Chromium, MinGW-ZLIB, Polkit, and more updates for Fedora

Fedora Linux 9272 Published by

Multiple security updates have been released for Fedora systems, addressing vulnerabilities in various packages. The updates include patches for Chromium (CVE-2026-3536, CVE-2026-3545) and other related packages, as well as fixes for mingw-zlib (CVE-2026-22184), perl-Net-CIDR, polkit, matrix-synapse (CVE-2026-24044), and rust-pythonize.

Fedora 42 Update: chromium-145.0.7632.159-1.fc42
Fedora 42 Update: mingw-zlib-1.3.2-1.fc42
Fedora 42 Update: perl-Net-CIDR-0.27-1.fc42
Fedora 43 Update: chromium-145.0.7632.159-1.fc43
Fedora 43 Update: rust-pythonize-0.27.0-1.fc43
Fedora 43 Update: mingw-zlib-1.3.2-1.fc43
Fedora 43 Update: polkit-126-6.fc43.1
Fedora 43 Update: matrix-synapse-1.147.1-1.fc43
Fedora 44 Update: chromium-145.0.7632.159-1.fc44




[SECURITY] Fedora 42 Update: chromium-145.0.7632.159-1.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-06657d1811
2026-03-10 01:09:17.058043+00:00
--------------------------------------------------------------------------------

Name : chromium
Product : Fedora 42
Version : 145.0.7632.159
Release : 1.fc42
URL : http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).

--------------------------------------------------------------------------------
Update Information:

Update to 145.0.7632.159
CVE-2026-3536: Integer overflow in ANGLE
CVE-2026-3537: Object lifecycle issue in PowerVR
CVE-2026-3538: Integer overflow in Skia
CVE-2026-3539: Object lifecycle issue in DevTools
CVE-2026-3540: Inappropriate implementation in WebAudio
CVE-2026-3541: Inappropriate implementation in CSS
CVE-2026-3542: Inappropriate implementation in WebAssembly
CVE-2026-3543: Inappropriate implementation in V8
CVE-2026-3544: Heap buffer overflow in WebCodecs
CVE-2026-3545: Insufficient data validation in Navigation
--------------------------------------------------------------------------------
ChangeLog:

* Fri Mar 6 2026 Than Ngo [than@redhat.com] - 145.0.7632.159-1
- Update to 145.0.7632.159
* CVE-2026-3536: Integer overflow in ANGLE
* CVE-2026-3537: Object lifecycle issue in PowerVR
* CVE-2026-3538: Integer overflow in Skia
* CVE-2026-3539: Object lifecycle issue in DevTools
* CVE-2026-3540: Inappropriate implementation in WebAudio
* CVE-2026-3541: Inappropriate implementation in CSS
* CVE-2026-3542: Inappropriate implementation in WebAssembly
* CVE-2026-3543: Inappropriate implementation in V8
* CVE-2026-3544: Heap buffer overflow in WebCodecs
* CVE-2026-3545: Insufficient data validation in Navigation
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-06657d1811' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 42 Update: mingw-zlib-1.3.2-1.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-ca44fe35a9
2026-03-10 01:09:17.057999+00:00
--------------------------------------------------------------------------------

Name : mingw-zlib
Product : Fedora 42
Version : 1.3.2
Release : 1.fc42
URL : https://www.zlib.net/
Summary : MinGW Windows zlib compression library
Description :
MinGW Windows zlib compression library.

--------------------------------------------------------------------------------
Update Information:

Update to 1.3.2.
--------------------------------------------------------------------------------
ChangeLog:

* Sun Mar 1 2026 Sandro Mani [manisandro@gmail.com] - 1.3.2-1
- Update to 1.3.2
* Fri Jan 16 2026 Fedora Release Engineering [releng@fedoraproject.org] - 1.3.1-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
* Thu Jul 24 2025 Fedora Release Engineering [releng@fedoraproject.org] - 1.3.1-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2427811 - CVE-2026-22184 mingw-zlib: zlib: Arbitrary code execution via buffer overflow in untgz utility [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2427811
[ 2 ] Bug #2427827 - CVE-2026-22184 mingw-zlib: zlib: Arbitrary code execution via buffer overflow in untgz utility [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2427827
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-ca44fe35a9' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 42 Update: perl-Net-CIDR-0.27-1.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-baf8782c7a
2026-03-10 01:09:17.057996+00:00
--------------------------------------------------------------------------------

Name : perl-Net-CIDR
Product : Fedora 42
Version : 0.27
Release : 1.fc42
URL : https://metacpan.org/dist/Net-CIDR
Summary : Manipulate IPv4/IPv6 netblocks in CIDR notation
Description :
The Net::CIDR package contains functions that manipulate lists of IP netblocks
expressed in CIDR notation. The Net::CIDR functions handle both IPv4 and IPv6
addresses.

--------------------------------------------------------------------------------
Update Information:

Net::CIDR versions before 0.24 for Perl mishandle leading zeros in IP CIDR
addresses, which may have unspecified impact.
The functions addr2cidr and cidrlookup may return leading zeros in a CIDR
string, which may in turn be parsed as octal numbers by subsequent users.
Current versions of the module strip leading zeros from octets.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Aug 13 2025 Paul Howarth - 0.27-1
- Update to 0.27 (rhbz#2388145)
- cidrvalidate() bug fix (GH#9)
* Mon Jun 23 2025 Paul Howarth - 0.26-1
- Update to 0.26 (rhbz#2374271)
- cidrvalidate() should accept IPv6 addresses with one uncompressed 0
* Sat May 24 2025 Paul Howarth - 0.25-1
- Update to 0.25 (rhbz#2368340)
- Fix warning with Perl 5.40
* Wed May 21 2025 Paul Howarth - 0.24.1-1
- Update to 0.24.1
- Strip extra leading zeros from octets in addr2cidr (GH#4)
* Tue May 20 2025 Paul Howarth - 0.24-1
- Update to 0.24 (no changes)
* Mon Mar 10 2025 Paul Howarth - 0.23-1
- Update to 0.23
- Add metadata to Makefile.PL and use Test::More (GH#3)
* Sun Mar 9 2025 Emmanuel Seyman [emmanuel@seyman.fr] - 0.22-1
- Update to 0.22
- Improve several error messages
- Allow unabbreviated IPv6 addresses
- Use %{make_build} and %{make_install} where appropriate
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2443387 - CVE-2021-4456 perl-Net-CIDR: mishandling of leading zeros in IP CIDR addresses [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2443387
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-baf8782c7a' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 43 Update: chromium-145.0.7632.159-1.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-f62db6b372
2026-03-10 00:53:06.309257+00:00
--------------------------------------------------------------------------------

Name : chromium
Product : Fedora 43
Version : 145.0.7632.159
Release : 1.fc43
URL : http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).

--------------------------------------------------------------------------------
Update Information:

Update to 145.0.7632.159
CVE-2026-3536: Integer overflow in ANGLE
CVE-2026-3537: Object lifecycle issue in PowerVR
CVE-2026-3538: Integer overflow in Skia
CVE-2026-3539: Object lifecycle issue in DevTools
CVE-2026-3540: Inappropriate implementation in WebAudio
CVE-2026-3541: Inappropriate implementation in CSS
CVE-2026-3542: Inappropriate implementation in WebAssembly
CVE-2026-3543: Inappropriate implementation in V8
CVE-2026-3544: Heap buffer overflow in WebCodecs
CVE-2026-3545: Insufficient data validation in Navigation
--------------------------------------------------------------------------------
ChangeLog:

* Fri Mar 6 2026 Than Ngo [than@redhat.com] - 145.0.7632.159-1
- Update to 145.0.7632.159
* CVE-2026-3536: Integer overflow in ANGLE
* CVE-2026-3537: Object lifecycle issue in PowerVR
* CVE-2026-3538: Integer overflow in Skia
* CVE-2026-3539: Object lifecycle issue in DevTools
* CVE-2026-3540: Inappropriate implementation in WebAudio
* CVE-2026-3541: Inappropriate implementation in CSS
* CVE-2026-3542: Inappropriate implementation in WebAssembly
* CVE-2026-3543: Inappropriate implementation in V8
* CVE-2026-3544: Heap buffer overflow in WebCodecs
* CVE-2026-3545: Insufficient data validation in Navigation
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-f62db6b372' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 43 Update: rust-pythonize-0.27.0-1.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-151bfcc2af
2026-03-10 00:53:06.309222+00:00
--------------------------------------------------------------------------------

Name : rust-pythonize
Product : Fedora 43
Version : 0.27.0
Release : 1.fc43
URL : https://crates.io/crates/pythonize
Summary : Serde Serializer & Deserializer from Rust Python, backed by PyO3
Description :
Serde Serializer & Deserializer from Rust Python, backed by PyO3.

--------------------------------------------------------------------------------
Update Information:

Update matrix-synapse to v1.147.1
--------------------------------------------------------------------------------
ChangeLog:

* Sun Mar 1 2026 Kai A. Hiller [V02460@gmail.com] - 0.27.0-1
- Update to v0.27.0
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 0.26.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-151bfcc2af' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 43 Update: mingw-zlib-1.3.2-1.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-0aee6ab474
2026-03-10 00:53:06.309203+00:00
--------------------------------------------------------------------------------

Name : mingw-zlib
Product : Fedora 43
Version : 1.3.2
Release : 1.fc43
URL : https://www.zlib.net/
Summary : MinGW Windows zlib compression library
Description :
MinGW Windows zlib compression library.

--------------------------------------------------------------------------------
Update Information:

Update to 1.3.2.
--------------------------------------------------------------------------------
ChangeLog:

* Sun Mar 1 2026 Sandro Mani [manisandro@gmail.com] - 1.3.2-1
- Update to 1.3.2
* Fri Jan 16 2026 Fedora Release Engineering [releng@fedoraproject.org] - 1.3.1-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2427811 - CVE-2026-22184 mingw-zlib: zlib: Arbitrary code execution via buffer overflow in untgz utility [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2427811
[ 2 ] Bug #2427827 - CVE-2026-22184 mingw-zlib: zlib: Arbitrary code execution via buffer overflow in untgz utility [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2427827
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-0aee6ab474' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 43 Update: polkit-126-6.fc43.1


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-0e9ef494fc
2026-03-10 00:53:06.309253+00:00
--------------------------------------------------------------------------------

Name : polkit
Product : Fedora 43
Version : 126
Release : 6.fc43.1
URL : https://github.com/polkit-org/polkit
Summary : An authorization framework
Description :
polkit is a toolkit for defining and handling authorizations. It is
used for allowing unprivileged processes to speak to privileged
processes.

--------------------------------------------------------------------------------
Update Information:

backport of upstream commits 9dca831, 4e67dde
--------------------------------------------------------------------------------
ChangeLog:

* Wed Mar 4 2026 Jan Rybar [jrybar@redhat.com] - 126-6.1
- backport of upstream commits 9dca831, 4e67dde
- PolkitSubject: avoid g_dbus warning
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-0e9ef494fc' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 43 Update: matrix-synapse-1.147.1-1.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-151bfcc2af
2026-03-10 00:53:06.309222+00:00
--------------------------------------------------------------------------------

Name : matrix-synapse
Product : Fedora 43
Version : 1.147.1
Release : 1.fc43
URL : https://github.com/element-hq/synapse
Summary : A Matrix reference homeserver written in Python using Twisted
Description :
Matrix is an ambitious new ecosystem for open federated Instant Messaging and
VoIP. Synapse is a reference "homeserver" implementation of Matrix from the
core development team at matrix.org, written in Python/Twisted. It is intended
to showcase the concept of Matrix and let folks see the spec in the context of
a coded base and let you run your own homeserver and generally help bootstrap
the ecosystem.

--------------------------------------------------------------------------------
Update Information:

Update matrix-synapse to v1.147.1
--------------------------------------------------------------------------------
ChangeLog:

* Sun Mar 1 2026 Kai A. Hiller [V02460@gmail.com] - 1.147.1-1
- Update to v1.147.1 (CVE-2026-24044)
* Sun Mar 1 2026 Kai A. Hiller [V02460@gmail.com] - 1.146.0-1
- Update to v1.146.0
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-151bfcc2af' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 44 Update: chromium-145.0.7632.159-1.fc44


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-b7b02bebba
2026-03-10 00:15:09.903174+00:00
--------------------------------------------------------------------------------

Name : chromium
Product : Fedora 44
Version : 145.0.7632.159
Release : 1.fc44
URL : http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).

--------------------------------------------------------------------------------
Update Information:

Update to 145.0.7632.159
CVE-2026-3536: Integer overflow in ANGLE
CVE-2026-3537: Object lifecycle issue in PowerVR
CVE-2026-3538: Integer overflow in Skia
CVE-2026-3539: Object lifecycle issue in DevTools
CVE-2026-3540: Inappropriate implementation in WebAudio
CVE-2026-3541: Inappropriate implementation in CSS
CVE-2026-3542: Inappropriate implementation in WebAssembly
CVE-2026-3543: Inappropriate implementation in V8
CVE-2026-3544: Heap buffer overflow in WebCodecs
CVE-2026-3545: Insufficient data validation in Navigation
--------------------------------------------------------------------------------
ChangeLog:

* Fri Mar 6 2026 Than Ngo [than@redhat.com] - 145.0.7632.159-1
- Update to 145.0.7632.159
* CVE-2026-3536: Integer overflow in ANGLE
* CVE-2026-3537: Object lifecycle issue in PowerVR
* CVE-2026-3538: Integer overflow in Skia
* CVE-2026-3539: Object lifecycle issue in DevTools
* CVE-2026-3540: Inappropriate implementation in WebAudio
* CVE-2026-3541: Inappropriate implementation in CSS
* CVE-2026-3542: Inappropriate implementation in WebAssembly
* CVE-2026-3543: Inappropriate implementation in V8
* CVE-2026-3544: Heap buffer overflow in WebCodecs
* CVE-2026-3545: Insufficient data validation in Navigation
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-b7b02bebba' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new


Imagemagick security update for Debian 13

Kernel, GnuTLS, NSS, an dmore updates for Oracle Linux

Windows

Linux

macOS

Community

  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...