Chromium, GnuTLS, Osslsigncode, and P11-Kit updates for Fedora

Fedora Linux 9243 Published 2026-02-12 07:05 by Philipp Esselbach

News

Fedora has released several security updates for its 42 and 43 versions. The updates include fixes for vulnerabilities in chromium, which could lead to arbitrary code execution via crafted HTML pages, as well as a heap buffer overflow in libvpx and type confusion in V8. Additionally, the updates address CVEs in gnutls, including one that allows remote denial of service via crafted ClientHello with invalid PSK binder, and another that fixes name constraint processing performance issue.

Fedora 42 Update: chromium-144.0.7559.132-1.fc42
Fedora 42 Update: osslsigncode-2.12-1.fc42
Fedora 43 Update: p11-kit-0.26.2-1.fc43
Fedora 43 Update: gnutls-3.8.12-1.fc43
Fedora 43 Update: osslsigncode-2.12-1.fc43

[SECURITY] Fedora 42 Update: chromium-144.0.7559.132-1.fc42

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-e900558e56
2026-02-12 01:09:28.578821+00:00
--------------------------------------------------------------------------------

Name : chromium
Product : Fedora 42
Version : 144.0.7559.132
Release : 1.fc42
URL : http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).

--------------------------------------------------------------------------------
Update Information:

Update to 144.0.7559.132
* CVE-2026-1861: Heap buffer overflow in libvpx
* CVE-2026-1862: Type Confusion in V8
--------------------------------------------------------------------------------
ChangeLog:

* Thu Feb 5 2026 Than Ngo [than@redhat.com] - 144.0.7559.132-1
- Update to 144.0.7559.132
* CVE-2026-1861: Heap buffer overflow in libvpx
* CVE-2026-1862: Type Confusion in V8
- Add BR on esbuild
- Disable devtool bundle
- Update scripts for downloading the source
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2436627 - CVE-2026-1861 chromium: Chromium: Arbitrary code execution via crafted HTML page [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2436627
[ 2 ] Bug #2436628 - CVE-2026-1861 chromium: Chromium: Arbitrary code execution via crafted HTML page [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2436628
[ 3 ] Bug #2436629 - CVE-2026-1862 chromium: Chromium: Remote heap corruption via crafted HTML page [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2436629
[ 4 ] Bug #2436630 - CVE-2026-1862 chromium: Chromium: Remote heap corruption via crafted HTML page [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2436630
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-e900558e56' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 42 Update: osslsigncode-2.12-1.fc42

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-ab67a4d8b3
2026-02-12 01:09:28.578783+00:00
--------------------------------------------------------------------------------

Name : osslsigncode
Product : Fedora 42
Version : 2.12
Release : 1.fc42
URL : https://github.com/mtrojnar/osslsigncode
Summary : OpenSSL-based Authenticode signing for PE, CAB, CAT, MSI, APPX
Description :
osslsigncode is a small tool that implements part of the functionality of the
Microsoft tool signtool.exe - more exactly the Authenticode signing and
timestamping. But osslsigncode is based on OpenSSL and cURL, and thus should be
able to compile on most platforms where these exist.

--------------------------------------------------------------------------------
Update Information:

See commit history
--------------------------------------------------------------------------------
ChangeLog:

* Mon Feb 2 2026 Packit [hello@packit.dev] - 2.12-1
- Update to 2.12 upstream release
- Resolves: rhbz#2436077
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2436077 - osslsigncode-2.12 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2436077
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-ab67a4d8b3' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 43 Update: p11-kit-0.26.2-1.fc43

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-f1fabb2a49
2026-02-12 00:51:45.032410+00:00
--------------------------------------------------------------------------------

Name : p11-kit
Product : Fedora 43
Version : 0.26.2
Release : 1.fc43
URL : http://p11-glue.freedesktop.org/p11-kit.html
Summary : Library for loading and sharing PKCS#11 modules
Description :
p11-kit provides a way to load and enumerate PKCS#11 modules, as well
as a standard configuration setup for installing PKCS#11 modules in
such a way that they're discoverable.

--------------------------------------------------------------------------------
Update Information:

Notable changes from the rebase:
* pkcs11: Update PKCS11 headers to version 3.2
* rpc: fix NULL dereference via C_DeriveKey with specific NULL parameters
(CVE-2026-2100)
* trust: Lookup DNs in reverse order (RFC4514 section 2.1)
--------------------------------------------------------------------------------
ChangeLog:

* Tue Feb 10 2026 Packit [hello@packit.dev] - 0.26.2-1
- Update to 0.26.2 upstream release
- Resolves: rhbz#2394340
* Tue Feb 10 2026 Zoltan Fridrich [zfridric@redhat.com] - 0.25.8-3
- Migrate STI tests to TMT
* Tue Feb 10 2026 Zoltan Fridrich [zfridric@redhat.com] - 0.25.8-2
- Fix test trust-anchor-complains-about-invalid-attribute-and
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2383011 - p11-kit: STI tests will no longer be run in F43
https://bugzilla.redhat.com/show_bug.cgi?id=2383011
[ 2 ] Bug #2394340 - p11-kit-0.26.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2394340
[ 3 ] Bug #2437309 - CVE-2026-2100 p11-kit: p11-kit: NULL dereference via C_DeriveKey with specific NULL parameters [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2437309
[ 4 ] Bug #2437310 - CVE-2026-2100 p11-kit: p11-kit: NULL dereference via C_DeriveKey with specific NULL parameters [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437310
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-f1fabb2a49' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 43 Update: gnutls-3.8.12-1.fc43

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-ef7170c9f6
2026-02-12 00:51:45.032412+00:00
--------------------------------------------------------------------------------

Name : gnutls
Product : Fedora 43
Version : 3.8.12
Release : 1.fc43
URL : http://www.gnutls.org/
Summary : A TLS protocol implementation
Description :
GnuTLS is a secure communications library implementing the SSL, TLS and DTLS
protocols and technologies around them. It provides a simple C language
application programming interface (API) to access the secure communications
protocols as well as APIs to parse and write X.509, PKCS #12, OpenPGP and
other required structures.

--------------------------------------------------------------------------------
Update Information:

This fixes a couple CVEs:
** libgnutls: Fix NULL pointer dereference in PSK binder verification A TLS 1.3
resumption attempt with an invalid PSK binder value in ClientHello could lead to
a denial of service attack via crashing the server. The updated code guards
against the problematic dereference. Reported by Jaehun Lee. [Fixes: GNUTLS-
SA-2026-02-09-1, CVSS: high] [CVE-2026-1584]
** libgnutls: Fix name constraint processing performance issue Verifying
certificates with pathological amounts of name constraints could lead to a
denial of service attack via resource exhaustion. Reworked processing algorithms
exhibit better performance characteristics. Reported by Tim Scheckenbach.
[Fixes: GNUTLS-SA-2026-02-09-2, CVSS: medium] [CVE-2025-14831]
--------------------------------------------------------------------------------
ChangeLog:

* Tue Feb 10 2026 Alexander Sosedkin [asosedkin@redhat.com] - 3.8.12-1
- Update to 3.8.12 upstream release
- Resolves: rhbz#2438001
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2437987 - CVE-2025-14831 gnutls: GnuTLS: Denial of Service via excessive resource consumption during certificate verification [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437987
[ 2 ] Bug #2437989 - CVE-2026-1584 gnutls: gnutls: Remote Denial of Service via crafted ClientHello with invalid PSK binder [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437989
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-ef7170c9f6' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 43 Update: osslsigncode-2.12-1.fc43

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-3c6cc85b52
2026-02-12 00:51:45.032320+00:00
--------------------------------------------------------------------------------

Name : osslsigncode
Product : Fedora 43
Version : 2.12
Release : 1.fc43
URL : https://github.com/mtrojnar/osslsigncode
Summary : OpenSSL-based Authenticode signing for PE, CAB, CAT, MSI, APPX
Description :
osslsigncode is a small tool that implements part of the functionality of the
Microsoft tool signtool.exe - more exactly the Authenticode signing and
timestamping. But osslsigncode is based on OpenSSL and cURL, and thus should be
able to compile on most platforms where these exist.

--------------------------------------------------------------------------------
Update Information:

See commit history
--------------------------------------------------------------------------------
ChangeLog:

* Mon Feb 2 2026 Packit [hello@packit.dev] - 2.12-1
- Update to 2.12 upstream release
- Resolves: rhbz#2436077
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2436077 - osslsigncode-2.12 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2436077
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-3c6cc85b52' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

Adrenalin Edition 26.2.1: Brings Support for Yakuza Kiwami 3 and Nioh 3

Spice-Client-Win, Libsoup, Kernel, and more updates for RHEL

Chromium, GnuTLS, Osslsigncode, and P11-Kit updates for Fedora

[SECURITY] Fedora 42 Update: chromium-144.0.7559.132-1.fc42

[SECURITY] Fedora 42 Update: osslsigncode-2.12-1.fc42

[SECURITY] Fedora 43 Update: p11-kit-0.26.2-1.fc43

[SECURITY] Fedora 43 Update: gnutls-3.8.12-1.fc43

[SECURITY] Fedora 43 Update: osslsigncode-2.12-1.fc43

Windows

Linux

macOS

Community