Fedora 44 Update: chromium-150.0.7871.46-1.fc44
Fedora 44 Update: clamav-1.4.5-1.fc44
Fedora 44 Update: perl-Crypt-ScryptKDF-0.011-1.fc44
Fedora 44 Update: nextcloud-33.0.6-1.fc44
Fedora 44 Update: mariadb10.11-10.11.18-2.fc44
Fedora 44 Update: python-jupyter-server-2.20.0-1.fc44
Fedora 44 Update: nsd-4.14.3-1.fc44
Fedora 44 Update: python-streamlink-8.4.0-1.fc44
Fedora 43 Update: chromium-150.0.7871.46-1.fc43
Fedora 43 Update: nextcloud-33.0.6-1.fc43
Fedora 43 Update: python-jupyter-server-2.20.0-1.fc43
Fedora 43 Update: mariadb11.8-11.8.8-1.fc43
Fedora 43 Update: python-streamlink-8.4.0-1.fc43
Fedora 43 Update: nsd-4.14.3-1.fc43
[SECURITY] Fedora 44 Update: chromium-150.0.7871.46-1.fc44
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-94bb57e96c
2026-07-05 01:07:02.694289+00:00
--------------------------------------------------------------------------------
Name : chromium
Product : Fedora 44
Version : 150.0.7871.46
Release : 1.fc44
URL : http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).
--------------------------------------------------------------------------------
Update Information:
chromium-150.0.7871.46 security release includes 433 security fixes,
CVE-2026-13774 - CVE-2026-14432
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jul 1 2026 Than Ngo [than@redhat.com] - 150.0.7871.46-1
- Update to 150.0.7871.46
* CVE-2026-13774: Use after free in Extensions
* CVE-2026-13775: Use after free in GPU
* CVE-2026-13776: Type Confusion in Dawn
* CVE-2026-13777: Insufficient validation of untrusted input in iOSWeb
* CVE-2026-13778: Use after free in WebUSB
* CVE-2026-13779: Use after free in Chromoting
* CVE-2026-13780: Insufficient validation of untrusted input in ANGLE
* CVE-2026-13781: Insufficient validation of untrusted input in Skia
* CVE-2026-13782: Use after free in Browser
* CVE-2026-13783: Use after free in Views
* CVE-2026-13784: Use after free in Views
* CVE-2026-13785: Use after free in Bluetooth
* CVE-2026-13786: Use after free in Ozone
* CVE-2026-13787: Use after free in Chromoting
* CVE-2026-13788: Use after free in Fullscreen
* CVE-2026-13789: Use after free in GPU
* CVE-2026-13790: Side-channel information leakage in Scroll
* CVE-2026-13791: Insufficient validation of untrusted input in Downloads
* CVE-2026-13792: Use after free in Touchbar
* CVE-2026-13793: Insufficient policy enforcement in SVG
* CVE-2026-13794: Insufficient validation of untrusted input in WebAppInstalls
* CVE-2026-13795: Insufficient policy enforcement in Chrome for iOS
* CVE-2026-13796: Integer overflow in Chromecast
* CVE-2026-13797: Insufficient validation of untrusted input in Chromecast
* CVE-2026-13798: Heap buffer overflow in Chromecast
* CVE-2026-13799: Use after free in QUIC
* CVE-2026-13800: Inappropriate implementation in Updater
* CVE-2026-13801: Integer overflow in Chromecast
* CVE-2026-13802: Use after free in Views
* CVE-2026-13803: Type Confusion in Chrome Tabs
* CVE-2026-13804: Use after free in Chromecast
* CVE-2026-13805: Use after free in GFX
* CVE-2026-13806: Insufficient validation of untrusted input in Accessibility
* CVE-2026-13807: Use after free in Import
* CVE-2026-13808: Insufficient data validation in Chrome for iOS
* CVE-2026-13809: Side-channel information leakage in Safe Browsing
* CVE-2026-13810: Inappropriate implementation in Input
* CVE-2026-13811: Use after free in IME
* CVE-2026-13812: Insufficient validation of untrusted input in Chrome for iOS
* CVE-2026-13813: Insufficient validation of untrusted input in Chrome for iOS
* CVE-2026-13814: Use after free in Views
* CVE-2026-13815: Use after free in Blink
* CVE-2026-13816: Insufficient validation of untrusted input in File Input
* CVE-2026-13817: Insufficient validation of untrusted input in Glic
* CVE-2026-13818: Inappropriate implementation in Passwords
* CVE-2026-13819: Out of bounds read in ANGLE
* CVE-2026-13820: Out of bounds read in Skia
* CVE-2026-13821: Use after free in Canvas
* CVE-2026-13822: Inappropriate implementation in Extensions
* CVE-2026-13823: Use after free in Glic
* CVE-2026-13824: Insufficient validation of untrusted input in Extensions
* CVE-2026-13825: Uninitialized Use in Dawn
* CVE-2026-13826: Inappropriate implementation in Autofill
* CVE-2026-13827: Use after free in Updater
* CVE-2026-13828: Inappropriate implementation in Enterprise
* CVE-2026-13829: Insufficient validation of untrusted input in Settings
* CVE-2026-13830: Use after free in Chromoting
* CVE-2026-13831: Use after free in GPU
* CVE-2026-13832: Use after free in Headless
* CVE-2026-13833: Uninitialized Use in ANGLE
* CVE-2026-13834: Insufficient validation of untrusted input in ANGLE
* CVE-2026-13835: Inappropriate implementation in XML
* CVE-2026-13836: Inappropriate implementation in CSS
* CVE-2026-13837: Inappropriate implementation in CSS
* CVE-2026-13838: Inappropriate implementation in CSS
* CVE-2026-13839: Inappropriate implementation in CSS
* CVE-2026-13840: Insufficient policy enforcement in Canvas
* CVE-2026-13841: Integer overflow in Skia
* CVE-2026-13842: Incorrect security UI in Chrome for iOS
* CVE-2026-13843: Insufficient validation of untrusted input in Chrome for iOS
* CVE-2026-13844: Use after free in Updater
* CVE-2026-13845: Use after free in DOM
* CVE-2026-13846: Use after free in USB
* CVE-2026-13847: Insufficient validation of untrusted input in Chrome for iOS
* CVE-2026-13848: Use after free in Forms
* CVE-2026-13849: Insufficient validation of untrusted input in Chromoting
* CVE-2026-13850: Insufficient validation of untrusted input in Chrome for iOS
* CVE-2026-13851: Insufficient validation of untrusted input in WebAppInstalls
* CVE-2026-13852: Insufficient validation of untrusted input in WebAppInstalls
* CVE-2026-13853: Use after free in Journeys
* CVE-2026-13854: Use after free in Ozone
* CVE-2026-13855: Use after free in Ozone
* CVE-2026-13856: Insufficient validation of untrusted input in Speech
* CVE-2026-13857: Inappropriate implementation in Geometry
* CVE-2026-13858: Out of bounds read in FFmpeg
* CVE-2026-13859: Inappropriate implementation in ANGLE
* CVE-2026-13860: Incorrect security UI in Autofill
* CVE-2026-13861: Use after free in Core
* CVE-2026-13862: Insufficient policy enforcement in Web Authentication (Passkeys & Security Keys)
* CVE-2026-13863: Insufficient validation of untrusted input in CustomTabs
* CVE-2026-13864: Insufficient policy enforcement in WebHID
* CVE-2026-13865: Insufficient validation of untrusted input in Enterprise
* CVE-2026-13866: Insufficient validation of untrusted input in Input
* CVE-2026-13867: Inappropriate implementation in Geolocation
* CVE-2026-13868: Inappropriate implementation in Network
* CVE-2026-13869: Use after free in Device
* CVE-2026-13870: Use after free in WebView
* CVE-2026-13871: Insufficient data validation in GuestView
* CVE-2026-13872: Insufficient validation of untrusted input in WebAppInstalls
* CVE-2026-13873: Out of bounds memory access in Layout
* CVE-2026-13874: Inappropriate implementation in DataTransfer
* CVE-2026-13875: Insufficient validation of untrusted input in GPU
* CVE-2026-13876: Inappropriate implementation in Network
* CVE-2026-13877: Insufficient validation of untrusted input in ANGLE
* CVE-2026-13878: Use after free in Bluetooth
* CVE-2026-13879: Use after free in Bluetooth
* CVE-2026-13880: Use after free in USB
* CVE-2026-13881: Insufficient data validation in WebAppInstalls
* CVE-2026-13882: Inappropriate implementation in USB
* CVE-2026-13883: Type Confusion in ANGLE
* CVE-2026-13884: Heap buffer overflow in Chromecast
* CVE-2026-13885: Use after free in Skia
* CVE-2026-13886: Policy bypass in Isolated Web Apps
* CVE-2026-13887: Insufficient policy enforcement in NFC
* CVE-2026-13888: Use after free in Extensions
* CVE-2026-13889: Insufficient validation of untrusted input in WebAuthentication
* CVE-2026-13890: Out of bounds read in Chromecast
* CVE-2026-13891: Insufficient validation of untrusted input in Extensions
* CVE-2026-13892: Inappropriate implementation in Chrome for iOS
* CVE-2026-13893: Insufficient validation of untrusted input in WebUI
* CVE-2026-13894: Insufficient policy enforcement in Network
* CVE-2026-13895: Inappropriate implementation in Autofill
* CVE-2026-13896: Insufficient policy enforcement in Glic
* CVE-2026-13897: Insufficient policy enforcement in Chromecast
* CVE-2026-13898: Use after free in Cast Receiver
* CVE-2026-13899: Use after free in HTML
* CVE-2026-13900: Insufficient validation of untrusted input in Chromecast
* CVE-2026-13901: Insufficient validation of untrusted input in Serial
* CVE-2026-13902: Inappropriate implementation in Chrome for iOS
* CVE-2026-13903: Insufficient policy enforcement in Bluetooth
* CVE-2026-13904: Incorrect security UI in Safe Browsing
* CVE-2026-13905: Incorrect security UI in Chrome for iOS
* CVE-2026-13906: Out of bounds read in Codecs
* CVE-2026-13907: Inappropriate implementation in iOSWeb
* CVE-2026-13908: Insufficient validation of untrusted input in Omnibox
* CVE-2026-13909: Insufficient policy enforcement in DevTools
* CVE-2026-13910: Insufficient policy enforcement in WebXR
* CVE-2026-13911: Insufficient data validation in Spellcheck
* CVE-2026-13912: Incorrect security UI in Safe Browsing
* CVE-2026-13913: Insufficient policy enforcement in Autofill
* CVE-2026-13914: Inappropriate implementation in Passwords
* CVE-2026-13915: Use after free in Chrome for iOS
* CVE-2026-13916: Inappropriate implementation in Chrome for iOS
* CVE-2026-13917: Insufficient validation of untrusted input in Chrome for iOS
* CVE-2026-13918: Use after free in Chrome for iOS
* CVE-2026-13919: Insufficient data validation in Extensions
* CVE-2026-13920: Insufficient validation of untrusted input in Media
* CVE-2026-13921: Insufficient validation of untrusted input in DeviceBoundSessionCredentials
* CVE-2026-13922: Side-channel information leakage in Paint
* CVE-2026-13923: Uninitialized Use in GPU
* CVE-2026-13924: Insufficient validation of untrusted input in WebView
* CVE-2026-13925: Inappropriate implementation in Downloads
* CVE-2026-13926: Insufficient validation of untrusted input in Network
* CVE-2026-13927: Insufficient validation of untrusted input in UI
* CVE-2026-13928: Insufficient validation of untrusted input in Enterprise
* CVE-2026-13929: Insufficient validation of untrusted input in DevTools
* CVE-2026-13930: Insufficient policy enforcement in Actor
* CVE-2026-13931: Inappropriate implementation in Media
* CVE-2026-13932: Inappropriate implementation in Sharing
* CVE-2026-13933: Insufficient policy enforcement in Passwords
* CVE-2026-13934: Insufficient validation of untrusted input in Dawn
* CVE-2026-13935: Side-channel information leakage in ComputePressure
* CVE-2026-13936: Inappropriate implementation in Passwords
* CVE-2026-13937: Insufficient policy enforcement in Passwords
* CVE-2026-13938: Integer overflow in Fonts
* CVE-2026-13939: Insufficient validation of untrusted input in WebShare
* CVE-2026-13940: Uninitialized Use in Cast
* CVE-2026-13941: Inappropriate implementation in SiteSettings
* CVE-2026-13942: Insufficient validation of untrusted input in Video Capture
* CVE-2026-13943: Uninitialized Use in CSS
* CVE-2026-13944: Inappropriate implementation in DataTransfer
* CVE-2026-13945: Insufficient policy enforcement in Extensions
* CVE-2026-13946: Inappropriate implementation in ScriptInjections
* CVE-2026-13947: Uninitialized Use in XR
* CVE-2026-13948: Insufficient policy enforcement in Extensions
* CVE-2026-13949: Insufficient policy enforcement in Payments
* CVE-2026-13950: Uninitialized Use in GPU
* CVE-2026-13951: Policy bypass in USB
* CVE-2026-13952: Inappropriate implementation in PerformanceAPIs
* CVE-2026-13953: Inappropriate implementation in SplitView
* CVE-2026-13954: Insufficient policy enforcement in XML
* CVE-2026-13955: Insufficient validation of untrusted input in CustomTabs
* CVE-2026-13956: Incorrect security UI in PageInfo
* CVE-2026-13957: Incorrect security UI in Extensions
* CVE-2026-13958: Uninitialized Use in Codecs
* CVE-2026-13959: Insufficient validation of untrusted input in Blink
* CVE-2026-13960: Inappropriate implementation in Passwords
* CVE-2026-13961: Insufficient validation of untrusted input in DevTools
* CVE-2026-13962: Insufficient data validation in PDF
* CVE-2026-13963: Inappropriate implementation in DevTools
* CVE-2026-13964: Insufficient policy enforcement in WebView
* CVE-2026-13965: Use after free in Oilpan
* CVE-2026-13966: Inappropriate implementation in History
* CVE-2026-13967: Type Confusion in V8
* CVE-2026-13968: Insufficient validation of untrusted input in DevTools
* CVE-2026-13969: Uninitialized Use in UI
* CVE-2026-13970: Uninitialized Use in Media
* CVE-2026-13971: Uninitialized Use in Skia
* CVE-2026-13972: Inappropriate implementation in Paint
* CVE-2026-13973: Inappropriate implementation in UI
* CVE-2026-13974: Integer overflow in Safe Browsing
* CVE-2026-13975: Out of bounds read in ANGLE
* CVE-2026-13976: Heap buffer overflow in Storage
* CVE-2026-13977: Inappropriate implementation in HTMLParser
* CVE-2026-13978: Insufficient policy enforcement in PageInfo
* CVE-2026-13979: Inappropriate implementation in Paint
* CVE-2026-13980: Incorrect security UI in Chrome for iOS
* CVE-2026-13981: Inappropriate implementation in Chrome for iOS
* CVE-2026-13982: Incorrect security UI in Passwords
* CVE-2026-13983: Incorrect security UI in Chrome for iOS
* CVE-2026-13984: Incorrect security UI in TabStrip
* CVE-2026-13985: Inappropriate implementation in MediaCapture
* CVE-2026-13986: Inappropriate implementation in Media UI
* CVE-2026-13987: Incorrect security UI in Mobile
* CVE-2026-13988: Inappropriate implementation in Paint
* CVE-2026-13989: Insufficient policy enforcement in PageInfo
* CVE-2026-13990: Insufficient validation of untrusted input in DataTransfer
* CVE-2026-13991: Insufficient validation of untrusted input in Chrome for iOS
* CVE-2026-13992: Inappropriate implementation in UI
* CVE-2026-13993: Incorrect security UI in WebAppInstalls
* CVE-2026-13994: Inappropriate implementation in Credential Management
* CVE-2026-13995: Insufficient validation of untrusted input in Autofill
* CVE-2026-13996: Incorrect security UI in Permissions
* CVE-2026-13997: Incorrect security UI in Extensions
* CVE-2026-13998: Incorrect security UI in File Input
* CVE-2026-13999: Inappropriate implementation in Extensions
* CVE-2026-14000: Inappropriate implementation in XML
* CVE-2026-14001: Inappropriate implementation in Network
* CVE-2026-14002: Inappropriate implementation in Geolocation
* CVE-2026-14003: Insufficient policy enforcement in Extensions
* CVE-2026-14004: Inappropriate implementation in CSS
* CVE-2026-14005: Use after free in Omnibox
* CVE-2026-14006: Use after free in Navigation
* CVE-2026-14007: Insufficient policy enforcement in PermissionsPolicy
* CVE-2026-14008: Uninitialized Use in WebXR
* CVE-2026-14009: Insufficient data validation in Passwords
* CVE-2026-14010: Uninitialized Use in Codecs
* CVE-2026-14011: Out of bounds read in SurfaceCapture
* CVE-2026-14012: Side-channel information leakage in CSS
* CVE-2026-14013: Inappropriate implementation in SVG
* CVE-2026-14014: Inappropriate implementation in Paint
* CVE-2026-14015: Inappropriate implementation in WebRTC
* CVE-2026-14016: Insufficient policy enforcement in SVG
* CVE-2026-14017: Inappropriate implementation in Navigation
* CVE-2026-14018: Use after free in Updater
* CVE-2026-14019: Inappropriate implementation in Passwords
* CVE-2026-14020: Insufficient validation of untrusted input in WebXR
* CVE-2026-14021: Insufficient validation of untrusted input in StorageAccessAPI
* CVE-2026-14022: Insufficient validation of untrusted input in Network
* CVE-2026-14023: Insufficient validation of untrusted input in SanitizerAPI
* CVE-2026-14024: Use after free in Ozone
* CVE-2026-14025: Use after free in Views
* CVE-2026-14026: Incorrect security UI in SplitView
* CVE-2026-14027: Use after free in SignIn
* CVE-2026-14028: Incorrect security UI in Chrome for iOS
* CVE-2026-14030: Incorrect security UI in SplitView
* CVE-2026-14031: Incorrect security UI in File Input
* CVE-2026-14032: Use after free in Bluetooth
* CVE-2026-14033: Insufficient policy enforcement in Media
* CVE-2026-14034: Inappropriate implementation in WebXR
* CVE-2026-14035: Insufficient policy enforcement in Bluetooth
* CVE-2026-14036: Insufficient policy enforcement in Bluetooth
* CVE-2026-14037: Insufficient policy enforcement in GPU
* CVE-2026-14038: Insufficient validation of untrusted input in New Tab Page
* CVE-2026-14039: Insufficient policy enforcement in GetUserMedia
* CVE-2026-14040: Use after free in BrowserTag
* CVE-2026-14041: Insufficient policy enforcement in Serial
* CVE-2026-14042: Inappropriate implementation in Isolated Web Apps
* CVE-2026-14043: Use after free in GetUserMedia
* CVE-2026-14044: Use after free in ANGLE
* CVE-2026-14045: Insufficient validation of untrusted input in Network
* CVE-2026-14046: Inappropriate implementation in CustomTabs
* CVE-2026-14047: Insufficient policy enforcement in Extensions
* CVE-2026-14048: Use after free in Chromecast
* CVE-2026-14049: Inappropriate implementation in GPU
* CVE-2026-14050: Insufficient policy enforcement in Passwords
* CVE-2026-14051: Uninitialized Use in GamepadAPI
* CVE-2026-14052: Insufficient policy enforcement in FileSystem
* CVE-2026-14053: Insufficient policy enforcement in Extensions
* CVE-2026-14054: Insufficient policy enforcement in Network
* CVE-2026-14055: Insufficient validation of untrusted input in Device Trust
* CVE-2026-14056: Insufficient validation of untrusted input in Media
* CVE-2026-14057: Insufficient policy enforcement in FedCM
* CVE-2026-14058: Policy bypass in Parser
* CVE-2026-14059: Insufficient policy enforcement in Related-Website-Sets
* CVE-2026-14060: Insufficient validation of untrusted input in Chromoting
* CVE-2026-14061: Inappropriate implementation in Dawn
* CVE-2026-14062: Inappropriate implementation in Views
* CVE-2026-14063: Out of bounds memory access in Chromecast
* CVE-2026-14064: Use after free in PageInfo
* CVE-2026-14065: Insufficient validation of untrusted input in PageInfo
* CVE-2026-14066: Insufficient validation of untrusted input in Chrome for iOS
* CVE-2026-14067: Use after free in Chrome for iOS
* CVE-2026-14068: Inappropriate implementation in Omnibox
* CVE-2026-14069: Integer overflow in WebNN
* CVE-2026-14070: Uninitialized Use in WebNN
* CVE-2026-14071: Side-channel information leakage in WebAudio
* CVE-2026-14072: Incorrect security UI in SplitView
* CVE-2026-14073: Insufficient policy enforcement in WebXR
* CVE-2026-14074: Side-channel information leakage in WebAuthentication
* CVE-2026-14075: Policy bypass in Chrome for iOS
* CVE-2026-14076: Policy bypass in Network
* CVE-2026-14077: Incorrect security UI in Select
* CVE-2026-14078: Policy bypass in WebRTC
* CVE-2026-14079: Policy bypass in Network
* CVE-2026-14080: Insufficient validation of untrusted input in TabSwitcher
* CVE-2026-14081: Insufficient policy enforcement in DevTools
* CVE-2026-14082: Race in Storage
* CVE-2026-14083: Insufficient validation of untrusted input in HTML
* CVE-2026-14084: Insufficient validation of untrusted input in Chromoting
* CVE-2026-14085: Side-channel information leakage in CSS
* CVE-2026-14086: Insufficient policy enforcement in HID
* CVE-2026-14087: Insufficient validation of untrusted input in WebNN
* CVE-2026-14088: Uninitialized Use in Canvas
* CVE-2026-14089: Insufficient validation of untrusted input in PopupBlocker
* CVE-2026-14090: Out of bounds read in CameraCapture
* CVE-2026-14091: Use after free in DevTools
* CVE-2026-14092: Insufficient policy enforcement in Privacy
* CVE-2026-14093: Use after free in Cast
* CVE-2026-14094: Use after free in Installer
* CVE-2026-14095: Insufficient validation of untrusted input in Browser
* CVE-2026-14096: Object lifecycle issue in Input
* CVE-2026-14097: Inappropriate implementation in WebAppInstalls
* CVE-2026-14098: Inappropriate implementation in CSS
* CVE-2026-14099: Use after free in Chrome for iOS
* CVE-2026-14100: Insufficient data validation in NetworkCache
* CVE-2026-14101: Insufficient policy enforcement in Sandbox
* CVE-2026-14102: Use after free in Passwords
* CVE-2026-14103: Use after free in SSL
* CVE-2026-14104: Insufficient validation of untrusted input in WebAppInstalls
* CVE-2026-14105: Insufficient policy enforcement in Speech
* CVE-2026-14106: Insufficient validation of untrusted input in Text
* CVE-2026-14107: Use after free in Scheduling
* CVE-2026-14108: Use after free in PDFium
* CVE-2026-14109: Insufficient policy enforcement in Mojo
* CVE-2026-14110: Inappropriate implementation in DarkMode
* CVE-2026-14111: Use after free in WebProtect
* CVE-2026-14112: Inappropriate implementation in Enterprise
* CVE-2026-14113: Use after free in Updater
* CVE-2026-14114: Inappropriate implementation in WebAppInstalls
* CVE-2026-14115: Insufficient validation of untrusted input in Cast
* CVE-2026-14116: Insufficient validation of untrusted input in DevTools
* CVE-2026-14117: Insufficient validation of untrusted input in DevTools
* CVE-2026-14118: Insufficient data validation in DevTools
* CVE-2026-14119: Type Confusion in Bluetooth
* CVE-2026-14120: Inappropriate implementation in DevTools
* CVE-2026-14121: Use after free in Chromoting
* CVE-2026-14122: Insufficient validation of untrusted input in WebAppInstalls
* CVE-2026-14123: Incorrect security UI in Chrome for iOS
* CVE-2026-14124: Inappropriate implementation in CredentialProvider
* CVE-2026-14125: Uninitialized Use in ANGLE
* CVE-2026-14126: Incorrect security UI in UI
* CVE-2026-14127: Inappropriate implementation in Printing
* CVE-2026-14128: Insufficient data validation in Chrome for iOS
* CVE-2026-14129: Incorrect security UI in PreviewTab
* CVE-2026-14130: Incorrect security UI in Omnibox
* CVE-2026-14131: Insufficient validation of untrusted input in WebAppInstalls
* CVE-2026-14132: Inappropriate implementation in WebXR
* CVE-2026-14133: Race in History Embeddings
* CVE-2026-14134: Inappropriate implementation in Autofill
* CVE-2026-14135: Insufficient validation of untrusted input in Network
* CVE-2026-14136: Incorrect security UI in Chrome for iOS
* CVE-2026-14137: Insufficient validation of untrusted input in Chrome for iOS
* CVE-2026-14138: Inappropriate implementation in WebAppInstalls
* CVE-2026-14139: Inappropriate implementation in TabStrip
* CVE-2026-14140: Insufficient validation of untrusted input in Input
* CVE-2026-14141: Incorrect security UI in Document Picture-in-Picture
* CVE-2026-14142: Inappropriate implementation in Extensions
* CVE-2026-14143: Incorrect security UI in Passwords
* CVE-2026-14144: Incorrect security UI in Views
* CVE-2026-14145: Inappropriate implementation in CSS
* CVE-2026-14146: Inappropriate implementation in CSS
* CVE-2026-14147: Inappropriate implementation in CSS
* CVE-2026-14148: Type Confusion in CSS
* CVE-2026-14149: Use after free in Audio
* CVE-2026-14150: Insufficient validation of untrusted input in Speech
* CVE-2026-14151: Inappropriate implementation in AI
* CVE-2026-14152: Out of bounds write in ANGLE
* CVE-2026-14153: Inappropriate implementation in Glic
* CVE-2026-14154: Inappropriate implementation in DevTools
* CVE-2026-14155: Insufficient policy enforcement in StorageAccessAPI
* CVE-2026-14156: Policy bypass in StorageAccessAPI
- Remove Darkmode patches, which are already included in v150
- Refresh patches for v150
- Fix FTBFS with system ffmpeg
- Backport upstream patches to fix FTBFS
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2495844 - CVE-2026-14101 chromium: chromium-browser: Insufficient policy enforcement in Sandbox [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2495844
[ 2 ] Bug #2495845 - CVE-2026-14101 chromium: chromium-browser: Insufficient policy enforcement in Sandbox [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2495845
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-94bb57e96c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 44 Update: clamav-1.4.5-1.fc44
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-69c55ea36c
2026-07-05 01:07:02.694261+00:00
--------------------------------------------------------------------------------
Name : clamav
Product : Fedora 44
Version : 1.4.5
Release : 1.fc44
URL : https://www.clamav.net/
Summary : End-user tools for the Clam Antivirus scanner
Description :
Clam AntiVirus is an anti-virus toolkit for UNIX. The main purpose of this
software is the integration with mail servers (attachment scanning). The
package provides a flexible and scalable multi-threaded daemon, a command
line scanner, and a tool for automatic updating via Internet. The programs
are based on a shared library distributed with the Clam AntiVirus package,
which you can use with your own software. The virus database is based on
the virus database from OpenAntiVirus, but contains additional signatures
(including signatures for popular polymorphic viruses, too) and is KEPT UP
TO DATE.
--------------------------------------------------------------------------------
Update Information:
Fixes for multiple CVEs https://github.com/Cisco-
Talos/clamav/releases/tag/clamav-1.4.5
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jul 2 2026 Gwyn Ciesla [gwync@protonmail.com] - 1.4.5-1
- Update to 1.4.5
* Fri Jun 12 2026 Yaakov Selkowitz [yselkowi@redhat.com] - 1.4.4-2
- Rebuilt for openssl 4.0
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-69c55ea36c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 44 Update: perl-Crypt-ScryptKDF-0.011-1.fc44
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-b244acadbe
2026-07-05 01:07:02.694249+00:00
--------------------------------------------------------------------------------
Name : perl-Crypt-ScryptKDF
Product : Fedora 44
Version : 0.011
Release : 1.fc44
URL : https://metacpan.org/release/Crypt-ScryptKDF
Summary : Scrypt password based key derivation function
Description :
Scrypt is a password-based key derivation function (like for example
PBKDF2). Scrypt was designed to be "memory-hard" algorithm in order to make
it expensive to perform large scale custom hardware attacks.
--------------------------------------------------------------------------------
Update Information:
perl-Crypt-ScryptKDF: 0.011 release
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jun 26 2026 Denis Fateyev [denis@fateyev.com] - 0.011-1
- Update to 0.011 version
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2478137 - perl-Crypt-ScryptKDF-0.011 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2478137
[ 2 ] Bug #2484583 - CVE-2026-8647 perl-Crypt-ScryptKDF: Crypt::ScryptKDF for Perl uses insecure random number source when no CSPRNG module is available [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2484583
[ 3 ] Bug #2484584 - CVE-2026-8647 perl-Crypt-ScryptKDF: Crypt::ScryptKDF for Perl uses insecure random number source when no CSPRNG module is available [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2484584
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-b244acadbe' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 44 Update: nextcloud-33.0.6-1.fc44
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-ee50c21f92
2026-07-05 01:07:02.694223+00:00
--------------------------------------------------------------------------------
Name : nextcloud
Product : Fedora 44
Version : 33.0.6
Release : 1.fc44
URL : http://nextcloud.com
Summary : Private file sync and share server
Description :
NextCloud gives you universal access to your files through a web interface or
WebDAV. It also provides a platform to easily view & sync your contacts,
calendars and bookmarks across all your devices and enables basic editing right
on the web. NextCloud is extendable via a simple but powerful API for
applications and plugins.
--------------------------------------------------------------------------------
Update Information:
33.0.6 Release
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jun 26 2026 Andrew Bauer [zonexpertconsulting@outlook.com] - 33.0.6-1
- 33.0.6 release
* Tue Jun 9 2026 Brian J. Murrell [brian@interlinx.bc.ca] - 33.0.5-2
- Dynamically determine which .map file to update the occ upgrade command
in
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2486357 - nextcloud-34.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2486357
[ 2 ] Bug #2486491 - CVE-2026-41150 nextcloud: Mermaid: Denial of Service via specially crafted gantt charts [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2486491
[ 3 ] Bug #2486496 - CVE-2026-41150 nextcloud: Mermaid: Denial of Service via specially crafted gantt charts [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2486496
[ 4 ] Bug #2487344 - .map file update is fragile
https://bugzilla.redhat.com/show_bug.cgi?id=2487344
[ 5 ] Bug #2487477 - CVE-2026-8723 nextcloud: qs: Denial of Service due to improper handling of null/undefined array elements [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2487477
[ 6 ] Bug #2487498 - CVE-2026-8723 nextcloud: qs: Denial of Service due to improper handling of null/undefined array elements [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2487498
[ 7 ] Bug #2488103 - CVE-2026-44495 nextcloud: Axios: Information disclosure due to prototype pollution vulnerability [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2488103
[ 8 ] Bug #2488116 - CVE-2026-44489 nextcloud: Axios: Information disclosure via Prototype Pollution [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2488116
[ 9 ] Bug #2488118 - CVE-2026-44495 nextcloud: Axios: Information disclosure due to prototype pollution vulnerability [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2488118
[ 10 ] Bug #2488119 - CVE-2026-44489 nextcloud: Axios: Information disclosure via Prototype Pollution [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2488119
[ 11 ] Bug #2488129 - CVE-2026-44490 nextcloud: Axios: Information disclosure and denial of service due to prototype pollution [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2488129
[ 12 ] Bug #2488137 - CVE-2026-44490 nextcloud: Axios: Information disclosure and denial of service due to prototype pollution [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2488137
[ 13 ] Bug #2488146 - CVE-2026-44488 nextcloud: Axios: Denial of Service due to unenforced request and response size limits [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2488146
[ 14 ] Bug #2488154 - CVE-2026-44488 nextcloud: Axios: Denial of Service due to unenforced request and response size limits [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2488154
[ 15 ] Bug #2488159 - CVE-2026-44487 nextcloud: Axios: Information disclosure of proxy credentials via redirect flows [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2488159
[ 16 ] Bug #2488171 - CVE-2026-44487 nextcloud: Axios: Information disclosure of proxy credentials via redirect flows [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2488171
[ 17 ] Bug #2488186 - CVE-2026-44494 nextcloud: Axios: Man-in-the-Middle (MITM) attack via Prototype Pollution [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2488186
[ 18 ] Bug #2488188 - CVE-2026-44494 nextcloud: Axios: Man-in-the-Middle (MITM) attack via Prototype Pollution [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2488188
[ 19 ] Bug #2488192 - CVE-2026-44486 nextcloud: Axios: Information disclosure of proxy credentials via HTTP redirects [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2488192
[ 20 ] Bug #2488196 - CVE-2026-44486 nextcloud: Axios: Information disclosure of proxy credentials via HTTP redirects [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2488196
[ 21 ] Bug #2488202 - CVE-2026-44496 nextcloud: Axios: Client-side Denial of Service via unescaped regex metacharacters in XSRF cookie name [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2488202
[ 22 ] Bug #2488207 - CVE-2026-44496 nextcloud: Axios: Client-side Denial of Service via unescaped regex metacharacters in XSRF cookie name [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2488207
[ 23 ] Bug #2488219 - CVE-2026-44492 nextcloud: Axios: Proxy bypass via IPv4-mapped IPv6 address non-normalization [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2488219
[ 24 ] Bug #2488224 - CVE-2026-44492 nextcloud: Axios: Proxy bypass via IPv4-mapped IPv6 address non-normalization [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2488224
[ 25 ] Bug #2488275 - CVE-2026-48998 nextcloud: guzzlehttp/psr7: Information disclosure via improper Host header validation [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2488275
[ 26 ] Bug #2488278 - CVE-2026-48998 nextcloud: guzzlehttp/psr7: Information disclosure via improper Host header validation [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2488278
[ 27 ] Bug #2489107 - CVE-2026-49214 nextcloud: `guzzlehttp/psr7`: Request Smuggling and Cache Poisoning via HTTP Header Injection [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2489107
[ 28 ] Bug #2489108 - CVE-2026-49214 nextcloud: `guzzlehttp/psr7`: Request Smuggling and Cache Poisoning via HTTP Header Injection [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2489108
[ 29 ] Bug #2489147 - CVE-2026-41148 nextcloud: Mermaid: CSS injection vulnerability allows page defacement and information disclosure [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2489147
[ 30 ] Bug #2489154 - CVE-2026-41148 nextcloud: Mermaid: CSS injection vulnerability allows page defacement and information disclosure [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2489154
[ 31 ] Bug #2489164 - CVE-2026-54133 nextcloud: jmespath.php has CompilerRuntime code injection via unescaped function names [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2489164
[ 32 ] Bug #2489165 - CVE-2026-54133 nextcloud: jmespath.php has CompilerRuntime code injection via unescaped function names [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2489165
[ 33 ] Bug #2489259 - CVE-2026-41149 nextcloud: Mermaid: HTML injection via classDef directive in state diagrams [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2489259
[ 34 ] Bug #2489262 - CVE-2026-41149 nextcloud: Mermaid: HTML injection via classDef directive in state diagrams [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2489262
[ 35 ] Bug #2491652 - CVE-2026-42040 nextcloud: Axios: Incorrect null byte handling can lead to data integrity issues [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2491652
[ 36 ] Bug #2491660 - CVE-2026-42040 nextcloud: Axios: Incorrect null byte handling can lead to data integrity issues [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2491660
[ 37 ] Bug #2491781 - CVE-2026-55766 nextcloud: guzzlehttp/psr7: Information disclosure due to improper handling of CR/LF characters in HTTP start-line fields [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2491781
[ 38 ] Bug #2491785 - CVE-2026-55766 nextcloud: guzzlehttp/psr7: Information disclosure due to improper handling of CR/LF characters in HTTP start-line fields [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2491785
[ 39 ] Bug #2491789 - CVE-2026-55568 nextcloud: Guzzle: Information disclosure via cleartext proxy communication [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2491789
[ 40 ] Bug #2491790 - CVE-2026-55767 nextcloud: Guzzle: Cookie injection and session fixation due to improper domain validation [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2491790
[ 41 ] Bug #2491791 - CVE-2026-55568 nextcloud: Guzzle: Information disclosure via cleartext proxy communication [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2491791
[ 42 ] Bug #2491792 - CVE-2026-55767 nextcloud: Guzzle: Cookie injection and session fixation due to improper domain validation [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2491792
[ 43 ] Bug #2492891 - CVE-2026-42264 nextcloud: Axios: Prototype pollution allows information disclosure and request manipulation [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2492891
[ 44 ] Bug #2492905 - CVE-2026-42264 nextcloud: Axios: Prototype pollution allows information disclosure and request manipulation [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2492905
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-ee50c21f92' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 44 Update: mariadb10.11-10.11.18-2.fc44
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-0b7d84b1d6
2026-07-05 01:07:02.694218+00:00
--------------------------------------------------------------------------------
Name : mariadb10.11
Product : Fedora 44
Version : 10.11.18
Release : 2.fc44
URL : http://mariadb.org
Summary : A very fast and robust SQL database server
Description :
MariaDB is a community developed fork from MySQL - a multi-user, multi-threaded
SQL database server. It is a client/server implementation consisting of
a server daemon (mariadbd) and many different client programs and libraries.
The base package contains the standard MariaDB/MySQL client programs and
utilities.
--------------------------------------------------------------------------------
Update Information:
MariaDB 10.11.18
Upstream Release notes:
https://mariadb.com/docs/release-notes/community-server/10.11/10.11.18
Upstream Changelog:
https://mariadb.com/docs/release-notes/community-
server/changelogs/10.11/10.11.18
Fixes CVEs:
CVE-2026-49261 CVE-2026-48165 CVE-2026-48163 CVE-2026-44173 CVE-2026-44172
CVE-2026-44171 CVE-2026-44170 CVE-2026-44168
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jun 25 2026 Franti??ek Zatloukal [fzatlouk@redhat.com] - 3:10.11.18-2
- Rebuilt for fmt/spdlog
* Wed Jun 3 2026 Pavol Sloboda [psloboda@redhat.com] - 3:10.11.18-1
- Rebase to 10.11.18
* Tue May 26 2026 Pavol Sloboda [psloboda@redhat.com] - 3:10.11.17-1
- Rebase to 10.11.17
* Thu Mar 19 2026 Michal Schorm [mschorm@redhat.com] - 3:10.11.16-3
- Bump release for package rebuild
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-0b7d84b1d6' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 44 Update: python-jupyter-server-2.20.0-1.fc44
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-dd1d19e58b
2026-07-05 01:07:02.694197+00:00
--------------------------------------------------------------------------------
Name : python-jupyter-server
Product : Fedora 44
Version : 2.20.0
Release : 1.fc44
URL : https://jupyter-server.readthedocs.io
Summary : The backend for Jupyter web applications
Description :
The Jupyter Server provides the backend (i.e. the core services,
APIs, and REST endpoints) for Jupyter web applications like
Jupyter notebook, JupyterLab, and Voila.
--------------------------------------------------------------------------------
Update Information:
New version fixing high-severity CVE.
New version of jupyter-server fixing various security vulnerabilities.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jun 19 2026 Lumir Balhar [lbalhar@redhat.com] - 2.20.0-1
- Update to 2.20.0 (rhbz#2489836)
* Thu Jun 4 2026 Python Maint - 2.19.0-2
- Rebuilt for Python 3.15
* Mon Jun 1 2026 Lumir Balhar [lbalhar@redhat.com] - 2.19.0-1
- Update to 2.19.0 (rhbz#2483209)
* Mon May 11 2026 Lumir Balhar [lbalhar@redhat.com] - 2.18.2-1
- Update to 2.18.2 (rhbz#2466683)
* Tue May 5 2026 Lumir Balhar [lbalhar@redhat.com] - 2.18.0-1
- Update to 2.18.0 (rhbz#2465646)
* Tue Apr 14 2026 Tom???? Hrn??iar [thrnciar@redhat.com] - 2.17.0-5
- Raise pytest upper bound to allow pytest 9
* Fri Mar 20 2026 Lumir Balhar [lbalhar@redhat.com] - 2.17.0-4
- Ignore deprecation warnings from ptyprocess:pty to fix build with Python
3.15 alpha 7
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2484708 - CVE-2026-35397 python-jupyter-server: Jupyter Server: Unauthorized File Access via Path Traversal Vulnerability [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2484708
[ 2 ] Bug #2484713 - CVE-2026-40934 python-jupyter-server: Jupyter Server: Authentication bypass due to unrotated cookie secret [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2484713
[ 3 ] Bug #2485374 - CVE-2026-6657 python-jupyter-server: jupyter-server: Arbitrary code execution due to CORS origin validation bypass [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2485374
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-dd1d19e58b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 44 Update: nsd-4.14.3-1.fc44
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-dd3a7926a3
2026-07-05 01:07:02.694149+00:00
--------------------------------------------------------------------------------
Name : nsd
Product : Fedora 44
Version : 4.14.3
Release : 1.fc44
URL : http://www.nlnetlabs.nl/nsd/
Summary : Fast and lean authoritative DNS Name Server
Description :
NSD is a complete implementation of an authoritative DNS name server.
For further information about what NSD is and what NSD is not please
consult the REQUIREMENTS document which is a part of this distribution.
--------------------------------------------------------------------------------
Update Information:
Fix for CVE-2026-12244: A specially crafted SVCB RR can cause a heap overflow of
up to 65509 attacker controlled bytes. Thanks to Qifan Zhang, Palo Alto Networks
for the report https://www.nlnetlabs.nl/downloads/nsd/CVE-2026-12244.txt
Fix for CVE-2026-12245: If NSD is configured with DNS over TLS, a client that
performs a TLS action, closing the connection early, causes a crash and restart
of the server process. An attacker can keep all children in a crash-restart loop
denying DoT service. Thanks to Qifan Zhang, Palo Alto Networks for the report.
https://www.nlnetlabs.nl/downloads/nsd/CVE-2026-12245.txt
Fix for CVE-2026-12246: The RR type APL rdata address, if too large, causes out
of bounds write on the stack, when the zonefile is written out. Thanks to Qifan
Zhang from Palo Alto Networks, Haruki Oyama from Waseda University and zhangph
for the report. https://www.nlnetlabs.nl/downloads/nsd/CVE-2026-12246.txt
Fix for CVE-2026-12490: Secondaries authenticated by a client certificate to
transfer a zone over TLS, can bypass verification by
transferring over TCP. Thanks to Qifan Zhang, Palo Alto Networks for the report.
https://www.nlnetlabs.nl/downloads/nsd/CVE-2026-12490.txt
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jun 26 2026 Fabio Alessandro Locati [mail@fale.io] - 4.14.3-1
- Update to 4.14.3. Fixes rhbz#2492647
* Fri Jun 12 2026 Yaakov Selkowitz [yselkowi@redhat.com] - 4.14.2-2
- Rebuilt for openssl 4.0
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-dd3a7926a3' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 44 Update: python-streamlink-8.4.0-1.fc44
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-b9232006bb
2026-07-05 01:07:02.694144+00:00
--------------------------------------------------------------------------------
Name : python-streamlink
Product : Fedora 44
Version : 8.4.0
Release : 1.fc44
URL : https://streamlink.github.io
Summary : Python library for extracting streams from various websites
Description :
Streamlink is a command-line utility that pipes video streams from various
services into a video player, such as VLC. The main purpose of Streamlink is to
allow the user to avoid buggy and CPU heavy flash plugins but still be able to
enjoy various streamed content. There is also an API available for developers
who want access to the video stream data. This project was forked from
Livestreamer, which is no longer maintained.
--------------------------------------------------------------------------------
Update Information:
streamlink 8.4.0 (2026-05-06)
SECURITY: fixed arbitrary local file read via file:// URI in HLS and DASH
(CVE-2026-44353 / GHSA-hgqw-6m45-hw5f)
Added: --stream-passthrough-encrypted for passing through encrypted HLS/DASH
segments to the output stream without any checks (#6896)
Fixed: --interface selection by name on macOS (#6908)
Fixed: --interface not being applied to adapters mounted after session init
(#6915)
Updated plugins:
goltelevision: rewritten and fixed plugin (#6916)
twitcasting: improved ad segment filtering (#6910)
Full changelog
streamlink 8.3.0 (2026-04-10)
Added: support for choosing the --interface by name on non-Windows systems, with
optional prefixes, similar to curl (#6862)
Added: support for also checking stream segments in
HLSStream.parse_variant_playlist() by setting check_streams="segments" (#6878)
Fixed: stdout/stderr streams in ProcessOutput not being fully line-buffered
(#6868)
Updated plugins:
cdnbg: rewritten and fixed plugin (#6890)
nicolive: added websocket reconnect attempts on HLS decryption key retrieval
failure (#6871)
soop: migrated to sooplive.com (#6876)
telefe: rewritten and fixed plugin (#6891)
Full changelog
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jun 25 2026 Mohamed El Morabity [melmorabity@fedoraproject.org] - 8.4.0-1
- Update to 8.4.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2457332 - python-streamlink-8.4.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2457332
[ 2 ] Bug #2458672 - python-streamlink fails to build with Python 3.15: test_help_color: TypeError: TestPrint._color..() got an unexpected keyword argument 'file'
https://bugzilla.redhat.com/show_bug.cgi?id=2458672
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-b9232006bb' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: chromium-150.0.7871.46-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-88eee44bfb
2026-07-05 00:49:16.510819+00:00
--------------------------------------------------------------------------------
Name : chromium
Product : Fedora 43
Version : 150.0.7871.46
Release : 1.fc43
URL : http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).
--------------------------------------------------------------------------------
Update Information:
chromium-150.0.7871.46 security release includes 433 security fixes,
CVE-2026-13774 - CVE-2026-14432
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jul 1 2026 Than Ngo [than@redhat.com] - 150.0.7871.46-1
- Update to 150.0.7871.46
* CVE-2026-13774: Use after free in Extensions
* CVE-2026-13775: Use after free in GPU
* CVE-2026-13776: Type Confusion in Dawn
* CVE-2026-13777: Insufficient validation of untrusted input in iOSWeb
* CVE-2026-13778: Use after free in WebUSB
* CVE-2026-13779: Use after free in Chromoting
* CVE-2026-13780: Insufficient validation of untrusted input in ANGLE
* CVE-2026-13781: Insufficient validation of untrusted input in Skia
* CVE-2026-13782: Use after free in Browser
* CVE-2026-13783: Use after free in Views
* CVE-2026-13784: Use after free in Views
* CVE-2026-13785: Use after free in Bluetooth
* CVE-2026-13786: Use after free in Ozone
* CVE-2026-13787: Use after free in Chromoting
* CVE-2026-13788: Use after free in Fullscreen
* CVE-2026-13789: Use after free in GPU
* CVE-2026-13790: Side-channel information leakage in Scroll
* CVE-2026-13791: Insufficient validation of untrusted input in Downloads
* CVE-2026-13792: Use after free in Touchbar
* CVE-2026-13793: Insufficient policy enforcement in SVG
* CVE-2026-13794: Insufficient validation of untrusted input in WebAppInstalls
* CVE-2026-13795: Insufficient policy enforcement in Chrome for iOS
* CVE-2026-13796: Integer overflow in Chromecast
* CVE-2026-13797: Insufficient validation of untrusted input in Chromecast
* CVE-2026-13798: Heap buffer overflow in Chromecast
* CVE-2026-13799: Use after free in QUIC
* CVE-2026-13800: Inappropriate implementation in Updater
* CVE-2026-13801: Integer overflow in Chromecast
* CVE-2026-13802: Use after free in Views
* CVE-2026-13803: Type Confusion in Chrome Tabs
* CVE-2026-13804: Use after free in Chromecast
* CVE-2026-13805: Use after free in GFX
* CVE-2026-13806: Insufficient validation of untrusted input in Accessibility
* CVE-2026-13807: Use after free in Import
* CVE-2026-13808: Insufficient data validation in Chrome for iOS
* CVE-2026-13809: Side-channel information leakage in Safe Browsing
* CVE-2026-13810: Inappropriate implementation in Input
* CVE-2026-13811: Use after free in IME
* CVE-2026-13812: Insufficient validation of untrusted input in Chrome for iOS
* CVE-2026-13813: Insufficient validation of untrusted input in Chrome for iOS
* CVE-2026-13814: Use after free in Views
* CVE-2026-13815: Use after free in Blink
* CVE-2026-13816: Insufficient validation of untrusted input in File Input
* CVE-2026-13817: Insufficient validation of untrusted input in Glic
* CVE-2026-13818: Inappropriate implementation in Passwords
* CVE-2026-13819: Out of bounds read in ANGLE
* CVE-2026-13820: Out of bounds read in Skia
* CVE-2026-13821: Use after free in Canvas
* CVE-2026-13822: Inappropriate implementation in Extensions
* CVE-2026-13823: Use after free in Glic
* CVE-2026-13824: Insufficient validation of untrusted input in Extensions
* CVE-2026-13825: Uninitialized Use in Dawn
* CVE-2026-13826: Inappropriate implementation in Autofill
* CVE-2026-13827: Use after free in Updater
* CVE-2026-13828: Inappropriate implementation in Enterprise
* CVE-2026-13829: Insufficient validation of untrusted input in Settings
* CVE-2026-13830: Use after free in Chromoting
* CVE-2026-13831: Use after free in GPU
* CVE-2026-13832: Use after free in Headless
* CVE-2026-13833: Uninitialized Use in ANGLE
* CVE-2026-13834: Insufficient validation of untrusted input in ANGLE
* CVE-2026-13835: Inappropriate implementation in XML
* CVE-2026-13836: Inappropriate implementation in CSS
* CVE-2026-13837: Inappropriate implementation in CSS
* CVE-2026-13838: Inappropriate implementation in CSS
* CVE-2026-13839: Inappropriate implementation in CSS
* CVE-2026-13840: Insufficient policy enforcement in Canvas
* CVE-2026-13841: Integer overflow in Skia
* CVE-2026-13842: Incorrect security UI in Chrome for iOS
* CVE-2026-13843: Insufficient validation of untrusted input in Chrome for iOS
* CVE-2026-13844: Use after free in Updater
* CVE-2026-13845: Use after free in DOM
* CVE-2026-13846: Use after free in USB
* CVE-2026-13847: Insufficient validation of untrusted input in Chrome for iOS
* CVE-2026-13848: Use after free in Forms
* CVE-2026-13849: Insufficient validation of untrusted input in Chromoting
* CVE-2026-13850: Insufficient validation of untrusted input in Chrome for iOS
* CVE-2026-13851: Insufficient validation of untrusted input in WebAppInstalls
* CVE-2026-13852: Insufficient validation of untrusted input in WebAppInstalls
* CVE-2026-13853: Use after free in Journeys
* CVE-2026-13854: Use after free in Ozone
* CVE-2026-13855: Use after free in Ozone
* CVE-2026-13856: Insufficient validation of untrusted input in Speech
* CVE-2026-13857: Inappropriate implementation in Geometry
* CVE-2026-13858: Out of bounds read in FFmpeg
* CVE-2026-13859: Inappropriate implementation in ANGLE
* CVE-2026-13860: Incorrect security UI in Autofill
* CVE-2026-13861: Use after free in Core
* CVE-2026-13862: Insufficient policy enforcement in Web Authentication (Passkeys & Security Keys)
* CVE-2026-13863: Insufficient validation of untrusted input in CustomTabs
* CVE-2026-13864: Insufficient policy enforcement in WebHID
* CVE-2026-13865: Insufficient validation of untrusted input in Enterprise
* CVE-2026-13866: Insufficient validation of untrusted input in Input
* CVE-2026-13867: Inappropriate implementation in Geolocation
* CVE-2026-13868: Inappropriate implementation in Network
* CVE-2026-13869: Use after free in Device
* CVE-2026-13870: Use after free in WebView
* CVE-2026-13871: Insufficient data validation in GuestView
* CVE-2026-13872: Insufficient validation of untrusted input in WebAppInstalls
* CVE-2026-13873: Out of bounds memory access in Layout
* CVE-2026-13874: Inappropriate implementation in DataTransfer
* CVE-2026-13875: Insufficient validation of untrusted input in GPU
* CVE-2026-13876: Inappropriate implementation in Network
* CVE-2026-13877: Insufficient validation of untrusted input in ANGLE
* CVE-2026-13878: Use after free in Bluetooth
* CVE-2026-13879: Use after free in Bluetooth
* CVE-2026-13880: Use after free in USB
* CVE-2026-13881: Insufficient data validation in WebAppInstalls
* CVE-2026-13882: Inappropriate implementation in USB
* CVE-2026-13883: Type Confusion in ANGLE
* CVE-2026-13884: Heap buffer overflow in Chromecast
* CVE-2026-13885: Use after free in Skia
* CVE-2026-13886: Policy bypass in Isolated Web Apps
* CVE-2026-13887: Insufficient policy enforcement in NFC
* CVE-2026-13888: Use after free in Extensions
* CVE-2026-13889: Insufficient validation of untrusted input in WebAuthentication
* CVE-2026-13890: Out of bounds read in Chromecast
* CVE-2026-13891: Insufficient validation of untrusted input in Extensions
* CVE-2026-13892: Inappropriate implementation in Chrome for iOS
* CVE-2026-13893: Insufficient validation of untrusted input in WebUI
* CVE-2026-13894: Insufficient policy enforcement in Network
* CVE-2026-13895: Inappropriate implementation in Autofill
* CVE-2026-13896: Insufficient policy enforcement in Glic
* CVE-2026-13897: Insufficient policy enforcement in Chromecast
* CVE-2026-13898: Use after free in Cast Receiver
* CVE-2026-13899: Use after free in HTML
* CVE-2026-13900: Insufficient validation of untrusted input in Chromecast
* CVE-2026-13901: Insufficient validation of untrusted input in Serial
* CVE-2026-13902: Inappropriate implementation in Chrome for iOS
* CVE-2026-13903: Insufficient policy enforcement in Bluetooth
* CVE-2026-13904: Incorrect security UI in Safe Browsing
* CVE-2026-13905: Incorrect security UI in Chrome for iOS
* CVE-2026-13906: Out of bounds read in Codecs
* CVE-2026-13907: Inappropriate implementation in iOSWeb
* CVE-2026-13908: Insufficient validation of untrusted input in Omnibox
* CVE-2026-13909: Insufficient policy enforcement in DevTools
* CVE-2026-13910: Insufficient policy enforcement in WebXR
* CVE-2026-13911: Insufficient data validation in Spellcheck
* CVE-2026-13912: Incorrect security UI in Safe Browsing
* CVE-2026-13913: Insufficient policy enforcement in Autofill
* CVE-2026-13914: Inappropriate implementation in Passwords
* CVE-2026-13915: Use after free in Chrome for iOS
* CVE-2026-13916: Inappropriate implementation in Chrome for iOS
* CVE-2026-13917: Insufficient validation of untrusted input in Chrome for iOS
* CVE-2026-13918: Use after free in Chrome for iOS
* CVE-2026-13919: Insufficient data validation in Extensions
* CVE-2026-13920: Insufficient validation of untrusted input in Media
* CVE-2026-13921: Insufficient validation of untrusted input in DeviceBoundSessionCredentials
* CVE-2026-13922: Side-channel information leakage in Paint
* CVE-2026-13923: Uninitialized Use in GPU
* CVE-2026-13924: Insufficient validation of untrusted input in WebView
* CVE-2026-13925: Inappropriate implementation in Downloads
* CVE-2026-13926: Insufficient validation of untrusted input in Network
* CVE-2026-13927: Insufficient validation of untrusted input in UI
* CVE-2026-13928: Insufficient validation of untrusted input in Enterprise
* CVE-2026-13929: Insufficient validation of untrusted input in DevTools
* CVE-2026-13930: Insufficient policy enforcement in Actor
* CVE-2026-13931: Inappropriate implementation in Media
* CVE-2026-13932: Inappropriate implementation in Sharing
* CVE-2026-13933: Insufficient policy enforcement in Passwords
* CVE-2026-13934: Insufficient validation of untrusted input in Dawn
* CVE-2026-13935: Side-channel information leakage in ComputePressure
* CVE-2026-13936: Inappropriate implementation in Passwords
* CVE-2026-13937: Insufficient policy enforcement in Passwords
* CVE-2026-13938: Integer overflow in Fonts
* CVE-2026-13939: Insufficient validation of untrusted input in WebShare
* CVE-2026-13940: Uninitialized Use in Cast
* CVE-2026-13941: Inappropriate implementation in SiteSettings
* CVE-2026-13942: Insufficient validation of untrusted input in Video Capture
* CVE-2026-13943: Uninitialized Use in CSS
* CVE-2026-13944: Inappropriate implementation in DataTransfer
* CVE-2026-13945: Insufficient policy enforcement in Extensions
* CVE-2026-13946: Inappropriate implementation in ScriptInjections
* CVE-2026-13947: Uninitialized Use in XR
* CVE-2026-13948: Insufficient policy enforcement in Extensions
* CVE-2026-13949: Insufficient policy enforcement in Payments
* CVE-2026-13950: Uninitialized Use in GPU
* CVE-2026-13951: Policy bypass in USB
* CVE-2026-13952: Inappropriate implementation in PerformanceAPIs
* CVE-2026-13953: Inappropriate implementation in SplitView
* CVE-2026-13954: Insufficient policy enforcement in XML
* CVE-2026-13955: Insufficient validation of untrusted input in CustomTabs
* CVE-2026-13956: Incorrect security UI in PageInfo
* CVE-2026-13957: Incorrect security UI in Extensions
* CVE-2026-13958: Uninitialized Use in Codecs
* CVE-2026-13959: Insufficient validation of untrusted input in Blink
* CVE-2026-13960: Inappropriate implementation in Passwords
* CVE-2026-13961: Insufficient validation of untrusted input in DevTools
* CVE-2026-13962: Insufficient data validation in PDF
* CVE-2026-13963: Inappropriate implementation in DevTools
* CVE-2026-13964: Insufficient policy enforcement in WebView
* CVE-2026-13965: Use after free in Oilpan
* CVE-2026-13966: Inappropriate implementation in History
* CVE-2026-13967: Type Confusion in V8
* CVE-2026-13968: Insufficient validation of untrusted input in DevTools
* CVE-2026-13969: Uninitialized Use in UI
* CVE-2026-13970: Uninitialized Use in Media
* CVE-2026-13971: Uninitialized Use in Skia
* CVE-2026-13972: Inappropriate implementation in Paint
* CVE-2026-13973: Inappropriate implementation in UI
* CVE-2026-13974: Integer overflow in Safe Browsing
* CVE-2026-13975: Out of bounds read in ANGLE
* CVE-2026-13976: Heap buffer overflow in Storage
* CVE-2026-13977: Inappropriate implementation in HTMLParser
* CVE-2026-13978: Insufficient policy enforcement in PageInfo
* CVE-2026-13979: Inappropriate implementation in Paint
* CVE-2026-13980: Incorrect security UI in Chrome for iOS
* CVE-2026-13981: Inappropriate implementation in Chrome for iOS
* CVE-2026-13982: Incorrect security UI in Passwords
* CVE-2026-13983: Incorrect security UI in Chrome for iOS
* CVE-2026-13984: Incorrect security UI in TabStrip
* CVE-2026-13985: Inappropriate implementation in MediaCapture
* CVE-2026-13986: Inappropriate implementation in Media UI
* CVE-2026-13987: Incorrect security UI in Mobile
* CVE-2026-13988: Inappropriate implementation in Paint
* CVE-2026-13989: Insufficient policy enforcement in PageInfo
* CVE-2026-13990: Insufficient validation of untrusted input in DataTransfer
* CVE-2026-13991: Insufficient validation of untrusted input in Chrome for iOS
* CVE-2026-13992: Inappropriate implementation in UI
* CVE-2026-13993: Incorrect security UI in WebAppInstalls
* CVE-2026-13994: Inappropriate implementation in Credential Management
* CVE-2026-13995: Insufficient validation of untrusted input in Autofill
* CVE-2026-13996: Incorrect security UI in Permissions
* CVE-2026-13997: Incorrect security UI in Extensions
* CVE-2026-13998: Incorrect security UI in File Input
* CVE-2026-13999: Inappropriate implementation in Extensions
* CVE-2026-14000: Inappropriate implementation in XML
* CVE-2026-14001: Inappropriate implementation in Network
* CVE-2026-14002: Inappropriate implementation in Geolocation
* CVE-2026-14003: Insufficient policy enforcement in Extensions
* CVE-2026-14004: Inappropriate implementation in CSS
* CVE-2026-14005: Use after free in Omnibox
* CVE-2026-14006: Use after free in Navigation
* CVE-2026-14007: Insufficient policy enforcement in PermissionsPolicy
* CVE-2026-14008: Uninitialized Use in WebXR
* CVE-2026-14009: Insufficient data validation in Passwords
* CVE-2026-14010: Uninitialized Use in Codecs
* CVE-2026-14011: Out of bounds read in SurfaceCapture
* CVE-2026-14012: Side-channel information leakage in CSS
* CVE-2026-14013: Inappropriate implementation in SVG
* CVE-2026-14014: Inappropriate implementation in Paint
* CVE-2026-14015: Inappropriate implementation in WebRTC
* CVE-2026-14016: Insufficient policy enforcement in SVG
* CVE-2026-14017: Inappropriate implementation in Navigation
* CVE-2026-14018: Use after free in Updater
* CVE-2026-14019: Inappropriate implementation in Passwords
* CVE-2026-14020: Insufficient validation of untrusted input in WebXR
* CVE-2026-14021: Insufficient validation of untrusted input in StorageAccessAPI
* CVE-2026-14022: Insufficient validation of untrusted input in Network
* CVE-2026-14023: Insufficient validation of untrusted input in SanitizerAPI
* CVE-2026-14024: Use after free in Ozone
* CVE-2026-14025: Use after free in Views
* CVE-2026-14026: Incorrect security UI in SplitView
* CVE-2026-14027: Use after free in SignIn
* CVE-2026-14028: Incorrect security UI in Chrome for iOS
* CVE-2026-14030: Incorrect security UI in SplitView
* CVE-2026-14031: Incorrect security UI in File Input
* CVE-2026-14032: Use after free in Bluetooth
* CVE-2026-14033: Insufficient policy enforcement in Media
* CVE-2026-14034: Inappropriate implementation in WebXR
* CVE-2026-14035: Insufficient policy enforcement in Bluetooth
* CVE-2026-14036: Insufficient policy enforcement in Bluetooth
* CVE-2026-14037: Insufficient policy enforcement in GPU
* CVE-2026-14038: Insufficient validation of untrusted input in New Tab Page
* CVE-2026-14039: Insufficient policy enforcement in GetUserMedia
* CVE-2026-14040: Use after free in BrowserTag
* CVE-2026-14041: Insufficient policy enforcement in Serial
* CVE-2026-14042: Inappropriate implementation in Isolated Web Apps
* CVE-2026-14043: Use after free in GetUserMedia
* CVE-2026-14044: Use after free in ANGLE
* CVE-2026-14045: Insufficient validation of untrusted input in Network
* CVE-2026-14046: Inappropriate implementation in CustomTabs
* CVE-2026-14047: Insufficient policy enforcement in Extensions
* CVE-2026-14048: Use after free in Chromecast
* CVE-2026-14049: Inappropriate implementation in GPU
* CVE-2026-14050: Insufficient policy enforcement in Passwords
* CVE-2026-14051: Uninitialized Use in GamepadAPI
* CVE-2026-14052: Insufficient policy enforcement in FileSystem
* CVE-2026-14053: Insufficient policy enforcement in Extensions
* CVE-2026-14054: Insufficient policy enforcement in Network
* CVE-2026-14055: Insufficient validation of untrusted input in Device Trust
* CVE-2026-14056: Insufficient validation of untrusted input in Media
* CVE-2026-14057: Insufficient policy enforcement in FedCM
* CVE-2026-14058: Policy bypass in Parser
* CVE-2026-14059: Insufficient policy enforcement in Related-Website-Sets
* CVE-2026-14060: Insufficient validation of untrusted input in Chromoting
* CVE-2026-14061: Inappropriate implementation in Dawn
* CVE-2026-14062: Inappropriate implementation in Views
* CVE-2026-14063: Out of bounds memory access in Chromecast
* CVE-2026-14064: Use after free in PageInfo
* CVE-2026-14065: Insufficient validation of untrusted input in PageInfo
* CVE-2026-14066: Insufficient validation of untrusted input in Chrome for iOS
* CVE-2026-14067: Use after free in Chrome for iOS
* CVE-2026-14068: Inappropriate implementation in Omnibox
* CVE-2026-14069: Integer overflow in WebNN
* CVE-2026-14070: Uninitialized Use in WebNN
* CVE-2026-14071: Side-channel information leakage in WebAudio
* CVE-2026-14072: Incorrect security UI in SplitView
* CVE-2026-14073: Insufficient policy enforcement in WebXR
* CVE-2026-14074: Side-channel information leakage in WebAuthentication
* CVE-2026-14075: Policy bypass in Chrome for iOS
* CVE-2026-14076: Policy bypass in Network
* CVE-2026-14077: Incorrect security UI in Select
* CVE-2026-14078: Policy bypass in WebRTC
* CVE-2026-14079: Policy bypass in Network
* CVE-2026-14080: Insufficient validation of untrusted input in TabSwitcher
* CVE-2026-14081: Insufficient policy enforcement in DevTools
* CVE-2026-14082: Race in Storage
* CVE-2026-14083: Insufficient validation of untrusted input in HTML
* CVE-2026-14084: Insufficient validation of untrusted input in Chromoting
* CVE-2026-14085: Side-channel information leakage in CSS
* CVE-2026-14086: Insufficient policy enforcement in HID
* CVE-2026-14087: Insufficient validation of untrusted input in WebNN
* CVE-2026-14088: Uninitialized Use in Canvas
* CVE-2026-14089: Insufficient validation of untrusted input in PopupBlocker
* CVE-2026-14090: Out of bounds read in CameraCapture
* CVE-2026-14091: Use after free in DevTools
* CVE-2026-14092: Insufficient policy enforcement in Privacy
* CVE-2026-14093: Use after free in Cast
* CVE-2026-14094: Use after free in Installer
* CVE-2026-14095: Insufficient validation of untrusted input in Browser
* CVE-2026-14096: Object lifecycle issue in Input
* CVE-2026-14097: Inappropriate implementation in WebAppInstalls
* CVE-2026-14098: Inappropriate implementation in CSS
* CVE-2026-14099: Use after free in Chrome for iOS
* CVE-2026-14100: Insufficient data validation in NetworkCache
* CVE-2026-14101: Insufficient policy enforcement in Sandbox
* CVE-2026-14102: Use after free in Passwords
* CVE-2026-14103: Use after free in SSL
* CVE-2026-14104: Insufficient validation of untrusted input in WebAppInstalls
* CVE-2026-14105: Insufficient policy enforcement in Speech
* CVE-2026-14106: Insufficient validation of untrusted input in Text
* CVE-2026-14107: Use after free in Scheduling
* CVE-2026-14108: Use after free in PDFium
* CVE-2026-14109: Insufficient policy enforcement in Mojo
* CVE-2026-14110: Inappropriate implementation in DarkMode
* CVE-2026-14111: Use after free in WebProtect
* CVE-2026-14112: Inappropriate implementation in Enterprise
* CVE-2026-14113: Use after free in Updater
* CVE-2026-14114: Inappropriate implementation in WebAppInstalls
* CVE-2026-14115: Insufficient validation of untrusted input in Cast
* CVE-2026-14116: Insufficient validation of untrusted input in DevTools
* CVE-2026-14117: Insufficient validation of untrusted input in DevTools
* CVE-2026-14118: Insufficient data validation in DevTools
* CVE-2026-14119: Type Confusion in Bluetooth
* CVE-2026-14120: Inappropriate implementation in DevTools
* CVE-2026-14121: Use after free in Chromoting
* CVE-2026-14122: Insufficient validation of untrusted input in WebAppInstalls
* CVE-2026-14123: Incorrect security UI in Chrome for iOS
* CVE-2026-14124: Inappropriate implementation in CredentialProvider
* CVE-2026-14125: Uninitialized Use in ANGLE
* CVE-2026-14126: Incorrect security UI in UI
* CVE-2026-14127: Inappropriate implementation in Printing
* CVE-2026-14128: Insufficient data validation in Chrome for iOS
* CVE-2026-14129: Incorrect security UI in PreviewTab
* CVE-2026-14130: Incorrect security UI in Omnibox
* CVE-2026-14131: Insufficient validation of untrusted input in WebAppInstalls
* CVE-2026-14132: Inappropriate implementation in WebXR
* CVE-2026-14133: Race in History Embeddings
* CVE-2026-14134: Inappropriate implementation in Autofill
* CVE-2026-14135: Insufficient validation of untrusted input in Network
* CVE-2026-14136: Incorrect security UI in Chrome for iOS
* CVE-2026-14137: Insufficient validation of untrusted input in Chrome for iOS
* CVE-2026-14138: Inappropriate implementation in WebAppInstalls
* CVE-2026-14139: Inappropriate implementation in TabStrip
* CVE-2026-14140: Insufficient validation of untrusted input in Input
* CVE-2026-14141: Incorrect security UI in Document Picture-in-Picture
* CVE-2026-14142: Inappropriate implementation in Extensions
* CVE-2026-14143: Incorrect security UI in Passwords
* CVE-2026-14144: Incorrect security UI in Views
* CVE-2026-14145: Inappropriate implementation in CSS
* CVE-2026-14146: Inappropriate implementation in CSS
* CVE-2026-14147: Inappropriate implementation in CSS
* CVE-2026-14148: Type Confusion in CSS
* CVE-2026-14149: Use after free in Audio
* CVE-2026-14150: Insufficient validation of untrusted input in Speech
* CVE-2026-14151: Inappropriate implementation in AI
* CVE-2026-14152: Out of bounds write in ANGLE
* CVE-2026-14153: Inappropriate implementation in Glic
* CVE-2026-14154: Inappropriate implementation in DevTools
* CVE-2026-14155: Insufficient policy enforcement in StorageAccessAPI
* CVE-2026-14156: Policy bypass in StorageAccessAPI
- Remove Darkmode patches, which are already included in v150
- Refresh patches for v150
- Fix FTBFS with system ffmpeg
- Backport upstream patches to fix FTBFS
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2495844 - CVE-2026-14101 chromium: chromium-browser: Insufficient policy enforcement in Sandbox [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2495844
[ 2 ] Bug #2495845 - CVE-2026-14101 chromium: chromium-browser: Insufficient policy enforcement in Sandbox [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2495845
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-88eee44bfb' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: nextcloud-33.0.6-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-5afe6630dc
2026-07-05 00:49:16.510808+00:00
--------------------------------------------------------------------------------
Name : nextcloud
Product : Fedora 43
Version : 33.0.6
Release : 1.fc43
URL : http://nextcloud.com
Summary : Private file sync and share server
Description :
NextCloud gives you universal access to your files through a web interface or
WebDAV. It also provides a platform to easily view & sync your contacts,
calendars and bookmarks across all your devices and enables basic editing right
on the web. NextCloud is extendable via a simple but powerful API for
applications and plugins.
--------------------------------------------------------------------------------
Update Information:
33.0.6 Release
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jun 26 2026 Andrew Bauer [zonexpertconsulting@outlook.com] - 33.0.6-1
- 33.0.6 release
* Tue Jun 9 2026 Brian J. Murrell [brian@interlinx.bc.ca] - 33.0.5-2
- Dynamically determine which .map file to update the occ upgrade command
in
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2486357 - nextcloud-34.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2486357
[ 2 ] Bug #2486491 - CVE-2026-41150 nextcloud: Mermaid: Denial of Service via specially crafted gantt charts [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2486491
[ 3 ] Bug #2486496 - CVE-2026-41150 nextcloud: Mermaid: Denial of Service via specially crafted gantt charts [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2486496
[ 4 ] Bug #2487344 - .map file update is fragile
https://bugzilla.redhat.com/show_bug.cgi?id=2487344
[ 5 ] Bug #2487477 - CVE-2026-8723 nextcloud: qs: Denial of Service due to improper handling of null/undefined array elements [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2487477
[ 6 ] Bug #2487498 - CVE-2026-8723 nextcloud: qs: Denial of Service due to improper handling of null/undefined array elements [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2487498
[ 7 ] Bug #2488103 - CVE-2026-44495 nextcloud: Axios: Information disclosure due to prototype pollution vulnerability [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2488103
[ 8 ] Bug #2488116 - CVE-2026-44489 nextcloud: Axios: Information disclosure via Prototype Pollution [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2488116
[ 9 ] Bug #2488118 - CVE-2026-44495 nextcloud: Axios: Information disclosure due to prototype pollution vulnerability [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2488118
[ 10 ] Bug #2488119 - CVE-2026-44489 nextcloud: Axios: Information disclosure via Prototype Pollution [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2488119
[ 11 ] Bug #2488129 - CVE-2026-44490 nextcloud: Axios: Information disclosure and denial of service due to prototype pollution [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2488129
[ 12 ] Bug #2488137 - CVE-2026-44490 nextcloud: Axios: Information disclosure and denial of service due to prototype pollution [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2488137
[ 13 ] Bug #2488146 - CVE-2026-44488 nextcloud: Axios: Denial of Service due to unenforced request and response size limits [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2488146
[ 14 ] Bug #2488154 - CVE-2026-44488 nextcloud: Axios: Denial of Service due to unenforced request and response size limits [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2488154
[ 15 ] Bug #2488159 - CVE-2026-44487 nextcloud: Axios: Information disclosure of proxy credentials via redirect flows [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2488159
[ 16 ] Bug #2488171 - CVE-2026-44487 nextcloud: Axios: Information disclosure of proxy credentials via redirect flows [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2488171
[ 17 ] Bug #2488186 - CVE-2026-44494 nextcloud: Axios: Man-in-the-Middle (MITM) attack via Prototype Pollution [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2488186
[ 18 ] Bug #2488188 - CVE-2026-44494 nextcloud: Axios: Man-in-the-Middle (MITM) attack via Prototype Pollution [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2488188
[ 19 ] Bug #2488192 - CVE-2026-44486 nextcloud: Axios: Information disclosure of proxy credentials via HTTP redirects [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2488192
[ 20 ] Bug #2488196 - CVE-2026-44486 nextcloud: Axios: Information disclosure of proxy credentials via HTTP redirects [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2488196
[ 21 ] Bug #2488202 - CVE-2026-44496 nextcloud: Axios: Client-side Denial of Service via unescaped regex metacharacters in XSRF cookie name [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2488202
[ 22 ] Bug #2488207 - CVE-2026-44496 nextcloud: Axios: Client-side Denial of Service via unescaped regex metacharacters in XSRF cookie name [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2488207
[ 23 ] Bug #2488219 - CVE-2026-44492 nextcloud: Axios: Proxy bypass via IPv4-mapped IPv6 address non-normalization [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2488219
[ 24 ] Bug #2488224 - CVE-2026-44492 nextcloud: Axios: Proxy bypass via IPv4-mapped IPv6 address non-normalization [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2488224
[ 25 ] Bug #2488275 - CVE-2026-48998 nextcloud: guzzlehttp/psr7: Information disclosure via improper Host header validation [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2488275
[ 26 ] Bug #2488278 - CVE-2026-48998 nextcloud: guzzlehttp/psr7: Information disclosure via improper Host header validation [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2488278
[ 27 ] Bug #2489107 - CVE-2026-49214 nextcloud: `guzzlehttp/psr7`: Request Smuggling and Cache Poisoning via HTTP Header Injection [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2489107
[ 28 ] Bug #2489108 - CVE-2026-49214 nextcloud: `guzzlehttp/psr7`: Request Smuggling and Cache Poisoning via HTTP Header Injection [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2489108
[ 29 ] Bug #2489147 - CVE-2026-41148 nextcloud: Mermaid: CSS injection vulnerability allows page defacement and information disclosure [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2489147
[ 30 ] Bug #2489154 - CVE-2026-41148 nextcloud: Mermaid: CSS injection vulnerability allows page defacement and information disclosure [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2489154
[ 31 ] Bug #2489164 - CVE-2026-54133 nextcloud: jmespath.php has CompilerRuntime code injection via unescaped function names [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2489164
[ 32 ] Bug #2489165 - CVE-2026-54133 nextcloud: jmespath.php has CompilerRuntime code injection via unescaped function names [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2489165
[ 33 ] Bug #2489259 - CVE-2026-41149 nextcloud: Mermaid: HTML injection via classDef directive in state diagrams [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2489259
[ 34 ] Bug #2489262 - CVE-2026-41149 nextcloud: Mermaid: HTML injection via classDef directive in state diagrams [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2489262
[ 35 ] Bug #2491652 - CVE-2026-42040 nextcloud: Axios: Incorrect null byte handling can lead to data integrity issues [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2491652
[ 36 ] Bug #2491660 - CVE-2026-42040 nextcloud: Axios: Incorrect null byte handling can lead to data integrity issues [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2491660
[ 37 ] Bug #2491781 - CVE-2026-55766 nextcloud: guzzlehttp/psr7: Information disclosure due to improper handling of CR/LF characters in HTTP start-line fields [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2491781
[ 38 ] Bug #2491785 - CVE-2026-55766 nextcloud: guzzlehttp/psr7: Information disclosure due to improper handling of CR/LF characters in HTTP start-line fields [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2491785
[ 39 ] Bug #2491789 - CVE-2026-55568 nextcloud: Guzzle: Information disclosure via cleartext proxy communication [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2491789
[ 40 ] Bug #2491790 - CVE-2026-55767 nextcloud: Guzzle: Cookie injection and session fixation due to improper domain validation [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2491790
[ 41 ] Bug #2491791 - CVE-2026-55568 nextcloud: Guzzle: Information disclosure via cleartext proxy communication [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2491791
[ 42 ] Bug #2491792 - CVE-2026-55767 nextcloud: Guzzle: Cookie injection and session fixation due to improper domain validation [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2491792
[ 43 ] Bug #2492891 - CVE-2026-42264 nextcloud: Axios: Prototype pollution allows information disclosure and request manipulation [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2492891
[ 44 ] Bug #2492905 - CVE-2026-42264 nextcloud: Axios: Prototype pollution allows information disclosure and request manipulation [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2492905
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-5afe6630dc' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: python-jupyter-server-2.20.0-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-275d2ecbbd
2026-07-05 00:49:16.510800+00:00
--------------------------------------------------------------------------------
Name : python-jupyter-server
Product : Fedora 43
Version : 2.20.0
Release : 1.fc43
URL : https://jupyter-server.readthedocs.io
Summary : The backend for Jupyter web applications
Description :
The Jupyter Server provides the backend (i.e. the core services,
APIs, and REST endpoints) for Jupyter web applications like
Jupyter notebook, JupyterLab, and Voila.
--------------------------------------------------------------------------------
Update Information:
New version fixing high-severity CVE.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jun 19 2026 Lumir Balhar [lbalhar@redhat.com] - 2.20.0-1
- Update to 2.20.0 (rhbz#2489836)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2491991 - CVE-2026-44727 python-jupyter-server: Jupyter Server: Remote Code Execution via stored Cross-Site Scripting in nbconvert handlers [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2491991
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-275d2ecbbd' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: mariadb11.8-11.8.8-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-c39d84e105
2026-07-05 00:49:16.510782+00:00
--------------------------------------------------------------------------------
Name : mariadb11.8
Product : Fedora 43
Version : 11.8.8
Release : 1.fc43
URL : http://mariadb.org
Summary : A very fast and robust SQL database server
Description :
MariaDB is a community developed fork from MySQL - a multi-user, multi-threaded
SQL database server. It is a client/server implementation consisting of
a server daemon (mariadbd) and many different client programs and libraries.
The base package contains the standard MariaDB/MySQL client programs and
utilities.
--------------------------------------------------------------------------------
Update Information:
MariaDB 11.8.8
Upstream Release notes:
https://mariadb.com/docs/release-notes/community-server/11.8/11.8.8
Upstream Changelog:
https://mariadb.com/docs/release-notes/community-server/changelogs/11.8/11.8.8
Fixes CVEs:
CVE-2026-49261 CVE-2026-48165 CVE-2026-48163 CVE-2026-44173 CVE-2026-44172
CVE-2026-44171 CVE-2026-44170 CVE-2026-44169 CVE-2026-44168
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 3 2026 Pavol Sloboda [psloboda@redhat.com] - 3:11.8.8-1
- Rebase to 11.8.8
* Wed May 20 2026 Michal Schorm [mschorm@redhat.com] - 3:11.8.7-1
- Rebase to 11.8.7
* Thu Mar 19 2026 Michal Schorm [mschorm@redhat.com] - 3:11.8.6-3
- Bump release for package rebuild
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-c39d84e105' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: python-streamlink-8.4.0-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-4d6aae2d33
2026-07-05 00:49:16.510756+00:00
--------------------------------------------------------------------------------
Name : python-streamlink
Product : Fedora 43
Version : 8.4.0
Release : 1.fc43
URL : https://streamlink.github.io
Summary : Python library for extracting streams from various websites
Description :
Streamlink is a command-line utility that pipes video streams from various
services into a video player, such as VLC. The main purpose of Streamlink is to
allow the user to avoid buggy and CPU heavy flash plugins but still be able to
enjoy various streamed content. There is also an API available for developers
who want access to the video stream data. This project was forked from
Livestreamer, which is no longer maintained.
--------------------------------------------------------------------------------
Update Information:
streamlink 8.4.0 (2026-05-06)
SECURITY: fixed arbitrary local file read via file:// URI in HLS and DASH
(CVE-2026-44353 / GHSA-hgqw-6m45-hw5f)
Added: --stream-passthrough-encrypted for passing through encrypted HLS/DASH
segments to the output stream without any checks (#6896)
Fixed: --interface selection by name on macOS (#6908)
Fixed: --interface not being applied to adapters mounted after session init
(#6915)
Updated plugins:
goltelevision: rewritten and fixed plugin (#6916)
twitcasting: improved ad segment filtering (#6910)
Full changelog
streamlink 8.3.0 (2026-04-10)
Added: support for choosing the --interface by name on non-Windows systems, with
optional prefixes, similar to curl (#6862)
Added: support for also checking stream segments in
HLSStream.parse_variant_playlist() by setting check_streams="segments" (#6878)
Fixed: stdout/stderr streams in ProcessOutput not being fully line-buffered
(#6868)
Updated plugins:
cdnbg: rewritten and fixed plugin (#6890)
nicolive: added websocket reconnect attempts on HLS decryption key retrieval
failure (#6871)
soop: migrated to sooplive.com (#6876)
telefe: rewritten and fixed plugin (#6891)
Full changelog
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jun 25 2026 Mohamed El Morabity [melmorabity@fedoraproject.org] - 8.4.0-1
- Update to 8.4.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2457332 - python-streamlink-8.4.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2457332
[ 2 ] Bug #2458672 - python-streamlink fails to build with Python 3.15: test_help_color: TypeError: TestPrint._color..() got an unexpected keyword argument 'file'
https://bugzilla.redhat.com/show_bug.cgi?id=2458672
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-4d6aae2d33' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: nsd-4.14.3-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-2843bb1cc8
2026-07-05 00:49:16.510758+00:00
--------------------------------------------------------------------------------
Name : nsd
Product : Fedora 43
Version : 4.14.3
Release : 1.fc43
URL : http://www.nlnetlabs.nl/nsd/
Summary : Fast and lean authoritative DNS Name Server
Description :
NSD is a complete implementation of an authoritative DNS name server.
For further information about what NSD is and what NSD is not please
consult the REQUIREMENTS document which is a part of this distribution.
--------------------------------------------------------------------------------
Update Information:
Fix for CVE-2026-12244: A specially crafted SVCB RR can cause a heap overflow of
up to 65509 attacker controlled bytes. Thanks to Qifan Zhang, Palo Alto Networks
for the report https://www.nlnetlabs.nl/downloads/nsd/CVE-2026-12244.txt
Fix for CVE-2026-12245: If NSD is configured with DNS over TLS, a client that
performs a TLS action, closing the connection early, causes a crash and restart
of the server process. An attacker can keep all children in a crash-restart loop
denying DoT service. Thanks to Qifan Zhang, Palo Alto Networks for the report.
https://www.nlnetlabs.nl/downloads/nsd/CVE-2026-12245.txt
Fix for CVE-2026-12246: The RR type APL rdata address, if too large, causes out
of bounds write on the stack, when the zonefile is written out. Thanks to Qifan
Zhang from Palo Alto Networks, Haruki Oyama from Waseda University and zhangph
for the report. https://www.nlnetlabs.nl/downloads/nsd/CVE-2026-12246.txt
Fix for CVE-2026-12490: Secondaries authenticated by a client certificate to
transfer a zone over TLS, can bypass verification by
transferring over TCP. Thanks to Qifan Zhang, Palo Alto Networks for the report.
https://www.nlnetlabs.nl/downloads/nsd/CVE-2026-12490.txt
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jun 26 2026 Fabio Alessandro Locati [mail@fale.io] - 4.14.3-1
- Update to 4.14.3. Fixes rhbz#2492647
* Fri Jun 12 2026 Yaakov Selkowitz [yselkowi@redhat.com] - 4.14.2-2
- Rebuilt for openssl 4.0
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-2843bb1cc8' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new