Fedora Security Advisories

FEDORA-2026-94d266def6 Packages in this update:

• cef-143.0.13^chromium143.0.7499.192-1.fc44

Update description:

Automatic update for cef-143.0.13^chromium143.0.7499.192-1.fc44.

Changelog * Fri Jan 9 2026 Than Ngo <than@redhat.com> - 143.0.13^chromium143.0.7499.192-1 - Update to 143.0.7499.192 [rhbz#2427842] - * High CVE-2026-0628: Insufficient policy enforcement in WebView tag - Fix rhbz#2425338, Enable control flow integrity support for x86_64/aarch64 - Enable build for epel10.1

FEDORA-EPEL-2026-50fab59f98 Packages in this update:

• helm3-3.19.3-1.el10_2
• helm-4.0.4-1.el10_2

Update description:

Update helm to version 4 and introduce helm3 as compat package.

FEDORA-EPEL-2026-4e0cd92103 Packages in this update:

• helm3-3.19.3-1.el10_1
• helm-4.0.4-1.el10_1

Update description:

Update helm to version 4 and introduce helm3 as compat package.

FEDORA-EPEL-2026-8461f97b9d Packages in this update:

• helm3-3.19.3-1.el9
• helm-4.0.4-1.el9

Update description:

Update to helm to version 4 and introduce helm3 as a compat package.

FEDORA-2026-5551bc920f Packages in this update:

• chromium-143.0.7499.192-1.fc44

Update description:

Automatic update for chromium-143.0.7499.192-1.fc44.

Changelog * Wed Jan 7 2026 Than Ngo <than@redhat.com> - 143.0.7499.192-1 - Update tp 143.0.7499.192 * High CVE-2026-0628: Insufficient policy enforcement in WebView tag - Fix rhbz#2425338, Enable control flow integrity support for x86_64/aarch64 - Enable build for epel10.1

FEDORA-2026-a4a01fb680 Packages in this update:

• forgejo-13.0.4-1.fc43

Update description:

This is an upstream bug and security fix release. Please view the upstream release notes for more details.

FEDORA-2026-9d457091e8 Packages in this update:

• openssh-9.9p1-12.fc42

Update description:

Added fixes for CVE-2025-61985 and CVE-2025-61984

FEDORA-EPEL-2026-2f73131e02 Packages in this update:

• chromium-143.0.7499.192-1.el10_1

Update description:

Update to 143.0.7499.192

* High CVE-2026-0628: Insufficient policy enforcement in WebView tag * Enable control flow integrity support for x86_64/aarch64 * Enable build for epel10.1

FEDORA-2026-540f5a89d1 Packages in this update:

• chromium-143.0.7499.192-1.fc42

Update description:

Update to 143.0.7499.192

* High CVE-2026-0628: Insufficient policy enforcement in WebView tag * Enable control flow integrity support for x86_64/aarch64 * Enable build for epel10.1

FEDORA-EPEL-2026-7101d35773 Packages in this update:

• chromium-143.0.7499.192-1.el10_2

Update description:

Update to 143.0.7499.192

* High CVE-2026-0628: Insufficient policy enforcement in WebView tag * Enable control flow integrity support for x86_64/aarch64 * Enable build for epel10.1

FEDORA-EPEL-2026-1e6d3d4287 Packages in this update:

• chromium-143.0.7499.192-1.el9

Update description:

Update to 143.0.7499.192

* High CVE-2026-0628: Insufficient policy enforcement in WebView tag * Enable control flow integrity support for x86_64/aarch64 * Enable build for epel10.1

FEDORA-2026-66162d01ae Packages in this update:

• chromium-143.0.7499.192-1.fc43

Update description:

Update to 143.0.7499.192

* High CVE-2026-0628: Insufficient policy enforcement in WebView tag * Enable control flow integrity support for x86_64/aarch64 * Enable build for epel10.1

FEDORA-2026-724d1b1044 Packages in this update:

• python-urllib3-2.6.3-1.fc43

Update description: 2.6.3 (2026-01-07)

• Fixed a high-severity security issue where decompression-bomb safeguards of the streaming API were bypassed when HTTP redirects were followed. GHSA-38jv-5279-wg99, CVE-2026-21441
• Started treating Retry-After times greater than 6 hours as 6 hours by default.

FEDORA-2026-2c35952b90 Packages in this update:

• python3.12-3.12.12-2.fc43

Update description:

• Security fix for CVE-2025-12084
• Require at least the same expat version as used during the build time

FEDORA-2026-8e0e785a72 Packages in this update:

• python3.12-3.12.12-2.fc42

Update description:

• Security fix for CVE-2025-12084
• Require at least the same expat version as used during the build time

FEDORA-EPEL-2026-aff50f711b Packages in this update:

• foomuuri-0.31-1.el10_1

Update description:

Upstream update to v0.31 with fixes to CVE-2025-67603 and CVE-2025-67858.

• CVE-2025-67603: Add PolicyKit authorization to D-Bus methods.
• CVE-2025-67858: Verify interface input parameter on D-Bus methods.
• Security hardening:
• Add ProtectSystem=full to all systemd service files. This changes /etc to read-only for all Foomuuri processes. Make sure you don't write any state files there in your startup hook or Foomuuri Monitor event hook.
• Change umask to 022 when using --fork to fork as a background daemon process.
• More strict IP address verify for iplist entries.

FEDORA-EPEL-2026-b90feb26b8 Packages in this update:

• foomuuri-0.31-1.el10_2

Update description:

Upstream update to v0.31 with fixes to CVE-2025-67603 and CVE-2025-67858.

• CVE-2025-67603: Add PolicyKit authorization to D-Bus methods.
• CVE-2025-67858: Verify interface input parameter on D-Bus methods.
• Security hardening:
• Add ProtectSystem=full to all systemd service files. This changes /etc to read-only for all Foomuuri processes. Make sure you don't write any state files there in your startup hook or Foomuuri Monitor event hook.
• Change umask to 022 when using --fork to fork as a background daemon process.
• More strict IP address verify for iplist entries.

FEDORA-2026-429edf2dcf Packages in this update:

• foomuuri-0.31-1.fc43

Update description:

Upstream update to v0.31 with fixes to CVE-2025-67603 and CVE-2025-67858.

• CVE-2025-67603: Add PolicyKit authorization to D-Bus methods.
• CVE-2025-67858: Verify interface input parameter on D-Bus methods.
• Security hardening:
• Add ProtectSystem=full to all systemd service files. This changes /etc to read-only for all Foomuuri processes. Make sure you don't write any state files there in your startup hook or Foomuuri Monitor event hook.
• Change umask to 022 when using --fork to fork as a background daemon process.
• More strict IP address verify for iplist entries.

FEDORA-EPEL-2026-8919df6bce Packages in this update:

• foomuuri-0.31-1.el9

Update description:

Upstream update to v0.31 with fixes to CVE-2025-67603 and CVE-2025-67858.

• CVE-2025-67603: Add PolicyKit authorization to D-Bus methods.
• CVE-2025-67858: Verify interface input parameter on D-Bus methods.
• Security hardening:
• Add ProtectSystem=full to all systemd service files. This changes /etc to read-only for all Foomuuri processes. Make sure you don't write any state files there in your startup hook or Foomuuri Monitor event hook.
• Change umask to 022 when using --fork to fork as a background daemon process.
• More strict IP address verify for iplist entries.

FEDORA-2026-63f333201f Packages in this update:

• foomuuri-0.31-1.fc42

Update description:

Upstream update to v0.31 with fixes to CVE-2025-67603 and CVE-2025-67858.

• CVE-2025-67603: Add PolicyKit authorization to D-Bus methods.
• CVE-2025-67858: Verify interface input parameter on D-Bus methods.
• Security hardening:
• Add ProtectSystem=full to all systemd service files. This changes /etc to read-only for all Foomuuri processes. Make sure you don't write any state files there in your startup hook or Foomuuri Monitor event hook.
• Change umask to 022 when using --fork to fork as a background daemon process.
• More strict IP address verify for iplist entries.