Chromium, BIND, Django, DNSdist, and GitHub CLI updates for Fedora

Fedora Linux 9385 Published by

Fedora administrators should immediately apply a series of critical security patches released for both Fedora 43 and Fedora 44 systems. These updates address dozens of serious vulnerabilities across essential software including Chromium, BIND DNS server, Django web framework, and the dnsdist load balancer. Many of the fixes target dangerous memory corruption flaws and input validation weaknesses that could allow remote attackers to execute arbitrary code or cause system crashes. You can install all available security improvements quickly by running the standard dnf upgrade command on your affected machines.

Fedora 43 Update: chromium-149.0.7827.102-1.fc43
Fedora 43 Update: apptainer-1.5.1-1.fc43
Fedora 43 Update: python-django5-5.2.15-1.fc43
Fedora 43 Update: bind9-next-9.21.22-2.fc43
Fedora 43 Update: python-python-multipart-0.0.32-1.fc43
Fedora 44 Update: gh-2.94.0-1.fc44
Fedora 44 Update: dnsdist-2.0.6-1.fc44
Fedora 44 Update: python-django5-5.2.15-1.fc44
Fedora 44 Update: bind9-next-9.21.22-2.fc44
Fedora 44 Update: python-python-multipart-0.0.32-1.fc44




[SECURITY] Fedora 43 Update: chromium-149.0.7827.102-1.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-c5c0986fb6
2026-06-14 05:02:05.956693+00:00
--------------------------------------------------------------------------------

Name : chromium
Product : Fedora 43
Version : 149.0.7827.102
Release : 1.fc43
URL : http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).

--------------------------------------------------------------------------------
Update Information:

Update to 149.0.7827.102
CVE-2026-11628: Use after free in Ozone
CVE-2026-11629: Use after free in Ozone
CVE-2026-11630: Use after free in File Input
CVE-2026-11631: Use after free in Aura
CVE-2026-11632: Use after free in TabStrip
CVE-2026-11633: Use after free in Bluetooth
CVE-2026-11634: Use after free in Gamepad
CVE-2026-11635: Use after free in Bluetooth
CVE-2026-11636: Use after free in Autofill
CVE-2026-11637: Use after free in Views
CVE-2026-11638: Use after free in Printing
CVE-2026-11639: Use after free in Compositing
CVE-2026-11640: Integer overflow in libyuv
CVE-2026-11641: Use after free in Bluetooth
CVE-2026-11642: Use after free in Web Apps
CVE-2026-11643: Use after free in Proxy
CVE-2026-11644: Use after free in Views
CVE-2026-11645: Out of bounds memory access in V8
CVE-2026-11646: Use after free in ViewTransitions
CVE-2026-11647: Use after free in Printing
CVE-2026-11648: Use after free in FullScreen
CVE-2026-11649: Use after free in V8
CVE-2026-11650: Use after free in V8
CVE-2026-11651: Use after free in Network
CVE-2026-11652: Use after free in Extensions
CVE-2026-11653: Insufficient validation of untrusted input in Extensions
CVE-2026-11654: Use after free in CameraCapture
CVE-2026-11655: Integer overflow in Media
CVE-2026-11656: Use after free in ServiceWorker
CVE-2026-11657: Use after free in Payments
CVE-2026-11658: Insufficient validation of untrusted input in Extensions
CVE-2026-11659: Insufficient validation of untrusted input in UI
CVE-2026-11660: Insufficient validation of untrusted input in New Tab Page
CVE-2026-11661: Use after free in Views
CVE-2026-11662: Type Confusion in Bindings
CVE-2026-11663: Use after free in Skia
CVE-2026-11664: Use after free in Payments
CVE-2026-11665: Out of bounds read in Dawn
CVE-2026-11666: Insufficient validation of untrusted input in Input
CVE-2026-11667: Out of bounds read in WebRTC
CVE-2026-11668: Uninitialized Use in Codecs
CVE-2026-11669: Integer overflow in Media
CVE-2026-11670: Use after free in PDF
CVE-2026-11671: Use after free in Navigation
CVE-2026-11672: Out of bounds write in GPU
CVE-2026-11673: Use after free in InterestGroups
CVE-2026-11674: Use after free in Guest View
CVE-2026-11675: Insufficient validation of untrusted input in Skia
CVE-2026-11676: Insufficient validation of untrusted input in Dawn
CVE-2026-11677: Race in Network
CVE-2026-11678: Integer overflow in libyuv
CVE-2026-11679: Use after free in Codecs
CVE-2026-11680: Use after free in Media
CVE-2026-11681: Use after free in Ozone
CVE-2026-11682: Insufficient validation of untrusted input in Views
CVE-2026-11683: Use after free in WebCodecs
CVE-2026-11684: Insufficient policy enforcement in Network
CVE-2026-11685: Insufficient data validation in MediaCapture
CVE-2026-11686: Insufficient validation of untrusted input in Dawn
CVE-2026-11687: Use after free in Dawn
CVE-2026-11688: Object lifecycle issue in SVG
CVE-2026-11689: Insufficient validation of untrusted input in Passwords
CVE-2026-11690: Out of bounds read and write in Media
CVE-2026-11691: Insufficient validation of untrusted input in New Tab Page
CVE-2026-11692: Use after free in Read Anything
CVE-2026-11693: Inappropriate implementation in Plugins
CVE-2026-11694: Use after free in ServiceWorker
CVE-2026-11695: Inappropriate implementation in Passwords
CVE-2026-11696: Uninitialized Use in Video
CVE-2026-11697: Insufficient validation of untrusted input in UI
CVE-2026-11698: Use after free in Bluetooth
CVE-2026-11699: Use after free in Bluetooth
CVE-2026-11700: Use after free in Tracing
CVE-2026-11701: Insufficient validation of untrusted input in Guest View
Update to 149.0.7827.53
fix 429 CVEs ( CVE-2026-10881 through CVE-2026-11309)
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jun 9 2026 Than Ngo [than@redhat.com] - 149.0.7827.102-1
- Update to 149.0.7827.102
* CVE-2026-11628: Use after free in Ozone
* CVE-2026-11629: Use after free in Ozone
* CVE-2026-11630: Use after free in File Input
* CVE-2026-11631: Use after free in Aura
* CVE-2026-11632: Use after free in TabStrip
* CVE-2026-11633: Use after free in Bluetooth
* CVE-2026-11634: Use after free in Gamepad
* CVE-2026-11635: Use after free in Bluetooth
* CVE-2026-11636: Use after free in Autofill
* CVE-2026-11637: Use after free in Views
* CVE-2026-11638: Use after free in Printing
* CVE-2026-11639: Use after free in Compositing
* CVE-2026-11640: Integer overflow in libyuv
* CVE-2026-11641: Use after free in Bluetooth
* CVE-2026-11642: Use after free in Web Apps
* CVE-2026-11643: Use after free in Proxy
* CVE-2026-11644: Use after free in Views
* CVE-2026-11645: Out of bounds memory access in V8
* CVE-2026-11646: Use after free in ViewTransitions
* CVE-2026-11647: Use after free in Printing
* CVE-2026-11648: Use after free in FullScreen
* CVE-2026-11649: Use after free in V8
* CVE-2026-11650: Use after free in V8
* CVE-2026-11651: Use after free in Network
* CVE-2026-11652: Use after free in Extensions
* CVE-2026-11653: Insufficient validation of untrusted input in Extensions
* CVE-2026-11654: Use after free in CameraCapture
* CVE-2026-11655: Integer overflow in Media
* CVE-2026-11656: Use after free in ServiceWorker
* CVE-2026-11657: Use after free in Payments
* CVE-2026-11658: Insufficient validation of untrusted input in Extensions
* CVE-2026-11659: Insufficient validation of untrusted input in UI
* CVE-2026-11660: Insufficient validation of untrusted input in New Tab Page
* CVE-2026-11661: Use after free in Views
* CVE-2026-11662: Type Confusion in Bindings
* CVE-2026-11663: Use after free in Skia
* CVE-2026-11664: Use after free in Payments
* CVE-2026-11665: Out of bounds read in Dawn
* CVE-2026-11666: Insufficient validation of untrusted input in Input
* CVE-2026-11667: Out of bounds read in WebRTC
* CVE-2026-11668: Uninitialized Use in Codecs
* CVE-2026-11669: Integer overflow in Media
* CVE-2026-11670: Use after free in PDF
* CVE-2026-11671: Use after free in Navigation
* CVE-2026-11672: Out of bounds write in GPU
* CVE-2026-11673: Use after free in InterestGroups
* CVE-2026-11674: Use after free in Guest View
* CVE-2026-11675: Insufficient validation of untrusted input in Skia
* CVE-2026-11676: Insufficient validation of untrusted input in Dawn
* CVE-2026-11677: Race in Network
* CVE-2026-11678: Integer overflow in libyuv
* CVE-2026-11679: Use after free in Codecs
* CVE-2026-11680: Use after free in Media
* CVE-2026-11681: Use after free in Ozone
* CVE-2026-11682: Insufficient validation of untrusted input in Views
* CVE-2026-11683: Use after free in WebCodecs
* CVE-2026-11684: Insufficient policy enforcement in Network
* CVE-2026-11685: Insufficient data validation in MediaCapture
* CVE-2026-11686: Insufficient validation of untrusted input in Dawn
* CVE-2026-11687: Use after free in Dawn
* CVE-2026-11688: Object lifecycle issue in SVG
* CVE-2026-11689: Insufficient validation of untrusted input in Passwords
* CVE-2026-11690: Out of bounds read and write in Media
* CVE-2026-11691: Insufficient validation of untrusted input in New Tab Page
* CVE-2026-11692: Use after free in Read Anything
* CVE-2026-11693: Inappropriate implementation in Plugins
* CVE-2026-11694: Use after free in ServiceWorker
* CVE-2026-11695: Inappropriate implementation in Passwords
* CVE-2026-11696: Uninitialized Use in Video
* CVE-2026-11697: Insufficient validation of untrusted input in UI
* CVE-2026-11698: Use after free in Bluetooth
* CVE-2026-11699: Use after free in Bluetooth
* CVE-2026-11700: Use after free in Tracing
* CVE-2026-11701: Insufficient validation of untrusted input in Guest View
- Refresh ppc64le patches
* Fri Jun 5 2026 Than Ngo [than@redhat.com] - 149.0.7827.53-1
- Update to 149.0.7827.53
* CVE-2026-10881: Out of bounds read and write in ANGLE
* CVE-2026-10882: Use after free in Network
* CVE-2026-10883: Out of bounds write in ANGLE
* CVE-2026-10884: Use after free in Chromecast
* CVE-2026-10885: Use after free in Chrome for iOS
* CVE-2026-10886: Use after free in FileSystem
* CVE-2026-10887: Use after free in Chromoting
* CVE-2026-10888: Use after free in Cast Streaming
* CVE-2026-10889: Out of bounds read in ANGLE
* CVE-2026-10890: Use after free in Cast
* CVE-2026-10891: Use after free in GFX
* CVE-2026-10892: Out of bounds write in GPU
* CVE-2026-10893: Use after free in Chromoting
* CVE-2026-10894: Use after free in Printing
* CVE-2026-10895: Use after free in Ozone
* CVE-2026-10896: Use after free in Chrome for iOS
* CVE-2026-10897: Out of bounds write in GPU
* CVE-2026-10898: Stack buffer overflow in GPU
* CVE-2026-10899: Use after free in Ozone
* CVE-2026-10900: Use after free in Passwords
* CVE-2026-10901: Use after free in Passwords
* CVE-2026-10902: Use after free in Ozone
* CVE-2026-10903: Use after free in WebRTC
* CVE-2026-10904: Inappropriate implementation in V8
* CVE-2026-10905: Use after free in Network
* CVE-2026-10906: Use after free in WebAuthentication
* CVE-2026-10907: Out of bounds write in ANGLE
* CVE-2026-10908: Use after free in FullScreen
* CVE-2026-10909: Use after free in Dawn
* CVE-2026-10910: Type Confusion in V8
* CVE-2026-10911: Insufficient validation of untrusted input in Media
* CVE-2026-10912: Insufficient validation of untrusted input in Extensions
* CVE-2026-10913: Use after free in ANGLE
* CVE-2026-10914: Use after free in ANGLE
* CVE-2026-10915: Use after free in Core
* CVE-2026-10916: Insufficient validation of untrusted input in DevTools
* CVE-2026-10917: Insufficient validation of untrusted input in Media
* CVE-2026-10918: Use after free in Viz
* CVE-2026-10919: Use after free in ANGLE
* CVE-2026-10920: Insufficient validation of untrusted input in WebShare
* CVE-2026-10921: Integer overflow in Dawn
* CVE-2026-10922: Insufficient validation of untrusted input in DevTools
* CVE-2026-10923: Use after free in WebAppInstalls
* CVE-2026-10924: Integer overflow in Chromecast
* CVE-2026-10925: Out of bounds write in Skia
* CVE-2026-10926: Use after free in Cast
* CVE-2026-10927: Out of bounds read in Dawn
* CVE-2026-10928: Script injection in Headless
* CVE-2026-10929: Heap buffer overflow in ANGLE
* CVE-2026-10930: Out of bounds read in ANGLE
* CVE-2026-10931: Use after free in FileSystem
* CVE-2026-10932: Use after free in UI
* CVE-2026-10933: Use after free in Audio
* CVE-2026-10934: Use after free in Autofill
* CVE-2026-10935: Inappropriate implementation in V8
* CVE-2026-10936: Type Confusion in V8
* CVE-2026-10937: Inappropriate implementation in Passwords
* CVE-2026-10938: Insufficient validation of untrusted input in Input
* CVE-2026-10939: Use after free in WebRTC
* CVE-2026-10940: Race in Codecs
* CVE-2026-10941: Out of bounds memory access in Skia
* CVE-2026-10942: Insufficient validation of untrusted input in UI
* CVE-2026-10943: Use after free in WebRTC
* CVE-2026-10944: Insufficient policy enforcement in Autofill
* CVE-2026-10945: Use after free in PDF
* CVE-2026-10946: Heap buffer overflow in Media
* CVE-2026-10947: Use after free in WebRTC
* CVE-2026-10948: Use after free in WebRTC
* CVE-2026-10949: Heap buffer overflow in Video
* CVE-2026-10950: Insufficient policy enforcement in Autofill
* CVE-2026-10951: Use after free in Autofill
* CVE-2026-10952: Use after free in Chrome for iOS
* CVE-2026-10953: Use after free in Core
* CVE-2026-10954: Use after free in Actor
* CVE-2026-10955: Type Confusion in ANGLE
* CVE-2026-10956: Use after free in MimeHandlerView
* CVE-2026-10957: Use after free in Glic
* CVE-2026-10958: Use after free in Chrome for iOS
* CVE-2026-10959: Use after free in Input
* CVE-2026-10960: Uninitialized Use in Codecs
* CVE-2026-10961: Use after free in Chrome for iOS
* CVE-2026-10962: Type Confusion in Media
* CVE-2026-10963: Integer overflow in V8
* CVE-2026-10964: Integer overflow in V8
* CVE-2026-10965: Integer overflow in DevTools
* CVE-2026-10966: Insufficient validation of untrusted input in Codecs
* CVE-2026-10967: Use after free in SurfaceCapture
* CVE-2026-10968: Insufficient validation of untrusted input in Dawn
* CVE-2026-10969: Insufficient validation of untrusted input in Extensions
* CVE-2026-10970: Insufficient validation of untrusted input in InterestGroups
* CVE-2026-10971: Insufficient validation of untrusted input in Printing
* CVE-2026-10972: Use after free in Ozone
* CVE-2026-10973: Uninitialized Use in Dawn
* CVE-2026-10974: Insufficient validation of untrusted input in ANGLE
* CVE-2026-10975: Use after free in WebRTC
* CVE-2026-10976: Uninitialized Use in Dawn
* CVE-2026-10977: Uninitialized Use in Skia
* CVE-2026-10978: Use after free in Chromoting
* CVE-2026-10979: Out of bounds read in ANGLE
* CVE-2026-10980: Insufficient validation of untrusted input in DevTools
* CVE-2026-10981: Insufficient validation of untrusted input in Codecs
* CVE-2026-10982: Use after free in WebXR
* CVE-2026-10983: Insufficient validation of untrusted input in Dawn
* CVE-2026-10984: Inappropriate implementation in Accessibility
* CVE-2026-10985: Out of bounds read in Skia
* CVE-2026-10986: Integer overflow in Media
* CVE-2026-10987: Integer overflow in V8
* CVE-2026-10988: Use after free in Views
* CVE-2026-10989: Inappropriate implementation in V8
* CVE-2026-10990: Use after free in Glic
* CVE-2026-10991: Use after free in V8
* CVE-2026-10992: Insufficient data validation in Animation
* CVE-2026-10993: Heap buffer overflow in Skia
* CVE-2026-10994: Uninitialized Use in ANGLE
* CVE-2026-10995: Heap buffer overflow in TabStrip
* CVE-2026-10996: Inappropriate implementation in Workers
* CVE-2026-10997: Insufficient policy enforcement in Extensions
* CVE-2026-10998: Out of bounds read in Media
* CVE-2026-10999: Out of bounds memory access in ANGLE
* CVE-2026-11000: Use after free in Fonts
* CVE-2026-11001: Incorrect security UI in Payments
* CVE-2026-11002: Use after free in Autofill
* CVE-2026-11003: Use after free in WebRTC
* CVE-2026-11004: Out of bounds read in ANGLE
* CVE-2026-11005: Out of bounds read in ANGLE
* CVE-2026-11006: Out of bounds read in Dawn
* CVE-2026-11007: Insufficient validation of untrusted input in WebView
* CVE-2026-11008: Insufficient validation of untrusted input in WebAppInstalls
* CVE-2026-11009: Use after free in USB
* CVE-2026-11010: Use after free in WebShare
* CVE-2026-11011: Insufficient policy enforcement in Password Manager
* CVE-2026-11012: Use after free in Serial
* CVE-2026-11013: Insufficient validation of untrusted input in Network
* CVE-2026-11014: Insufficient policy enforcement in Extensions
* CVE-2026-11015: Out of bounds read in WebGPU
* CVE-2026-11016: Insufficient validation of untrusted input in Network
* CVE-2026-11017: Inappropriate implementation in Link Preview
* CVE-2026-11018: Insufficient policy enforcement in Actor
* CVE-2026-11019: Inappropriate implementation in Payments
* CVE-2026-11020: Inappropriate implementation in Extensions
* CVE-2026-11021: Insufficient validation of untrusted input in GPU
* CVE-2026-11022: Insufficient validation of untrusted input in DevTools
* CVE-2026-11023: Insufficient validation of untrusted input in WebAppInstalls
* CVE-2026-11024: Stack buffer overflow in Skia
* CVE-2026-11025: Insufficient policy enforcement in Navigation
* CVE-2026-11026: Insufficient policy enforcement in Extensions
* CVE-2026-11027: Insufficient validation of untrusted input in Glic
* CVE-2026-11028: Use after free in Media
* CVE-2026-11029: Insufficient validation of untrusted input in Drag and Drop
* CVE-2026-11030: Use after free in Network
* CVE-2026-11031: Insufficient validation of untrusted input in Password Manager
* CVE-2026-11032: Insufficient data validation in Password Manager
* CVE-2026-11033: Uninitialized Use in WebML
* CVE-2026-11034: Insufficient validation of untrusted input in Tab Group Sync
* CVE-2026-11035: Insufficient validation of untrusted input in Custom Tabs
* CVE-2026-11036: Inappropriate implementation in DOM
* CVE-2026-11037: Out of bounds write in Codecs
* CVE-2026-11038: Insufficient validation of untrusted input in Subresource Integrity
* CVE-2026-11039: Uninitialized Use in Skia
* CVE-2026-11040: Use after free in ANGLE
* CVE-2026-11041: Insufficient validation of untrusted input in Media
* CVE-2026-11042: Use after free in Views
* CVE-2026-11043: Out of bounds write in ANGLE
* CVE-2026-11044: Integer overflow in ANGLE
* CVE-2026-11045: Insufficient validation of untrusted input in GPU
* CVE-2026-11046: Insufficient validation of untrusted input in Media
* CVE-2026-11047: Insufficient validation of untrusted input in Base
* CVE-2026-11048: Inappropriate implementation in Extensions
* CVE-2026-11049: Use after free in Password Manager
* CVE-2026-11050: Use after free in V8
* CVE-2026-11051: Out of bounds read in ANGLE
* CVE-2026-11052: Type Confusion in GPU
* CVE-2026-11053: VULNERABILITY in WebRTC
* CVE-2026-11054: Use after free in WebRTC
* CVE-2026-11055: Use after free in ANGLE
* CVE-2026-11056: Insufficient validation of untrusted input in SiteIsolation
* CVE-2026-11057: Uninitialized Use in Skia
* CVE-2026-11058: Integer overflow in CredentialProvider
* CVE-2026-11059: Use after free in Blink
* CVE-2026-11060: Use after free in Media
* CVE-2026-11061: Out of bounds read in ANGLE
* CVE-2026-11062: Insufficient policy enforcement in Extensions
* CVE-2026-11063: Insufficient validation of untrusted input in WebNN
* CVE-2026-11064: Uninitialized Use in GPU
* CVE-2026-11065: Use after free in ANGLE
* CVE-2026-11066: Insufficient validation of untrusted input in ANGLE
* CVE-2026-11067: Uninitialized Use in Dawn
* CVE-2026-11068: Use after free in WebSockets
* CVE-2026-11069: Insufficient validation of untrusted input in Cast
* CVE-2026-11070: Insufficient validation of untrusted input in Chromoting
* CVE-2026-11071: Use after free in Base
* CVE-2026-11072: Use after free in WebView
* CVE-2026-11073: Use after free in WebGL
* CVE-2026-11074: Use after free in WebRTC
* CVE-2026-11075: Out of bounds read in V8
* CVE-2026-11076: Type Confusion in CSS
* CVE-2026-11077: Out of bounds read in Dawn
* CVE-2026-11078: Insufficient validation of untrusted input in FileSystem
* CVE-2026-11079: Insufficient validation of untrusted input in Codecs
* CVE-2026-11080: Use after free in WebView
* CVE-2026-11081: Policy bypass in Canvas
* CVE-2026-11082: Use after free in GPU
* CVE-2026-11083: Inappropriate implementation in Password Manager
* CVE-2026-11084: Inappropriate implementation in Password Manager
* CVE-2026-11085: Integer overflow in GPU
* CVE-2026-11086: Insufficient validation of untrusted input in Dawn
* CVE-2026-11087: Uninitialized Use in ANGLE
* CVE-2026-11088: Integer overflow in ANGLE
* CVE-2026-11089: Uninitialized Use in Media
* CVE-2026-11090: Uninitialized Use in ANGLE
* CVE-2026-11091: Inappropriate implementation in Dawn
* CVE-2026-11092: Insufficient policy enforcement in DevTools
* CVE-2026-11093: Insufficient validation of untrusted input in Printing
* CVE-2026-11094: Use after free in Codecs
* CVE-2026-11095: Insufficient validation of untrusted input in Codecs
* CVE-2026-11096: Out of bounds read in WebRTC
* CVE-2026-11097: Inappropriate implementation in WebView
* CVE-2026-11098: Insufficient validation of untrusted input in GPU
* CVE-2026-11099: Vulnerability in Skia
* CVE-2026-11100: Use after free in File Input
* CVE-2026-11101: Uninitialized Use in Dawn
* CVE-2026-11102: Inappropriate implementation in Isolated Web Apps
* CVE-2026-11103: Inappropriate implementation in Installer
* CVE-2026-11104: Uninitialized Use in ANGLE
* CVE-2026-11105: Insufficient validation of untrusted input in WebUI
* CVE-2026-11106: Inappropriate implementation in Media
* CVE-2026-11107: Inappropriate implementation in Downloads
* CVE-2026-11108: Inappropriate implementation in NFC
* CVE-2026-11109: Uninitialized Use in ANGLE
* CVE-2026-11110: Uninitialized Use in ANGLE
* CVE-2026-11111: Out of bounds read in ANGLE
* CVE-2026-11112: Insufficient validation of untrusted input in Chromoting
* CVE-2026-11113: Insufficient validation of untrusted input in ANGLE
* CVE-2026-11114: Use after free in Device Trust
* CVE-2026-11115: Use after free in Updater
* CVE-2026-11116: Use after free in Chromoting
* CVE-2026-11117: Use after free in Views
* CVE-2026-11118: Use after free in WebRTC
* CVE-2026-11119: Insufficient validation of untrusted input in GPU
* CVE-2026-11120: Insufficient validation of untrusted input in Enterprise Reporting
* CVE-2026-11121: Insufficient validation of untrusted input in Skia
* CVE-2026-11122: Inappropriate implementation in Keyboard
* CVE-2026-11123: Uninitialized Use in ANGLE
* CVE-2026-11124: Heap buffer overflow in Skia
* CVE-2026-11125: Use after free in Compositing
* CVE-2026-11126: Insufficient validation of untrusted input in DevTools
* CVE-2026-11127: Inappropriate implementation in WebAPKs
* CVE-2026-11128: Insufficient validation of untrusted input in Web Share
* CVE-2026-11129: Inappropriate implementation in Extensions
* CVE-2026-11130: Use after free in Media
* CVE-2026-11131: Use after free in Autofill
* CVE-2026-11132: Policy bypass in Paint
* CVE-2026-11133: Insufficient policy enforcement in Paint
* CVE-2026-11134: Insufficient data validation in Media
* CVE-2026-11135: Insufficient policy enforcement in Autofill
* CVE-2026-11136: Use after free in Canvas
* CVE-2026-11137: Uninitialized Use in ANGLE
* CVE-2026-11138: Uninitialized Use in ANGLE
* CVE-2026-11139: Policy bypass in Paint
* CVE-2026-11140: Insufficient validation of untrusted input in Chromecast
* CVE-2026-11141: Uninitialized Use in Audio
* CVE-2026-11142: Policy bypass in Paint
* CVE-2026-11143: Heap buffer overflow in Extensions
* CVE-2026-11144: Use after free in Media
* CVE-2026-11145: Race in Geolocation
* CVE-2026-11146: Insufficient validation of untrusted input in Chromoting
* CVE-2026-11147: Use after free in WebML
* CVE-2026-11148: Inappropriate implementation in Payments
* CVE-2026-11149: Insufficient validation of untrusted input in Extensions
* CVE-2026-11150: Inappropriate implementation in XML
* CVE-2026-11151: Insufficient validation of untrusted input in Password Manager
* CVE-2026-11152: Object lifecycle issue in Dawn
* CVE-2026-11153: Side-channel information leakage in Forms
* CVE-2026-11154: Use after free in Dawn
* CVE-2026-11155: Insufficient policy enforcement in CSS
* CVE-2026-11156: Inappropriate implementation in CSS
* CVE-2026-11157: Script injection in Accessibility
* CVE-2026-11158: Insufficient validation of untrusted input in Downloads
* CVE-2026-11159: Uninitialized Use in Skia
* CVE-2026-11160: Out of bounds read in Input
* CVE-2026-11161: Insufficient data validation in DataTransfer
* CVE-2026-11162: Insufficient policy enforcement in CSS
* CVE-2026-11163: Use after free in Messages
* CVE-2026-11164: Use after free in Blink
* CVE-2026-11165: Use after free in WebMIDI
* CVE-2026-11166: Inappropriate implementation in SVG
* CVE-2026-11167: Inappropriate implementation in WebView
* CVE-2026-11168: Insufficient policy enforcement in Extensions
* CVE-2026-11169: Inappropriate implementation in XML
* CVE-2026-11170: Inappropriate implementation in Chromoting
* CVE-2026-11171: Integer overflow in Blink
* CVE-2026-11172: Incorrect security UI in Contact Picker
* CVE-2026-11173: Out of bounds write in V8
* CVE-2026-11174: Insufficient policy enforcement in Site Isolation
* CVE-2026-11175: Incorrect security UI in Messages
* CVE-2026-11176: Inappropriate implementation in Media
* CVE-2026-11177: Use after free in Omnibox
* CVE-2026-11178: Policy bypass in WebView
* CVE-2026-11179: Inappropriate implementation in ORB
* CVE-2026-11180: Policy bypass in SVG
* CVE-2026-11181: Inappropriate implementation in Media Session
* CVE-2026-11182: Inappropriate implementation in SVG
* CVE-2026-11183: Out of bounds read in GWP-ASan
* CVE-2026-11184: Insufficient policy enforcement in Actor
* CVE-2026-11185: Use after free in V8
* CVE-2026-11186: Inappropriate implementation in CSS
* CVE-2026-11187: Insufficient policy enforcement in Glic
* CVE-2026-11188: Use after free in USB
* CVE-2026-11189: Insufficient validation of untrusted input in DevTools
* CVE-2026-11190: Insufficient policy enforcement in Extensions
* CVE-2026-11191: Out of bounds memory access in ANGLE
* CVE-2026-11192: Insufficient validation of untrusted input in Password Manager
* CVE-2026-11193: Insufficient policy enforcement in Password Manager
* CVE-2026-11194: Inappropriate implementation in Network
* CVE-2026-11195: Inappropriate implementation in MHTML
* CVE-2026-11196: Type Confusion in XML
* CVE-2026-11197: Insufficient policy enforcement in Workers
* CVE-2026-11198: Insufficient validation of untrusted input in Codecs
* CVE-2026-11199: Insufficient validation of untrusted input in WebRTC
* CVE-2026-11200: Inappropriate implementation in WebRTC
* CVE-2026-11201: Use after free in ServiceWorker
* CVE-2026-11202: Insufficient validation of untrusted input in Chrome for iOS
* CVE-2026-11203: Policy bypass in GPU
* CVE-2026-11204: Inappropriate implementation in Signin
* CVE-2026-11205: Insufficient validation of untrusted input in Chrome for iOS
* CVE-2026-11206: Policy bypass in ServiceWorker
* CVE-2026-11207: Insufficient validation of untrusted input in Autofill
* CVE-2026-11208: Use after free in Codecs
* CVE-2026-11209: Insufficient policy enforcement in Passwords
* CVE-2026-11210: Insufficient policy enforcement in Safe Browsing
* CVE-2026-11211: Integer overflow in V8
* CVE-2026-11212: Insufficient policy enforcement in DevTools
* CVE-2026-11213: Insufficient validation of untrusted input in Reading Mode
* CVE-2026-11214: Inappropriate implementation in Chrome for iOS
* CVE-2026-11215: Inappropriate implementation in Cronet
* CVE-2026-11216: Incorrect security UI in File Input
* CVE-2026-11217: Insufficient policy enforcement in Fenced Frames
* CVE-2026-11218: Inappropriate implementation in PlatformIntegration
* CVE-2026-11219: Insufficient data validation in Navigation
* CVE-2026-11220: Insufficient validation of untrusted input in Navigation
* CVE-2026-11221: Insufficient validation of untrusted input in PointerLock
* CVE-2026-11222: Incorrect security UI in Tab Strip
* CVE-2026-11223: Insufficient validation of untrusted input in Network
* CVE-2026-11224: Use after free in Chromoting
* CVE-2026-11225: Incorrect security UI in WebUI
* CVE-2026-11226: Insufficient policy enforcement in PreviewTab
* CVE-2026-11227: Incorrect security UI in Tab Hover Cards
* CVE-2026-11228: Incorrect security UI in File Input
* CVE-2026-11229: Insufficient policy enforcement in Enterprise
* CVE-2026-11230: Use after free in Extensions
* CVE-2026-11231: Inappropriate implementation in Safe Browsing
* CVE-2026-11232: Inappropriate implementation in TabGroups
* CVE-2026-11233: Insufficient validation of untrusted input in FoldableAPIs
* CVE-2026-11234: Insufficient policy enforcement in FoldableAPIs
* CVE-2026-11235: Insufficient validation of untrusted input in Compositing
* CVE-2026-11236: Insufficient policy enforcement in Web Bluetooth
* CVE-2026-11237: Insufficient validation of untrusted input in Media
* CVE-2026-11238: Inappropriate implementation in DevTools
* CVE-2026-11239: Insufficient validation of untrusted input in Extensions
* CVE-2026-11240: Insufficient validation of untrusted input in Loader
* CVE-2026-11241: Insufficient validation of untrusted input in Cast
* CVE-2026-11242: Insufficient validation of untrusted input in Plugins
* CVE-2026-11243: Incorrect security UI in Downloads
* CVE-2026-11244: Insufficient validation of untrusted input in WebAuthentication
* CVE-2026-11245: Inappropriate implementation in Payments
* CVE-2026-11246: Insufficient validation of untrusted input in IndexedDB
* CVE-2026-11247: Insufficient policy enforcement in CustomTabs
* CVE-2026-11248: Policy bypass in Google Lens
* CVE-2026-11249: Use after free in Network
* CVE-2026-11250: Inappropriate implementation in DevTools
* CVE-2026-11251: Insufficient validation of untrusted input in Password Manager
* CVE-2026-11252: Policy bypass in Content Settings
* CVE-2026-11253: Race in Permissions
* CVE-2026-11254: Inappropriate implementation in Permissions
* CVE-2026-11255: Insufficient validation of untrusted input in Storage Access API
* CVE-2026-11256: Out of bounds read in GPU
* CVE-2026-11257: Inappropriate implementation in Browser
* CVE-2026-11258: Inappropriate implementation in File System Access
* CVE-2026-11259: Insufficient validation of untrusted input in Cast
* CVE-2026-11260: Policy bypass in Permissions
* CVE-2026-11261: Insufficient validation of untrusted input in PDF
* CVE-2026-11262: Use after free in TabStrip
* CVE-2026-11263: Insufficient policy enforcement in WebAuthentication
* CVE-2026-11264: Policy bypass in Content Security Policy
* CVE-2026-11265: Insufficient data validation in Autofill
* CVE-2026-11266: Policy bypass in SafeBrowsing
* CVE-2026-11267: Insufficient policy enforcement in Extensions
* CVE-2026-11268: Uninitialized Use in ANGLE
* CVE-2026-11269: Inappropriate implementation in Extensions
* CVE-2026-11270: Inappropriate implementation in UI
* CVE-2026-11271: Incorrect security UI in Passwords
* CVE-2026-11272: Insufficient validation of untrusted input in Reading List
* CVE-2026-11273: Insufficient validation of untrusted input in Omnibox
* CVE-2026-11274: Inappropriate implementation in DOM Distiller
* CVE-2026-11275: Insufficient policy enforcement in Page Info
* CVE-2026-11276: Inappropriate implementation in Cast
* CVE-2026-11277: Insufficient policy enforcement in Chrome for iOS
* CVE-2026-11278: Inappropriate implementation in CustomTabs
* CVE-2026-11279: Out of bounds read in DevTools
* CVE-2026-11280: Insufficient validation of untrusted input in Signin
* CVE-2026-11281: Integer overflow in Chromoting
* CVE-2026-11282: Policy bypass in Sandbox
* CVE-2026-11283: Policy bypass in Shortcuts
* CVE-2026-11284: Side-channel information leakage in PerformanceAPIs
* CVE-2026-11285: Insufficient policy enforcement in Chrome for iOS
* CVE-2026-11286: Insufficient validation of untrusted input in Wallet
* CVE-2026-11287: Insufficient validation of untrusted input in Navigation
* CVE-2026-11288: Policy bypass in CSS
* CVE-2026-11289: Side-channel information leakage in Paint
* CVE-2026-11290: Integer overflow in WebView
* CVE-2026-11291: Policy bypass in Android Autofill
* CVE-2026-11292: Policy bypass in Blink
* CVE-2026-11293: Use after free in Input
* CVE-2026-11294: Inappropriate implementation in Passwords
* CVE-2026-11295: Inappropriate implementation in WebView
* CVE-2026-11296: Inappropriate implementation in ImageCapture
* CVE-2026-11297: Insufficient validation of untrusted input in Reader Mode
* CVE-2026-11298: Insufficient policy enforcement in Chrome for iOS
* CVE-2026-11299: Out of bounds read in Fonts
* CVE-2026-11300: Inappropriate implementation in Permissions
* CVE-2026-11301: Out of bounds read in LiveCaption
* CVE-2026-11302: Insufficient policy enforcement in Chrome for iOS
* CVE-2026-11303: Use after free in PDFium
* CVE-2026-11304: Use after free in PDFium
* CVE-2026-11305: Use after free in PDFium
* CVE-2026-11306: Use after free in PDFium
* CVE-2026-11307: Use after free in PDFium
* CVE-2026-11308: Inappropriate implementation in Extensions
* CVE-2026-11309: Insufficient policy enforcement in History
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2483935 - Remove setuid bit from chromium-browser's chrome-sandbox (now relies on namespaces)
https://bugzilla.redhat.com/show_bug.cgi?id=2483935
[ 2 ] Bug #2486052 - CVE-2026-10881 CVE-2026-10882 CVE-2026-10883 CVE-2026-10884 CVE-2026-10885 CVE-2026-10886 CVE-2026-10887 CVE-2026-10888 CVE-2026-10889 CVE-2026-10890 CVE-2026-10891 CVE-2026-10892 CVE-2026-10893 CVE-2026-10894 ... chromium: various flaws [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2486052
[ 3 ] Bug #2487620 - CVE-2026-11628 CVE-2026-11629 CVE-2026-11630 CVE-2026-11631 CVE-2026-11632 CVE-2026-11633 CVE-2026-11634 CVE-2026-11635 CVE-2026-11636 CVE-2026-11637 CVE-2026-11638 CVE-2026-11639 CVE-2026-11640 CVE-2026-11641 ... chromium: various flaws [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2487620
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-c5c0986fb6' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 43 Update: apptainer-1.5.1-1.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-77b4ea4fb8
2026-06-14 05:02:05.956682+00:00
--------------------------------------------------------------------------------

Name : apptainer
Product : Fedora 43
Version : 1.5.1
Release : 1.fc43
URL : https://apptainer.org
Summary : Application and environment virtualization formerly known as Singularity
Description :
Apptainer provides functionality to make portable
containers that can be used across host environments.

--------------------------------------------------------------------------------
Update Information:

Update to upstream 1.5.1. Fixes CVE-2026-48785
--------------------------------------------------------------------------------
ChangeLog:

* Thu Jun 4 2026 Dave Dykstra [dwd@cern.ch] - 1.5.1
- Update to upstream 1.5.1
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2484859 - apptainer-1.5.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2484859
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-77b4ea4fb8' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 43 Update: python-django5-5.2.15-1.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-f140cb16b6
2026-06-15 01:10:25.755889+00:00
--------------------------------------------------------------------------------

Name : python-django5
Product : Fedora 43
Version : 5.2.15
Release : 1.fc43
URL : https://www.djangoproject.com/
Summary : A high-level Python Web framework
Description :
Django is a high-level Python Web framework that encourages rapid
development and a clean, pragmatic design. It focuses on automating as
much as possible and adhering to the DRY (Don't Repeat Yourself)
principle.

--------------------------------------------------------------------------------
Update Information:

Fixes five low-severity CVEs
CVE-2026-6873: Signed cookie salt namespace collision
CVE-2026-7666: Potential unencrypted email transmission via STARTTLS in the SMTP
backend
CVE-2026-8404: Potential exposure of private data via case-sensitive Cache-
Control directives
CVE-2026-35193: Potential exposure of private data via missing Vary:
Authorization
CVE-2026-48587: Potential exposure of private data via whitespace padding in
Vary header
--------------------------------------------------------------------------------
ChangeLog:

* Fri Jun 5 2026 Michel Lind [salimma@fedoraproject.org] - 5.2.15-1
- Update to version 5.2.15; Resolves RHBZ#2484354
- Fixes five low-severity CVEs
- CVE-2026-6873: Signed cookie salt namespace collision
- CVE-2026-7666: Potential unencrypted email transmission via STARTTLS in
the SMTP backend
- CVE-2026-8404: Potential exposure of private data via case-sensitive
Cache-Control directives
- CVE-2026-35193: Potential exposure of private data via missing Vary:
Authorization
- CVE-2026-48587: Potential exposure of private data via whitespace padding
in Vary header
* Fri Jun 5 2026 Python Maint - 5.2.14-3
- Rebuilt for Python 3.15
* Thu Jun 4 2026 Python Maint - 5.2.14-2
- Bootstrap for Python 3.15
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2484354 - python-django5-5.2.15 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2484354
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-f140cb16b6' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 43 Update: bind9-next-9.21.22-2.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-ec095a4675
2026-06-15 01:10:25.755874+00:00
--------------------------------------------------------------------------------

Name : bind9-next
Product : Fedora 43
Version : 9.21.22
Release : 2.fc43
URL : https://www.isc.org/downloads/bind/
Summary : The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server
Description :
BIND (Berkeley Internet Name Domain) is an implementation of the DNS
(Domain Name System) protocols. BIND includes a DNS server (named),
which resolves host names to IP addresses; a resolver library
(routines for applications to use when interfacing with DNS); and
tools for verifying that the DNS server is operating properly.

--------------------------------------------------------------------------------
Update Information:

Update to 9.21.22 (rhbz#2480122)
Security Fixes:
Limit resolver server list size. (CVE-2026-3592)
Fix GSS-API resource leak. (CVE-2026-3039)
Disable recursion, UPDATE, and NOTIFY for non-IN views. (CVE-2026-5946)
Avoid unbounded recursion loop. (CVE-2026-5950)
Fix crash in resolver when SIG(0)-signed responses are received under load.
(CVE-2026-5947)
Fix use-after-free error in DNS-over-HTTPS when processing HTTP/2 SETTINGS
frames. (CVE-2026-3593)
Fix outgoing zone transfers' quota issue.
Feature Changes:
Fix CPU spikes and slow queries when cache approaches memory limit.
Implement RFC 3645 Section 4.1.1 key expiry check in TKEY.
Reduce memory footprint by actively returning unused memory to the OS.
multiple bugfixes.
Source:
https://downloads.isc.org/isc/bind9/9.21.22/doc/arm/html/notes.html#notes-for-
bind-9-21-22
--------------------------------------------------------------------------------
ChangeLog:

* Fri Jun 5 2026 Petr Men????k [pemensik@redhat.com] - 32:9.21.22-2
- Switch downstream change to upstream for 32b mem check
* Fri Jun 5 2026 Petr Men????k [pemensik@redhat.com] - 32:9.21.22-1
- Update to 9.21.22 (rhbz#2480122)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2480122 - bind9-next-9.21.22 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2480122
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-ec095a4675' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------



[SECURITY] Fedora 43 Update: python-python-multipart-0.0.32-1.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-2cfc16a621
2026-06-15 01:10:25.755860+00:00
--------------------------------------------------------------------------------

Name : python-python-multipart
Product : Fedora 43
Version : 0.0.32
Release : 1.fc43
URL : https://github.com/Kludex/python-multipart
Summary : A streaming multipart parser for Python
Description :
Python-Multipart is a streaming multipart parser for Python.

--------------------------------------------------------------------------------
Update Information:

0.0.32 (2026-06-04)
Speed up partial-boundary scanning for CR/LF-dense part data.
0.0.31 (2026-06-04)
Speed up multipart header parsing and callback dispatch.
Bound header field name size before validating.
Validate Content-Length is non-negative in parse_form.
Fixes security issues GHSA-v9pg-7xvm-68hf, GHSA-5rvq-cxj2-64vf,
GHSA-6jv3-5f52-599m, and GHSA-vffw-93wf-4j4q.
0.0.30 (2026-05-31)
Parse application/x-www-form-urlencoded bodies per the WHATWG URL standard,
treating only & as a field separator.
Ignore RFC 2231/5987 extended parameters (name*, filename*) in
parse_options_header, keeping the plain parameter authoritative per RFC 7578
??4.2.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Jun 5 2026 Packit [hello@packit.dev] - 0.0.32-1
- Update to 0.0.32 upstream release
- Resolves: rhbz#2484846
* Thu Jun 4 2026 Packit [hello@packit.dev] - 0.0.31-1
- Update to 0.0.31 upstream release
- Resolves: rhbz#2484715
* Mon Jun 1 2026 Packit [hello@packit.dev] - 0.0.30-1
- Update to 0.0.30 upstream release
- Resolves: rhbz#2483639
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2483639 - python-python-multipart-0.0.30 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2483639
[ 2 ] Bug #2484715 - python-python-multipart-0.0.31 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2484715
[ 3 ] Bug #2484846 - python-python-multipart-0.0.32 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2484846
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-2cfc16a621' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------



[SECURITY] Fedora 44 Update: gh-2.94.0-1.fc44


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-f07b3548d4
2026-06-15 00:48:35.285184+00:00
--------------------------------------------------------------------------------

Name : gh
Product : Fedora 44
Version : 2.94.0
Release : 1.fc44
URL : https://github.com/cli/cli
Summary : GitHub's official command line tool
Description :
A command-line interface to GitHub for use in your terminal or your scripts.

gh is a tool designed to enhance your workflow when working with GitHub. It
provides a seamless way to interact with GitHub repositories and perform various
actions right from the command line, eliminating the need to switch between your
terminal and the GitHub website.

--------------------------------------------------------------------------------
Update Information:

Update to 2.94.0
Update to 2.93.0
--------------------------------------------------------------------------------
ChangeLog:

* Thu Jun 11 2026 Packit [hello@packit.dev] - 2.94.0-1
- Update to 2.94.0 upstream release
- Resolves: rhbz#2487830
* Thu May 28 2026 Maxwell G [maxwell@gtmx.me] - 2.93.0-1
- Update to 2.93.0. Fixes rhbz#2482337.
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2483739 - CVE-2026-45803 gh: GitHub CLI: Arbitrary command execution via terminal escape sequence injection in workflow logs [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2483739
[ 2 ] Bug #2486218 - CVE-2026-45287 gh: OpenTelemetry-Go: Denial of Service due to file descriptor leak [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2486218
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-f07b3548d4' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 44 Update: dnsdist-2.0.6-1.fc44


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-51cdd1292b
2026-06-15 00:48:35.285145+00:00
--------------------------------------------------------------------------------

Name : dnsdist
Product : Fedora 44
Version : 2.0.6
Release : 1.fc44
URL : https://dnsdist.org
Summary : Highly DNS-, DoS- and abuse-aware loadbalancer
Description :
dnsdist is a highly DNS-, DoS- and abuse-aware loadbalancer. Its goal in life
is to route traffic to the best server, delivering top performance to
legitimate users while shunting or blocking abusive traffic.

--------------------------------------------------------------------------------
Update Information:

Bug Fixes:
CVE-2026-33254: An attacker can create a large number of concurrent DoQ or DoH3
connections, causing unlimited memory allocation in DNSdist and leading to a
denial of service. DOQ and DoH3 are disabled by default
CVE-2026-33257: An attacker can send a web request that causes unlimited memory
allocation in the internal web server, leading to a denial of service. The web
server is disabled and restricted by an ACL by default
CVE-2026-33260: An attacker can send a web request that causes unlimited memory
allocation in the internal web server, leading to a denial of service. The web
server is disabled and restricted by an ACL by default
CVE-2026-33593: A client can trigger a divide by zero error leading to crash by
sending a crafted DNSCrypt query
CVE-2026-33595: A client can trigger excessive memory allocation by generating a
lot of errors responses over a single DoQ and DoH3 connection, as some resources
were not properly released until the end of the connection. DOQ and DoH3 are
disabled by default
CVE-2026-33596: A client might theoretically be able to cause a mismatch between
queries sent to a backend and the received responses by sending a flood of
perfectly timed queries that are routed to a TCP-only or DNS over TLS backend
CVE-2026-33597: A crafted query containing an invalid DNS label can prevent the
PRSD detection algorithm executed via DynBlockRulesGroup:setSuffixMatchRule or
DynBlockRulesGroup:setSuffixMatchRuleFFI from being executed
CVE-2026-33598: A cached crafted response can cause an out-of-bounds read if
custom Lua code calls getDomainListByAddress() or getAddressListByDomain() on a
packet cache
CVE-2026-33599: A rogue backend can send a crafted SVCB response to a Discovery
of Designated Resolvers request, when requested via either the autoUpgrade (Lua)
option to newServer or auto_upgrade (YAML) settings. DDR upgrade is not enabled
by default
CVE-2026-33602: A rogue backend can send a crafted UDP response with a query ID
off by one related to the maximum configured value, triggering an out-of-bounds
write leading to a denial of service
CVE-2026-33594: A client can trigger excessive memory allocation by generating a
lot of queries that are routed to an overloaded DoH backend, causing queries to
accumulate into a buffer that will not be released until the end of the
connection. Outgoing DoH is disabled by default
--------------------------------------------------------------------------------
ChangeLog:

* Fri Jun 5 2026 Filipe Rosset [rosset.filipe@gmail.com] - 2.0.6-1
- update to 2.0.6 fixes rhbz#2460540
* Fri May 29 2026 Miroslav Such?? [msuchy@redhat.com] - 2.0.3-2
- rebuild for https://fedoraproject.org/wiki/Changes/Protobuf_5.x/6.x
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2460830 - CVE-2026-33260 dnsdist: insufficient input validation of internal webserver [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2460830
[ 2 ] Bug #2460831 - CVE-2026-33260 dnsdist: insufficient input validation of internal webserver [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2460831
[ 3 ] Bug #2460832 - CVE-2026-33257 dnsdist: insufficient input validation of internal webserver [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2460832
[ 4 ] Bug #2460833 - CVE-2026-33257 dnsdist: insufficient input validation of internal webserver [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2460833
[ 5 ] Bug #2460834 - CVE-2026-33596 dnsdist: TCP backend stream ID overflow [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2460834
[ 6 ] Bug #2460835 - CVE-2026-33596 dnsdist: TCP backend stream ID overflow [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2460835
[ 7 ] Bug #2460836 - CVE-2026-33599 dnsdist: out-of-bounds read in service discovery [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2460836
[ 8 ] Bug #2460837 - CVE-2026-33599 dnsdist: out-of-bounds read in service discovery [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2460837
[ 9 ] Bug #2460838 - CVE-2026-33597 dnsdist: insufficient input validation of internal webserver [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2460838
[ 10 ] Bug #2460839 - CVE-2026-33597 dnsdist: insufficient input validation of internal webserver [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2460839
[ 11 ] Bug #2460840 - CVE-2026-33595 dnsdist: DoQ/DoH3 excessive memory allocation [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2460840
[ 12 ] Bug #2460841 - CVE-2026-33595 dnsdist: DoQ/DoH3 excessive memory allocation [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2460841
[ 13 ] Bug #2460842 - CVE-2026-33594 dnsdist: outgoing DoH excessive memory allocation [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2460842
[ 14 ] Bug #2460843 - CVE-2026-33594 dnsdist: outgoing DoH excessive memory allocation [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2460843
[ 15 ] Bug #2460844 - CVE-2026-33602 dnsdist: off-by-one access when processing crafted UDP responses [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2460844
[ 16 ] Bug #2460845 - CVE-2026-33602 dnsdist: off-by-one access when processing crafted UDP responses [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2460845
[ 17 ] Bug #2460846 - CVE-2026-33254 dnsdist: resource exhaustion via DoQ/DoH3 connections [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2460846
[ 18 ] Bug #2460847 - CVE-2026-33254 dnsdist: resource exhaustion via DoQ/DoH3 connections [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2460847
[ 19 ] Bug #2460848 - CVE-2026-33598 dnsdist: out-of-bounds read in cache inspection via Lua [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2460848
[ 20 ] Bug #2460849 - CVE-2026-33598 dnsdist: out-of-bounds read in cache inspection via Lua [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2460849
[ 21 ] Bug #2460851 - CVE-2026-33593 dnsdist: denial of service via crafted DNSCrypt query [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2460851
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-51cdd1292b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------



[SECURITY] Fedora 44 Update: python-django5-5.2.15-1.fc44


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-e4146022ce
2026-06-15 00:48:35.285131+00:00
--------------------------------------------------------------------------------

Name : python-django5
Product : Fedora 44
Version : 5.2.15
Release : 1.fc44
URL : https://www.djangoproject.com/
Summary : A high-level Python Web framework
Description :
Django is a high-level Python Web framework that encourages rapid
development and a clean, pragmatic design. It focuses on automating as
much as possible and adhering to the DRY (Don't Repeat Yourself)
principle.

--------------------------------------------------------------------------------
Update Information:

Fixes five low-severity CVEs
CVE-2026-6873: Signed cookie salt namespace collision
CVE-2026-7666: Potential unencrypted email transmission via STARTTLS in the SMTP
backend
CVE-2026-8404: Potential exposure of private data via case-sensitive Cache-
Control directives
CVE-2026-35193: Potential exposure of private data via missing Vary:
Authorization
CVE-2026-48587: Potential exposure of private data via whitespace padding in
Vary header
--------------------------------------------------------------------------------
ChangeLog:

* Fri Jun 5 2026 Michel Lind [salimma@fedoraproject.org] - 5.2.15-1
- Update to version 5.2.15; Resolves RHBZ#2484354
- Fixes five low-severity CVEs
- CVE-2026-6873: Signed cookie salt namespace collision
- CVE-2026-7666: Potential unencrypted email transmission via STARTTLS in
the SMTP backend
- CVE-2026-8404: Potential exposure of private data via case-sensitive
Cache-Control directives
- CVE-2026-35193: Potential exposure of private data via missing Vary:
Authorization
- CVE-2026-48587: Potential exposure of private data via whitespace padding
in Vary header
* Fri Jun 5 2026 Python Maint - 5.2.14-3
- Rebuilt for Python 3.15
* Thu Jun 4 2026 Python Maint - 5.2.14-2
- Bootstrap for Python 3.15
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2484354 - python-django5-5.2.15 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2484354
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-e4146022ce' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 44 Update: bind9-next-9.21.22-2.fc44


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-dbb0776ac5
2026-06-15 00:48:35.285092+00:00
--------------------------------------------------------------------------------

Name : bind9-next
Product : Fedora 44
Version : 9.21.22
Release : 2.fc44
URL : https://www.isc.org/downloads/bind/
Summary : The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server
Description :
BIND (Berkeley Internet Name Domain) is an implementation of the DNS
(Domain Name System) protocols. BIND includes a DNS server (named),
which resolves host names to IP addresses; a resolver library
(routines for applications to use when interfacing with DNS); and
tools for verifying that the DNS server is operating properly.

--------------------------------------------------------------------------------
Update Information:

Update to 9.21.22 (rhbz#2480122)
Security Fixes:
Limit resolver server list size. (CVE-2026-3592)
Fix GSS-API resource leak. (CVE-2026-3039)
Disable recursion, UPDATE, and NOTIFY for non-IN views. (CVE-2026-5946)
Avoid unbounded recursion loop. (CVE-2026-5950)
Fix crash in resolver when SIG(0)-signed responses are received under load.
(CVE-2026-5947)
Fix use-after-free error in DNS-over-HTTPS when processing HTTP/2 SETTINGS
frames. (CVE-2026-3593)
Fix outgoing zone transfers' quota issue.
Feature Changes:
Fix CPU spikes and slow queries when cache approaches memory limit.
Implement RFC 3645 Section 4.1.1 key expiry check in TKEY.
Reduce memory footprint by actively returning unused memory to the OS.
multiple bugfixes.
Source:
https://downloads.isc.org/isc/bind9/9.21.22/doc/arm/html/notes.html#notes-for-
bind-9-21-22
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jun 3 2026 Petr Men????k [pemensik@redhat.com] - 32:9.21.22-2
- Switch downstream change to upstream for 32b mem check
* Wed Jun 3 2026 Petr Men????k [pemensik@redhat.com] - 32:9.21.22-1
- Update to 9.21.22 (rhbz#2480122)
* Tue May 5 2026 Petr Men????k [pemensik@redhat.com] - 32:9.21.21-7
- Fix build with openssl4 (rhbz#2463851)
* Tue May 5 2026 Petr Men????k [pemensik@redhat.com] - 32:9.21.21-6
- Remove unused forgotten files
* Thu Apr 30 2026 Petr Men????k [pemensik@redhat.com] - 32:9.21.21-5
- Stop publishing rwtab.d/named
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2480122 - bind9-next-9.21.22 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2480122
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-dbb0776ac5' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------



[SECURITY] Fedora 44 Update: python-python-multipart-0.0.32-1.fc44


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-104e079187
2026-06-15 00:48:35.285087+00:00
--------------------------------------------------------------------------------

Name : python-python-multipart
Product : Fedora 44
Version : 0.0.32
Release : 1.fc44
URL : https://github.com/Kludex/python-multipart
Summary : A streaming multipart parser for Python
Description :
Python-Multipart is a streaming multipart parser for Python.

--------------------------------------------------------------------------------
Update Information:

0.0.32 (2026-06-04)
Speed up partial-boundary scanning for CR/LF-dense part data.
0.0.31 (2026-06-04)
Speed up multipart header parsing and callback dispatch.
Bound header field name size before validating.
Validate Content-Length is non-negative in parse_form.
Fixes security issues GHSA-v9pg-7xvm-68hf, GHSA-5rvq-cxj2-64vf,
GHSA-6jv3-5f52-599m, and GHSA-vffw-93wf-4j4q.
0.0.30 (2026-05-31)
Parse application/x-www-form-urlencoded bodies per the WHATWG URL standard,
treating only & as a field separator.
Ignore RFC 2231/5987 extended parameters (name*, filename*) in
parse_options_header, keeping the plain parameter authoritative per RFC 7578
??4.2.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Jun 4 2026 Packit [hello@packit.dev] - 0.0.32-1
- Update to 0.0.32 upstream release
- Resolves: rhbz#2484846
* Thu Jun 4 2026 Packit [hello@packit.dev] - 0.0.31-1
- Update to 0.0.31 upstream release
- Resolves: rhbz#2484715
* Wed Jun 3 2026 Python Maint - 0.0.30-3
- Rebuilt for Python 3.15
* Sun May 31 2026 Packit [hello@packit.dev] - 0.0.30-1
- Update to 0.0.30 upstream release
- Resolves: rhbz#2483639
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2483639 - python-python-multipart-0.0.30 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2483639
[ 2 ] Bug #2484715 - python-python-multipart-0.0.31 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2484715
[ 3 ] Bug #2484846 - python-python-multipart-0.0.32 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2484846
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-104e079187' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Apache2 and OpenSSL updates for Debian

GIMP, LibTIFF, Systemd, and LibSSH updates for RHEL

Windows

Linux

macOS

Community

  • Lexonight
    Hey everyone,Wanted to share a project I've been b ...
  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...