  • libssh2-1.11.1-6.fc43
Update description:

This update addresses CVE-2026-7598, a potential heap buffer overflow, which could be triggered remotely by supplying very long username and/or password strings.

libssh2-1.11.1-6.fc44

Fedora Security Advisories
22 hours 12 minutes ago
FEDORA-2026-f87ac8187c Packages in this update:
  • libssh2-1.11.1-6.fc44
Update description:

This update addresses CVE-2026-7598, a potential heap buffer overflow, which could be triggered remotely by supplying very long username and/or password strings.

chromium-148.0.7778.178-1.el10_3

Fedora Security Advisories
1 day 4 hours ago
FEDORA-EPEL-2026-c0b39ff94f Packages in this update:
  • chromium-148.0.7778.178-1.el10_3
Update description:

Update to 148.0.7778.178

  • CVE-2026-9111: Use after free in WebRTC
  • CVE-2026-9110: Inappropriate implementation in UI
  • CVE-2026-9112: Use after free in GPU
  • CVE-2026-9113: Out of bounds read in GPU
  • CVE-2026-9114: Use after free in QUIC
  • CVE-2026-9115: Insufficient policy enforcement in Service Worker
  • CVE-2026-9116: Insufficient policy enforcement in ServiceWorker
  • CVE-2026-9117: Type Confusion in GFX
  • CVE-2026-9118: Use after free in XR
  • CVE-2026-9119: Heap buffer overflow in WebRTC
  • CVE-2026-9120: Use after free in WebRTC
  • CVE-2026-9126: Use after free in DOM
  • CVE-2026-9121: Out of bounds read in GPU
  • CVE-2026-9122: Out of bounds read in GPU
  • CVE-2026-9123: Heap buffer overflow in Chromecast
  • CVE-2026-9124: Insufficient validation of untrusted input in Input

chromium-148.0.7778.178-1.fc43

Fedora Security Advisories
1 day 4 hours ago
FEDORA-2026-b17799ac62 Packages in this update:
  • chromium-148.0.7778.178-1.fc43
Update description:

Update to 148.0.7778.178

  • CVE-2026-9111: Use after free in WebRTC
  • CVE-2026-9110: Inappropriate implementation in UI
  • CVE-2026-9112: Use after free in GPU
  • CVE-2026-9113: Out of bounds read in GPU
  • CVE-2026-9114: Use after free in QUIC
  • CVE-2026-9115: Insufficient policy enforcement in Service Worker
  • CVE-2026-9116: Insufficient policy enforcement in ServiceWorker
  • CVE-2026-9117: Type Confusion in GFX
  • CVE-2026-9118: Use after free in XR
  • CVE-2026-9119: Heap buffer overflow in WebRTC
  • CVE-2026-9120: Use after free in WebRTC
  • CVE-2026-9126: Use after free in DOM
  • CVE-2026-9121: Out of bounds read in GPU
  • CVE-2026-9122: Out of bounds read in GPU
  • CVE-2026-9123: Heap buffer overflow in Chromecast
  • CVE-2026-9124: Insufficient validation of untrusted input in Input

Update to 148.0.7778.167

  • CVE-2026-8509: Heap buffer overflow in WebML
  • CVE-2026-8510: Integer overflow in Skia
  • CVE-2026-8511: Use after free in UI
  • CVE-2026-8512: Use after free in FileSystem
  • CVE-2026-8513: Use after free in Input
  • CVE-2026-8514: Use after free in Aura
  • CVE-2026-8515: Use after free in HID
  • CVE-2026-8516: Insufficient validation of untrusted input in DataTransfer
  • CVE-2026-8517: Object lifecycle issue in WebShare
  • CVE-2026-8518: Use after free in Blink
  • CVE-2026-8519: Integer overflow in ANGLE
  • CVE-2026-8520: Race in Payments
  • CVE-2026-8521: Use after free in Tab Groups
  • CVE-2026-8522: Use after free in Downloads
  • CVE-2026-8523: Use after free in Mojo
  • CVE-2026-8558: Out of bounds write in Fonts
  • CVE-2026-8524: Out of bounds write in WebAudio
  • CVE-2026-8525: Heap buffer overflow in ANGLE
  • CVE-2026-8526: Out of bounds write in WebRTC
  • CVE-2026-8527: Insufficient validation of untrusted input in Downloads
  • CVE-2026-8528: Insufficient validation of untrusted input in SiteIsolation
  • CVE-2026-8529: Heap buffer overflow in Codecs
  • CVE-2026-8530: Use after free in Network
  • CVE-2026-8531: Heap buffer overflow in WebML
  • CVE-2026-8532: Integer overflow in XML
  • CVE-2026-8533: Use after free in Accessibility
  • CVE-2026-8534: Integer overflow in GPU
  • CVE-2026-8535: Out of bounds read in Media
  • CVE-2026-8536: Insufficient validation of untrusted input in ReadingMode
  • CVE-2026-8537: Insufficient policy enforcement in ViewTransitions
  • CVE-2026-8538: Insufficient validation of untrusted input in GPU
  • CVE-2026-8539: Script injection in SanitizerAPI
  • CVE-2026-8540: Type Confusion in V8
  • CVE-2026-8541: Out of bounds read in UI
  • CVE-2026-8542: Use after free in Core
  • CVE-2026-8543: Out of bounds read in FileSystem
  • CVE-2026-8544: Use after free in Media
  • CVE-2026-8545: Object corruption in Compositing
  • CVE-2026-8546: Out of bounds read in GPU
  • CVE-2026-8547: Insufficient policy enforcement in Passwords
  • CVE-2026-8548: Out of bounds write in Media
  • CVE-2026-8549: Use after free in Media
  • CVE-2026-8550: Use after free in Google Lens
  • CVE-2026-8551: Use after free in Downloads
  • CVE-2026-8552: Heap buffer overflow in GPU
  • CVE-2026-8553: Use after free in GPU
  • CVE-2026-8554: Type Confusion in ANGLE
  • CVE-2026-8555: Use after free in GTK
  • CVE-2026-8556: Inappropriate implementation in ANGLE
  • CVE-2026-8557: Use after free in Accessibility
  • CVE-2026-8559: Integer overflow in Internationalization
  • CVE-2026-8560: Heap buffer overflow in SwiftShader
  • CVE-2026-8561: Incorrect security UI in Fullscreen
  • CVE-2026-8562: Side-channel information leakage in Navigation
  • CVE-2026-8563: Insufficient policy enforcement in IFrame Sandbox
  • CVE-2026-8564: Incorrect security UI in Downloads
  • CVE-2026-8565: Inappropriate implementation in Downloads
  • CVE-2026-8566: Insufficient policy enforcement in Payments
  • CVE-2026-8567: Integer overflow in ANGLE
  • CVE-2026-8568: Insufficient policy enforcement in AI
  • CVE-2026-8569: Out of bounds write in Codecs
  • CVE-2026-8570: Type Confusion in V8
  • CVE-2026-8571: Insufficient policy enforcement in GPU
  • CVE-2026-8572: Insufficient policy enforcement in Network
  • CVE-2026-8573: Integer overflow in Codecs
  • CVE-2026-8574: Use after free in Core
  • CVE-2026-8575: Use after free in UI
  • CVE-2026-8576: Inappropriate implementation in CORS
  • CVE-2026-8577: Integer overflow in Fonts
  • CVE-2026-8578: Out of bounds read in GPU
  • CVE-2026-8579: Insufficient validation of untrusted input in Skia
  • CVE-2026-8580: Use after free in Mojo
  • CVE-2026-8581: Use after free in GPU
  • CVE-2026-8582: Object lifecycle issue in Dawn
  • CVE-2026-8583: Insufficient policy enforcement in WebXR
  • CVE-2026-8584: Inappropriate implementation in Views
  • CVE-2026-8585: Inappropriate implementation in Media
  • CVE-2026-8586: Inappropriate implementation in Chromoting
  • CVE-2026-8587: Use after free in Extensions

chromium-148.0.7778.178-1.fc42

Fedora Security Advisories
1 day 4 hours ago
FEDORA-2026-e4f5923bae Packages in this update:
  • chromium-148.0.7778.178-1.fc42
Update description:

Update to 148.0.7778.178

  • CVE-2026-9111: Use after free in WebRTC
  • CVE-2026-9110: Inappropriate implementation in UI
  • CVE-2026-9112: Use after free in GPU
  • CVE-2026-9113: Out of bounds read in GPU
  • CVE-2026-9114: Use after free in QUIC
  • CVE-2026-9115: Insufficient policy enforcement in Service Worker
  • CVE-2026-9116: Insufficient policy enforcement in ServiceWorker
  • CVE-2026-9117: Type Confusion in GFX
  • CVE-2026-9118: Use after free in XR
  • CVE-2026-9119: Heap buffer overflow in WebRTC
  • CVE-2026-9120: Use after free in WebRTC
  • CVE-2026-9126: Use after free in DOM
  • CVE-2026-9121: Out of bounds read in GPU
  • CVE-2026-9122: Out of bounds read in GPU
  • CVE-2026-9123: Heap buffer overflow in Chromecast
  • CVE-2026-9124: Insufficient validation of untrusted input in Input

Update to 148.0.7778.167

  • CVE-2026-8509: Heap buffer overflow in WebML
  • CVE-2026-8510: Integer overflow in Skia
  • CVE-2026-8511: Use after free in UI
  • CVE-2026-8512: Use after free in FileSystem
  • CVE-2026-8513: Use after free in Input
  • CVE-2026-8514: Use after free in Aura
  • CVE-2026-8515: Use after free in HID
  • CVE-2026-8516: Insufficient validation of untrusted input in DataTransfer
  • CVE-2026-8517: Object lifecycle issue in WebShare
  • CVE-2026-8518: Use after free in Blink
  • CVE-2026-8519: Integer overflow in ANGLE
  • CVE-2026-8520: Race in Payments
  • CVE-2026-8521: Use after free in Tab Groups
  • CVE-2026-8522: Use after free in Downloads
  • CVE-2026-8523: Use after free in Mojo
  • CVE-2026-8558: Out of bounds write in Fonts
  • CVE-2026-8524: Out of bounds write in WebAudio
  • CVE-2026-8525: Heap buffer overflow in ANGLE
  • CVE-2026-8526: Out of bounds write in WebRTC
  • CVE-2026-8527: Insufficient validation of untrusted input in Downloads
  • CVE-2026-8528: Insufficient validation of untrusted input in SiteIsolation
  • CVE-2026-8529: Heap buffer overflow in Codecs
  • CVE-2026-8530: Use after free in Network
  • CVE-2026-8531: Heap buffer overflow in WebML
  • CVE-2026-8532: Integer overflow in XML
  • CVE-2026-8533: Use after free in Accessibility
  • CVE-2026-8534: Integer overflow in GPU
  • CVE-2026-8535: Out of bounds read in Media
  • CVE-2026-8536: Insufficient validation of untrusted input in ReadingMode
  • CVE-2026-8537: Insufficient policy enforcement in ViewTransitions
  • CVE-2026-8538: Insufficient validation of untrusted input in GPU
  • CVE-2026-8539: Script injection in SanitizerAPI
  • CVE-2026-8540: Type Confusion in V8
  • CVE-2026-8541: Out of bounds read in UI
  • CVE-2026-8542: Use after free in Core
  • CVE-2026-8543: Out of bounds read in FileSystem
  • CVE-2026-8544: Use after free in Media
  • CVE-2026-8545: Object corruption in Compositing
  • CVE-2026-8546: Out of bounds read in GPU
  • CVE-2026-8547: Insufficient policy enforcement in Passwords
  • CVE-2026-8548: Out of bounds write in Media
  • CVE-2026-8549: Use after free in Media
  • CVE-2026-8550: Use after free in Google Lens
  • CVE-2026-8551: Use after free in Downloads
  • CVE-2026-8552: Heap buffer overflow in GPU
  • CVE-2026-8553: Use after free in GPU
  • CVE-2026-8554: Type Confusion in ANGLE
  • CVE-2026-8555: Use after free in GTK
  • CVE-2026-8556: Inappropriate implementation in ANGLE
  • CVE-2026-8557: Use after free in Accessibility
  • CVE-2026-8559: Integer overflow in Internationalization
  • CVE-2026-8560: Heap buffer overflow in SwiftShader
  • CVE-2026-8561: Incorrect security UI in Fullscreen
  • CVE-2026-8562: Side-channel information leakage in Navigation
  • CVE-2026-8563: Insufficient policy enforcement in IFrame Sandbox
  • CVE-2026-8564: Incorrect security UI in Downloads
  • CVE-2026-8565: Inappropriate implementation in Downloads
  • CVE-2026-8566: Insufficient policy enforcement in Payments
  • CVE-2026-8567: Integer overflow in ANGLE
  • CVE-2026-8568: Insufficient policy enforcement in AI
  • CVE-2026-8569: Out of bounds write in Codecs
  • CVE-2026-8570: Type Confusion in V8
  • CVE-2026-8571: Insufficient policy enforcement in GPU
  • CVE-2026-8572: Insufficient policy enforcement in Network
  • CVE-2026-8573: Integer overflow in Codecs
  • CVE-2026-8574: Use after free in Core
  • CVE-2026-8575: Use after free in UI
  • CVE-2026-8576: Inappropriate implementation in CORS
  • CVE-2026-8577: Integer overflow in Fonts
  • CVE-2026-8578: Out of bounds read in GPU
  • CVE-2026-8579: Insufficient validation of untrusted input in Skia
  • CVE-2026-8580: Use after free in Mojo
  • CVE-2026-8581: Use after free in GPU
  • CVE-2026-8582: Object lifecycle issue in Dawn
  • CVE-2026-8583: Insufficient policy enforcement in WebXR
  • CVE-2026-8584: Inappropriate implementation in Views
  • CVE-2026-8585: Inappropriate implementation in Media
  • CVE-2026-8586: Inappropriate implementation in Chromoting
  • CVE-2026-8587: Use after free in Extensions

chromium-148.0.7778.178-1.el9

Fedora Security Advisories
1 day 4 hours ago
FEDORA-EPEL-2026-d1c74ffb1b Packages in this update:
  • chromium-148.0.7778.178-1.el9
Update description:

Update to 148.0.7778.178

  • CVE-2026-9111: Use after free in WebRTC
  • CVE-2026-9110: Inappropriate implementation in UI
  • CVE-2026-9112: Use after free in GPU
  • CVE-2026-9113: Out of bounds read in GPU
  • CVE-2026-9114: Use after free in QUIC
  • CVE-2026-9115: Insufficient policy enforcement in Service Worker
  • CVE-2026-9116: Insufficient policy enforcement in ServiceWorker
  • CVE-2026-9117: Type Confusion in GFX
  • CVE-2026-9118: Use after free in XR
  • CVE-2026-9119: Heap buffer overflow in WebRTC
  • CVE-2026-9120: Use after free in WebRTC
  • CVE-2026-9126: Use after free in DOM
  • CVE-2026-9121: Out of bounds read in GPU
  • CVE-2026-9122: Out of bounds read in GPU
  • CVE-2026-9123: Heap buffer overflow in Chromecast
  • CVE-2026-9124: Insufficient validation of untrusted input in Input

chromium-148.0.7778.178-1.el10_2

Fedora Security Advisories
1 day 4 hours ago
FEDORA-EPEL-2026-9a7f44de0a Packages in this update:
  • chromium-148.0.7778.178-1.el10_2
Update description:

Update to 148.0.7778.178

  • CVE-2026-9111: Use after free in WebRTC
  • CVE-2026-9110: Inappropriate implementation in UI
  • CVE-2026-9112: Use after free in GPU
  • CVE-2026-9113: Out of bounds read in GPU
  • CVE-2026-9114: Use after free in QUIC
  • CVE-2026-9115: Insufficient policy enforcement in Service Worker
  • CVE-2026-9116: Insufficient policy enforcement in ServiceWorker
  • CVE-2026-9117: Type Confusion in GFX
  • CVE-2026-9118: Use after free in XR
  • CVE-2026-9119: Heap buffer overflow in WebRTC
  • CVE-2026-9120: Use after free in WebRTC
  • CVE-2026-9126: Use after free in DOM
  • CVE-2026-9121: Out of bounds read in GPU
  • CVE-2026-9122: Out of bounds read in GPU
  • CVE-2026-9123: Heap buffer overflow in Chromecast
  • CVE-2026-9124: Insufficient validation of untrusted input in Input

chromium-148.0.7778.178-1.fc44

Fedora Security Advisories
1 day 4 hours ago
FEDORA-2026-c758d44a9a Packages in this update:
  • chromium-148.0.7778.178-1.fc44
Update description:

Update to 148.0.7778.178

  • CVE-2026-9111: Use after free in WebRTC
  • CVE-2026-9110: Inappropriate implementation in UI
  • CVE-2026-9112: Use after free in GPU
  • CVE-2026-9113: Out of bounds read in GPU
  • CVE-2026-9114: Use after free in QUIC
  • CVE-2026-9115: Insufficient policy enforcement in Service Worker
  • CVE-2026-9116: Insufficient policy enforcement in ServiceWorker
  • CVE-2026-9117: Type Confusion in GFX
  • CVE-2026-9118: Use after free in XR
  • CVE-2026-9119: Heap buffer overflow in WebRTC
  • CVE-2026-9120: Use after free in WebRTC
  • CVE-2026-9126: Use after free in DOM
  • CVE-2026-9121: Out of bounds read in GPU
  • CVE-2026-9122: Out of bounds read in GPU
  • CVE-2026-9123: Heap buffer overflow in Chromecast
  • CVE-2026-9124: Insufficient validation of untrusted input in Input
Checked
22 minutes 47 seconds ago
URL
https://bodhi.fedoraproject.org/rss/updates/?type=security