Chromium, Nginx, Suricata, and Perl updates for Fedora

Fedora Linux 9369 Published by

Fedora has released a major batch of security patches for both version 43 and version 44 that address critical vulnerabilities across several widely used applications. The Chromium browser update stands out by fixing over one hundred distinct issues ranging from memory corruption flaws to unsafe input validation errors in graphics and networking modules. Other notable changes include a Nginx upgrade that resolves dangerous code execution risks, a Perl module patch that replaces weak random number generation with stronger cryptographic salts, and routine security hardening for Suricata and ObjFW. System administrators should apply these updates immediately through the standard dnf package manager to protect their servers from active exploitation attempts.

Fedora 43 Update: chromium-148.0.7778.215-1.fc43
Fedora 43 Update: suricata-7.0.16-1.fc43
Fedora 43 Update: mingw-objfw-1.5.4-1.fc43
Fedora 43 Update: objfw-1.5.4-1.fc43
Fedora 43 Update: nginx-mod-vts-0.2.4-10.fc43
Fedora 43 Update: nginx-mod-naxsi-1.6-18.fc43
Fedora 43 Update: nginx-mod-fancyindex-0.6.0-5.fc43
Fedora 43 Update: perl-Crypt-PasswdMD5-1.4.3-1.fc43
Fedora 43 Update: nginx-mod-brotli-1.0.0~rc-10.fc43
Fedora 43 Update: nginx-mod-modsecurity-1.0.4-11.fc43
Fedora 43 Update: nginx-mod-headers-more-0.39-10.fc43
Fedora 43 Update: nginx-1.30.2-1.fc43
Fedora 44 Update: chromium-148.0.7778.215-1.fc44
Fedora 44 Update: suricata-8.0.5-1.fc44
Fedora 44 Update: mingw-objfw-1.5.4-1.fc44
Fedora 44 Update: objfw-1.5.4-1.fc44
Fedora 44 Update: perl-Crypt-PasswdMD5-1.4.3-1.fc44
Fedora 44 Update: libsoup3-3.6.6-8.fc44



[SECURITY] Fedora 43 Update: chromium-148.0.7778.215-1.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-c004108bb8
2026-06-01 01:00:49.844252+00:00
--------------------------------------------------------------------------------

Name : chromium
Product : Fedora 43
Version : 148.0.7778.215
Release : 1.fc43
URL : http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).

--------------------------------------------------------------------------------
Update Information:

Update to 148.0.7778.215
CVE-2026-9872: Out of bounds write in GPU
CVE-2026-9873: Use after free in Network
CVE-2026-9874: Use after free in Dawn
CVE-2026-9875: Out of bounds read in WebGL
CVE-2026-9876: Use after free in WebGL
CVE-2026-9877: Use after free in ANGLE
CVE-2026-9878: Use after free in ANGLE
CVE-2026-9879: Out of bounds write in ANGLE
CVE-2026-9880: Insufficient validation of untrusted input in WebGL
CVE-2026-9881: Use after free in Bluetooth
CVE-2026-9882: Integer overflow in ANGLE
CVE-2026-9883: Use after free in Base
CVE-2026-9884: Use after free in Browser
CVE-2026-9885: Insufficient validation of untrusted input in UI
CVE-2026-9886: Use after free in Base
CVE-2026-9887: Use after free in Proxy
CVE-2026-9888: Use after free in WebView
CVE-2026-9889: Out of bounds read and write in Dawn
CVE-2026-9890: Use after free in XR
CVE-2026-9891: Use after free in Extensions
CVE-2026-9892: Inappropriate implementation in Skia
CVE-2026-9893: Use after free in Skia
CVE-2026-9894: Use after free in GPU
CVE-2026-9895: Out of bounds read in GPU
CVE-2026-9896: Out of bounds write in V8
CVE-2026-9897: Use after free in DOM
CVE-2026-9898: Insufficient validation of untrusted input in GPU
CVE-2026-9899: Use after free in ANGLE
CVE-2026-9900: Out of bounds write in ANGLE
CVE-2026-9901: Use after free in ANGLE
CVE-2026-9902: Use after free in Accessibility
CVE-2026-9903: Insufficient validation of untrusted input in Site Isolation
CVE-2026-9904: Use after free in ANGLE
CVE-2026-9905: Use after free in Accessibility
CVE-2026-9906: Out of bounds write in GPU
CVE-2026-9907: Out of bounds read in Dawn
CVE-2026-9908: Out of bounds read in ANGLE
CVE-2026-9909: Integer overflow in Skia
CVE-2026-9910: Out of bounds memory access in ANGLE
CVE-2026-9911: Integer overflow in ANGLE
CVE-2026-9912: Inappropriate implementation in GPU
CVE-2026-9913: Inappropriate implementation in ANGLE
CVE-2026-9914: Insufficient validation of untrusted input in ANGLE
CVE-2026-9915: Heap buffer overflow in ANGLE
CVE-2026-9916: Out of bounds write in ANGLE
CVE-2026-9917: Uninitialized Use in WebGL
CVE-2026-9918: Inappropriate implementation in Tint
CVE-2026-9919: Out of bounds read in WebGL
CVE-2026-9920: Uninitialized Use in GPU
CVE-2026-9921: Uninitialized Use in WebGL
CVE-2026-9922: Use after free in GPU
CVE-2026-9923: Use after free in Skia
CVE-2026-9924: Heap buffer overflow in ANGLE
CVE-2026-9925: Use after free in ANGLE
CVE-2026-9926: Heap buffer overflow in ANGLE
CVE-2026-9927: Use after free in ANGLE
CVE-2026-9928: Out of bounds read in ANGLE
CVE-2026-9929: Inappropriate implementation in WebGL
CVE-2026-9930: Out of bounds write in Dawn
CVE-2026-9931: Use after free in GPU
CVE-2026-9932: Use after free in ANGLE
CVE-2026-9933: Use after free in Input
CVE-2026-9934: Use after free in Aura
CVE-2026-9935: Uninitialized Use in ANGLE
CVE-2026-9936: Use after free in GFX
CVE-2026-9937: Use after free in UI
CVE-2026-9938: Inappropriate implementation in V8
CVE-2026-9939: Heap buffer overflow in WebCodecs
CVE-2026-9940: Heap buffer overflow in ANGLE
CVE-2026-9941: Use after free in ANGLE
CVE-2026-9942: Uninitialized Use in ANGLE
CVE-2026-9943: Out of bounds read in WebGL
CVE-2026-9944: Uninitialized Use in ANGLE
CVE-2026-9945: Use after free in Media
CVE-2026-9946: Use after free in ANGLE
CVE-2026-9947: Use after free in XML
CVE-2026-9948: Use after free in Views
CVE-2026-9949: Use after free in Core
CVE-2026-9950: Insufficient validation of untrusted input in iOS
CVE-2026-9951: Use after free in UI
CVE-2026-9952: Use after free in WebAudio
CVE-2026-9953: Out of bounds read in ANGLE
CVE-2026-9954: Use after free in TabStrip
CVE-2026-9955: Inappropriate implementation in iOS
CVE-2026-9956: Use after free in iOS
CVE-2026-9957: Use after free in PDF
CVE-2026-9958: Use after free in PDFium
CVE-2026-9959: Race in WebRTC
CVE-2026-9960: Integer overflow in PDFium
CVE-2026-9961: Use after free in SurfaceCapture
CVE-2026-9962: Use after free in WebRTC
CVE-2026-9963: Uninitialized Use in iOS
CVE-2026-9964: Use after free in Bluetooth
CVE-2026-9965: Out of bounds write in ANGLE
CVE-2026-9966: Integer overflow in XML
CVE-2026-9967: Out of bounds write in GPU
CVE-2026-9968: Integer overflow in V8
CVE-2026-9969: Insufficient validation of untrusted input in ANGLE
CVE-2026-9970: Use after free in WebGL
CVE-2026-9971: Inappropriate implementation in iOS
CVE-2026-9972: Uninitialized Use in Gamepad
CVE-2026-9973: Out of bounds write in V8
CVE-2026-9974: Out of bounds write in GPU
CVE-2026-9975: Out of bounds read and write in ANGLE
CVE-2026-9976: Inappropriate implementation in USB
CVE-2026-9977: Insufficient validation of untrusted input in WebShare
CVE-2026-9978: Use after free in Glic
CVE-2026-9979: Insufficient validation of untrusted input in Input
CVE-2026-9980: Insufficient validation of untrusted input in Printing
CVE-2026-9981: Inappropriate implementation in Skia
CVE-2026-9982: Insufficient validation of untrusted input in ANGLE
CVE-2026-9983: Type Confusion in Skia
CVE-2026-9984: Use after free in UI
CVE-2026-9985: Insufficient validation of untrusted input in Media
CVE-2026-9986: Insufficient validation of untrusted input in OptimizationGuide
CVE-2026-9987: Insufficient validation of untrusted input in WebAppInstalls
CVE-2026-9988: Use after free in WebRTC
CVE-2026-9989: Inappropriate implementation in Media
CVE-2026-9990: Use after free in WebAppInstalls
CVE-2026-9991: Inappropriate implementation in Media
CVE-2026-9992: Use after free in Network
CVE-2026-9993: Use after free in Views
CVE-2026-9994: Use after free in Core
CVE-2026-9995: Use after free in WebXR
CVE-2026-9996: Out of bounds read in WebRTC
CVE-2026-9997: Use after free in Input
CVE-2026-9998: Integer overflow in Skia
CVE-2026-9999: Inappropriate implementation in ANGLE
CVE-2026-10000: Use after free in Passwords
CVE-2026-10001: Use after free in PerformanceManager
CVE-2026-10002: Use after free in PDFium
CVE-2026-10003: Use after free in Views
CVE-2026-10004: Insufficient validation of untrusted input in Passwords
CVE-2026-10005: Use after free in WebAppInstalls
CVE-2026-10006: Race in WebAudio
CVE-2026-10007: Use after free in SVG
CVE-2026-10008: Uninitialized Use in GPU
CVE-2026-10009: Integer overflow in Skia
CVE-2026-10010: Inappropriate implementation in Input
CVE-2026-10011: Inappropriate implementation in Skia
CVE-2026-10012: Use after free in Skia
CVE-2026-10013: Use after free in WebCodecs
CVE-2026-10014: Use after free in WebMIDI
CVE-2026-10015: Integer overflow in WTF
CVE-2026-10016: Use after free in DOM
CVE-2026-10017: Out of bounds read in Headless
CVE-2026-10018: Integer overflow in ANGLE
CVE-2026-10019: Integer overflow in ANGLE
CVE-2026-10020: Insufficient validation of untrusted input in Skia
CVE-2026-10021: Insufficient validation of untrusted input in USB
CVE-2026-10022: Type Confusion in V8
--------------------------------------------------------------------------------
ChangeLog:

* Fri May 29 2026 Than Ngo [than@redhat.com] - 148.0.7778.215-1
- Update to 148.0.7778.215
* CVE-2026-9872: Out of bounds write in GPU
* CVE-2026-9873: Use after free in Network
* CVE-2026-9874: Use after free in Dawn
* CVE-2026-9875: Out of bounds read in WebGL
* CVE-2026-9876: Use after free in WebGL
* CVE-2026-9877: Use after free in ANGLE
* CVE-2026-9878: Use after free in ANGLE
* CVE-2026-9879: Out of bounds write in ANGLE
* CVE-2026-9880: Insufficient validation of untrusted input in WebGL
* CVE-2026-9881: Use after free in Bluetooth
* CVE-2026-9882: Integer overflow in ANGLE
* CVE-2026-9883: Use after free in Base
* CVE-2026-9884: Use after free in Browser
* CVE-2026-9885: Insufficient validation of untrusted input in UI
* CVE-2026-9886: Use after free in Base
* CVE-2026-9887: Use after free in Proxy
* CVE-2026-9888: Use after free in WebView
* CVE-2026-9889: Out of bounds read and write in Dawn
* CVE-2026-9890: Use after free in XR
* CVE-2026-9891: Use after free in Extensions
* CVE-2026-9892: Inappropriate implementation in Skia
* CVE-2026-9893: Use after free in Skia
* CVE-2026-9894: Use after free in GPU
* CVE-2026-9895: Out of bounds read in GPU
* CVE-2026-9896: Out of bounds write in V8
* CVE-2026-9897: Use after free in DOM
* CVE-2026-9898: Insufficient validation of untrusted input in GPU
* CVE-2026-9899: Use after free in ANGLE
* CVE-2026-9900: Out of bounds write in ANGLE
* CVE-2026-9901: Use after free in ANGLE
* CVE-2026-9902: Use after free in Accessibility
* CVE-2026-9903: Insufficient validation of untrusted input in Site Isolation
* CVE-2026-9904: Use after free in ANGLE
* CVE-2026-9905: Use after free in Accessibility
* CVE-2026-9906: Out of bounds write in GPU
* CVE-2026-9907: Out of bounds read in Dawn
* CVE-2026-9908: Out of bounds read in ANGLE
* CVE-2026-9909: Integer overflow in Skia
* CVE-2026-9910: Out of bounds memory access in ANGLE
* CVE-2026-9911: Integer overflow in ANGLE
* CVE-2026-9912: Inappropriate implementation in GPU
* CVE-2026-9913: Inappropriate implementation in ANGLE
* CVE-2026-9914: Insufficient validation of untrusted input in ANGLE
* CVE-2026-9915: Heap buffer overflow in ANGLE
* CVE-2026-9916: Out of bounds write in ANGLE
* CVE-2026-9917: Uninitialized Use in WebGL
* CVE-2026-9918: Inappropriate implementation in Tint
* CVE-2026-9919: Out of bounds read in WebGL
* CVE-2026-9920: Uninitialized Use in GPU
* CVE-2026-9921: Uninitialized Use in WebGL
* CVE-2026-9922: Use after free in GPU
* CVE-2026-9923: Use after free in Skia
* CVE-2026-9924: Heap buffer overflow in ANGLE
* CVE-2026-9925: Use after free in ANGLE
* CVE-2026-9926: Heap buffer overflow in ANGLE
* CVE-2026-9927: Use after free in ANGLE
* CVE-2026-9928: Out of bounds read in ANGLE
* CVE-2026-9929: Inappropriate implementation in WebGL
* CVE-2026-9930: Out of bounds write in Dawn
* CVE-2026-9931: Use after free in GPU
* CVE-2026-9932: Use after free in ANGLE
* CVE-2026-9933: Use after free in Input
* CVE-2026-9934: Use after free in Aura
* CVE-2026-9935: Uninitialized Use in ANGLE
* CVE-2026-9936: Use after free in GFX
* CVE-2026-9937: Use after free in UI
* CVE-2026-9938: Inappropriate implementation in V8
* CVE-2026-9939: Heap buffer overflow in WebCodecs
* CVE-2026-9940: Heap buffer overflow in ANGLE
* CVE-2026-9941: Use after free in ANGLE
* CVE-2026-9942: Uninitialized Use in ANGLE
* CVE-2026-9943: Out of bounds read in WebGL
* CVE-2026-9944: Uninitialized Use in ANGLE
* CVE-2026-9945: Use after free in Media
* CVE-2026-9946: Use after free in ANGLE
* CVE-2026-9947: Use after free in XML
* CVE-2026-9948: Use after free in Views
* CVE-2026-9949: Use after free in Core
* CVE-2026-9950: Insufficient validation of untrusted input in iOS
* CVE-2026-9951: Use after free in UI
* CVE-2026-9952: Use after free in WebAudio
* CVE-2026-9953: Out of bounds read in ANGLE
* CVE-2026-9954: Use after free in TabStrip
* CVE-2026-9955: Inappropriate implementation in iOS
* CVE-2026-9956: Use after free in iOS
* CVE-2026-9957: Use after free in PDF
* CVE-2026-9958: Use after free in PDFium
* CVE-2026-9959: Race in WebRTC
* CVE-2026-9960: Integer overflow in PDFium
* CVE-2026-9961: Use after free in SurfaceCapture
* CVE-2026-9962: Use after free in WebRTC
* CVE-2026-9963: Uninitialized Use in iOS
* CVE-2026-9964: Use after free in Bluetooth
* CVE-2026-9965: Out of bounds write in ANGLE
* CVE-2026-9966: Integer overflow in XML
* CVE-2026-9967: Out of bounds write in GPU
* CVE-2026-9968: Integer overflow in V8
* CVE-2026-9969: Insufficient validation of untrusted input in ANGLE
* CVE-2026-9970: Use after free in WebGL
* CVE-2026-9971: Inappropriate implementation in iOS
* CVE-2026-9972: Uninitialized Use in Gamepad
* CVE-2026-9973: Out of bounds write in V8
* CVE-2026-9974: Out of bounds write in GPU
* CVE-2026-9975: Out of bounds read and write in ANGLE
* CVE-2026-9976: Inappropriate implementation in USB
* CVE-2026-9977: Insufficient validation of untrusted input in WebShare
* CVE-2026-9978: Use after free in Glic
* CVE-2026-9979: Insufficient validation of untrusted input in Input
* CVE-2026-9980: Insufficient validation of untrusted input in Printing
* CVE-2026-9981: Inappropriate implementation in Skia
* CVE-2026-9982: Insufficient validation of untrusted input in ANGLE
* CVE-2026-9983: Type Confusion in Skia
* CVE-2026-9984: Use after free in UI
* CVE-2026-9985: Insufficient validation of untrusted input in Media
* CVE-2026-9986: Insufficient validation of untrusted input in OptimizationGuide
* CVE-2026-9987: Insufficient validation of untrusted input in WebAppInstalls
* CVE-2026-9988: Use after free in WebRTC
* CVE-2026-9989: Inappropriate implementation in Media
* CVE-2026-9990: Use after free in WebAppInstalls
* CVE-2026-9991: Inappropriate implementation in Media
* CVE-2026-9992: Use after free in Network
* CVE-2026-9993: Use after free in Views
* CVE-2026-9994: Use after free in Core
* CVE-2026-9995: Use after free in WebXR
* CVE-2026-9996: Out of bounds read in WebRTC
* CVE-2026-9997: Use after free in Input
* CVE-2026-9998: Integer overflow in Skia
* CVE-2026-9999: Inappropriate implementation in ANGLE
* CVE-2026-10000: Use after free in Passwords
* CVE-2026-10001: Use after free in PerformanceManager
* CVE-2026-10002: Use after free in PDFium
* CVE-2026-10003: Use after free in Views
* CVE-2026-10004: Insufficient validation of untrusted input in Passwords
* CVE-2026-10005: Use after free in WebAppInstalls
* CVE-2026-10006: Race in WebAudio
* CVE-2026-10007: Use after free in SVG
* CVE-2026-10008: Uninitialized Use in GPU
* CVE-2026-10009: Integer overflow in Skia
* CVE-2026-10010: Inappropriate implementation in Input
* CVE-2026-10011: Inappropriate implementation in Skia
* CVE-2026-10012: Use after free in Skia
* CVE-2026-10013: Use after free in WebCodecs
* CVE-2026-10014: Use after free in WebMIDI
* CVE-2026-10015: Integer overflow in WTF
* CVE-2026-10016: Use after free in DOM
* CVE-2026-10017: Out of bounds read in Headless
* CVE-2026-10018: Integer overflow in ANGLE
* CVE-2026-10019: Integer overflow in ANGLE
* CVE-2026-10020: Insufficient validation of untrusted input in Skia
* CVE-2026-10021: Insufficient validation of untrusted input in USB
* CVE-2026-10022: Type Confusion in V8
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-c004108bb8' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 43 Update: suricata-7.0.16-1.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-4ec2ec78d6
2026-06-01 01:00:49.844247+00:00
--------------------------------------------------------------------------------

Name : suricata
Product : Fedora 43
Version : 7.0.16
Release : 1.fc43
URL : https://suricata.io/
Summary : Intrusion Detection System
Description :
The Suricata Engine is an Open Source Next Generation Intrusion
Detection and Prevention Engine. This engine is not intended to
just replace or emulate the existing tools in the industry, but
will bring new ideas and technologies to the field. This new Engine
supports Multi-threading, Automatic Protocol Detection (IP, TCP,
UDP, ICMP, HTTP, TLS, FTP and SMB! ), Gzip Decompression, Fast IP
Matching, and GeoIP identification.

--------------------------------------------------------------------------------
Update Information:

Upstream bugfix/security release
--------------------------------------------------------------------------------
ChangeLog:

* Sat May 23 2026 Jason Taylor [jtfas90@proton.me] 7.0.16-1
- Upstream bugfix/security release
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-4ec2ec78d6' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 43 Update: mingw-objfw-1.5.4-1.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-67762cee82
2026-06-01 01:00:49.844245+00:00
--------------------------------------------------------------------------------

Name : mingw-objfw
Product : Fedora 43
Version : 1.5.4
Release : 1.fc43
URL : https://objfw.nil.im
Summary : MinGW port of ObjFW
Description :
ObjFW is a portable, lightweight framework for the Objective-C language. It
enables you to write an application in Objective-C that will run on any
platform supported by ObjFW without having to worry about differences between
operating systems or various frameworks you would otherwise need if you want to
be portable.

It supports all modern Objective-C features when using Clang, but is also
compatible with GCC ??? 4.6 to allow maximum portability.

ObjFW also comes with its own lightweight and extremely fast Objective-C
runtime, which in real world use cases was found to be significantly faster
than both GNU's and Apple's runtime.

--------------------------------------------------------------------------------
Update Information:

Update to 1.5.4.
Fixes a buffer overflow caused by integer promotion rules in
OFBMPImageFormatHandler and OFQOIImageFormatHandler.
Update to 1.5.3
--------------------------------------------------------------------------------
ChangeLog:

* Sat May 23 2026 Jonathan Schleifer [js@fedoraproject.org] - 1.5.4-1
- Update to 1.5.4
* Wed May 20 2026 Jonathan Schleifer [js@fedoraproject.org] - 1.5.3-1
- Update to 1.5.3
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-67762cee82' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------



[SECURITY] Fedora 43 Update: objfw-1.5.4-1.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-dd875b58bb
2026-06-01 01:00:49.844243+00:00
--------------------------------------------------------------------------------

Name : objfw
Product : Fedora 43
Version : 1.5.4
Release : 1.fc43
URL : https://objfw.nil.im
Summary : Portable, lightweight framework for the Objective-C language
Description :
ObjFW is a portable, lightweight framework for the Objective-C language. It
enables you to write an application in Objective-C that will run on any
platform supported by ObjFW without having to worry about differences between
operating systems or various frameworks you would otherwise need if you want to
be portable.

It supports all modern Objective-C features when using Clang, but is also
compatible with GCC ??? 4.6 to allow maximum portability.

ObjFW also comes with its own lightweight and extremely fast Objective-C
runtime, which in real world use cases was found to be significantly faster
than both GNU's and Apple's runtime.

--------------------------------------------------------------------------------
Update Information:

Update to 1.5.4.
Fixes a buffer overflow caused by integer promotion rules in
OFBMPImageFormatHandler and OFQOIImageFormatHandler.
Update to 1.5.3
--------------------------------------------------------------------------------
ChangeLog:

* Sat May 23 2026 Jonathan Schleifer [js@fedoraproject.org] - 1.5.4-1
- Update to 1.5.4
* Wed May 20 2026 Jonathan Schleifer [js@fedoraproject.org] - 1.5.3-1
- Update to 1.5.3
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-dd875b58bb' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------



[SECURITY] Fedora 43 Update: nginx-mod-vts-0.2.4-10.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-dd9cd16b18
2026-06-01 01:00:49.844212+00:00
--------------------------------------------------------------------------------

Name : nginx-mod-vts
Product : Fedora 43
Version : 0.2.4
Release : 10.fc43
URL : https://github.com/vozlt/nginx-module-vts
Summary : Nginx virtual host traffic status module
Description :
Nginx virtual host traffic status module.

--------------------------------------------------------------------------------
Update Information:

nginx-mod-brotli:
Rebuild for 1.30.2
nginx-mod-fancyindex:
Rebuild for 1.30.2
nginx-mod-naxsi:
Rebuild for 1.30.2
nginx-mod-headers-more:
Rebuild for 1.30.2
nginx-mod-vts:
Rebuild for 1.30.2
nginx-mod-modsecurity:
Rebuild for 1.30.2
nginx:
update to 1.30.2
fixes CVE-2026-9256
--------------------------------------------------------------------------------
ChangeLog:

* Sat May 23 2026 Felix Kaechele [felix@kaechele.ca] - 0.2.4-10
- Rebuild for 1.30.2
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2481243 - CVE-2026-9256 nginx: code execution and denial of service [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2481243
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-dd9cd16b18' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 43 Update: nginx-mod-naxsi-1.6-18.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-dd9cd16b18
2026-06-01 01:00:49.844212+00:00
--------------------------------------------------------------------------------

Name : nginx-mod-naxsi
Product : Fedora 43
Version : 1.6
Release : 18.fc43
URL : https://github.com/wargio/naxsi
Summary : nginx web application firewall module
Description :
naxsi is an nginx module that provides score based Web Application Firewall
(WAF) abilities in a highly granular fashion.

--------------------------------------------------------------------------------
Update Information:

nginx-mod-brotli:
Rebuild for 1.30.2
nginx-mod-fancyindex:
Rebuild for 1.30.2
nginx-mod-naxsi:
Rebuild for 1.30.2
nginx-mod-headers-more:
Rebuild for 1.30.2
nginx-mod-vts:
Rebuild for 1.30.2
nginx-mod-modsecurity:
Rebuild for 1.30.2
nginx:
update to 1.30.2
fixes CVE-2026-9256
--------------------------------------------------------------------------------
ChangeLog:

* Sat May 23 2026 Felix Kaechele [felix@kaechele.ca] - 1.6-18
- Rebuild for 1.30.2
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2481243 - CVE-2026-9256 nginx: code execution and denial of service [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2481243
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-dd9cd16b18' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 43 Update: nginx-mod-fancyindex-0.6.0-5.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-dd9cd16b18
2026-06-01 01:00:49.844212+00:00
--------------------------------------------------------------------------------

Name : nginx-mod-fancyindex
Product : Fedora 43
Version : 0.6.0
Release : 5.fc43
URL : https://github.com/aperezdc/ngx-fancyindex
Summary : Nginx FancyIndex module
Description :
The Fancy Index module makes possible the generation of file listings,
like the built-in autoindex module does, but adding a touch of style.
This is possible because the module allows a certain degree of
customization of the generated content:

* Custom headers. Either local or stored remotely.
* Custom footers. Either local or stored remotely.
* Add you own CSS style rules.
* Allow choosing to sort elements by name (default),
modification time, or size; both ascending (default),
or descending.

--------------------------------------------------------------------------------
Update Information:

nginx-mod-brotli:
Rebuild for 1.30.2
nginx-mod-fancyindex:
Rebuild for 1.30.2
nginx-mod-naxsi:
Rebuild for 1.30.2
nginx-mod-headers-more:
Rebuild for 1.30.2
nginx-mod-vts:
Rebuild for 1.30.2
nginx-mod-modsecurity:
Rebuild for 1.30.2
nginx:
update to 1.30.2
fixes CVE-2026-9256
--------------------------------------------------------------------------------
ChangeLog:

* Sat May 23 2026 Felix Kaechele [felix@kaechele.ca] - 0.6.0-5
- Rebuild for 1.30.2
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2481243 - CVE-2026-9256 nginx: code execution and denial of service [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2481243
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-dd9cd16b18' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 43 Update: perl-Crypt-PasswdMD5-1.4.3-1.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-96c8ae7dbe
2026-06-01 01:00:49.844238+00:00
--------------------------------------------------------------------------------

Name : perl-Crypt-PasswdMD5
Product : Fedora 43
Version : 1.4.3
Release : 1.fc43
URL : https://metacpan.org/release/Crypt-PasswdMD5
Summary : Provides interoperable MD5-based crypt() functions
Description :
This package provides MD5-based crypt() functions.

--------------------------------------------------------------------------------
Update Information:

This update uses a cryptographically strong random number source rather than
perl's rand() function to generate random salt values when required
(CVE-2026-6659)
--------------------------------------------------------------------------------
ChangeLog:

* Sat May 23 2026 Paul Howarth - 1.4.3-1
- Update to 1.43
- Replace use of the cryptographically weak rand() function with the much
stronger Crypt::URandom::urandom() (GH#3, CVE-2026-6659, rhbz#2479575)
- Add Encode, Exporter, ExtUtils::MakeMaker to Makefile.PL
- Add files AI_POLICY.md and SECURITY.md
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 1.4.2-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2479575 - CVE-2026-6659 perl: Crypt::PasswdMD5: Weak cryptographic salts due to predictable random number generation [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2479575
[ 2 ] Bug #2480988 - perl-Crypt-PasswdMD5-1.43 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2480988
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-96c8ae7dbe' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 43 Update: nginx-mod-brotli-1.0.0~rc-10.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-dd9cd16b18
2026-06-01 01:00:49.844212+00:00
--------------------------------------------------------------------------------

Name : nginx-mod-brotli
Product : Fedora 43
Version : 1.0.0~rc
Release : 10.fc43
URL : https://github.com/google/ngx_brotli
Summary : NGINX module for Brotli compression
Description :
NGINX module for Brotli compression.

--------------------------------------------------------------------------------
Update Information:

nginx-mod-brotli:
Rebuild for 1.30.2
nginx-mod-fancyindex:
Rebuild for 1.30.2
nginx-mod-naxsi:
Rebuild for 1.30.2
nginx-mod-headers-more:
Rebuild for 1.30.2
nginx-mod-vts:
Rebuild for 1.30.2
nginx-mod-modsecurity:
Rebuild for 1.30.2
nginx:
update to 1.30.2
fixes CVE-2026-9256
--------------------------------------------------------------------------------
ChangeLog:

* Sat May 23 2026 Felix Kaechele [felix@kaechele.ca] - 1.0.0~rc-10
- Rebuild for 1.30.2
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2481243 - CVE-2026-9256 nginx: code execution and denial of service [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2481243
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-dd9cd16b18' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 43 Update: nginx-mod-modsecurity-1.0.4-11.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-dd9cd16b18
2026-06-01 01:00:49.844212+00:00
--------------------------------------------------------------------------------

Name : nginx-mod-modsecurity
Product : Fedora 43
Version : 1.0.4
Release : 11.fc43
URL : https://github.com/SpiderLabs/ModSecurity-nginx
Summary : ModSecurity v3 nginx connector
Description :
The ModSecurity-nginx connector is the connection point between nginx and
libmodsecurity (ModSecurity v3). Said another way, this project provides a
communication channel between nginx and libmodsecurity. This connector is
required to use LibModSecurity with nginx.

The ModSecurity-nginx connector takes the form of an nginx module. The module
simply serves as a layer of communication between nginx and ModSecurity

--------------------------------------------------------------------------------
Update Information:

nginx-mod-brotli:
Rebuild for 1.30.2
nginx-mod-fancyindex:
Rebuild for 1.30.2
nginx-mod-naxsi:
Rebuild for 1.30.2
nginx-mod-headers-more:
Rebuild for 1.30.2
nginx-mod-vts:
Rebuild for 1.30.2
nginx-mod-modsecurity:
Rebuild for 1.30.2
nginx:
update to 1.30.2
fixes CVE-2026-9256
--------------------------------------------------------------------------------
ChangeLog:

* Sat May 23 2026 Felix Kaechele [felix@kaechele.ca] - 1.0.4-11
- Rebuild for 1.30.2
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2481243 - CVE-2026-9256 nginx: code execution and denial of service [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2481243
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-dd9cd16b18' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 43 Update: nginx-mod-headers-more-0.39-10.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-dd9cd16b18
2026-06-01 01:00:49.844212+00:00
--------------------------------------------------------------------------------

Name : nginx-mod-headers-more
Product : Fedora 43
Version : 0.39
Release : 10.fc43
URL : https://github.com/openresty/headers-more-nginx-module
Summary : This module allows adding, setting, or clearing specified input/output headers
Description :
This module allows adding, setting, or clearing specified input/output headers.

This is an enhanced version of the standard headers module because it provides
more utilities like resetting or clearing "builtin headers" like Content-Type,
Content-Length, and Server.

--------------------------------------------------------------------------------
Update Information:

nginx-mod-brotli:
Rebuild for 1.30.2
nginx-mod-fancyindex:
Rebuild for 1.30.2
nginx-mod-naxsi:
Rebuild for 1.30.2
nginx-mod-headers-more:
Rebuild for 1.30.2
nginx-mod-vts:
Rebuild for 1.30.2
nginx-mod-modsecurity:
Rebuild for 1.30.2
nginx:
update to 1.30.2
fixes CVE-2026-9256
--------------------------------------------------------------------------------
ChangeLog:

* Sat May 23 2026 Felix Kaechele [felix@kaechele.ca] - 0.39-10
- Rebuild for 1.30.2
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2481243 - CVE-2026-9256 nginx: code execution and denial of service [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2481243
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-dd9cd16b18' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 43 Update: nginx-1.30.2-1.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-dd9cd16b18
2026-06-01 01:00:49.844212+00:00
--------------------------------------------------------------------------------

Name : nginx
Product : Fedora 43
Version : 1.30.2
Release : 1.fc43
URL : https://nginx.org
Summary : A high performance web server and reverse proxy server
Description :
Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and
IMAP protocols, with a strong focus on high concurrency, performance and low
memory usage.

--------------------------------------------------------------------------------
Update Information:

nginx-mod-brotli:
Rebuild for 1.30.2
nginx-mod-fancyindex:
Rebuild for 1.30.2
nginx-mod-naxsi:
Rebuild for 1.30.2
nginx-mod-headers-more:
Rebuild for 1.30.2
nginx-mod-vts:
Rebuild for 1.30.2
nginx-mod-modsecurity:
Rebuild for 1.30.2
nginx:
update to 1.30.2
fixes CVE-2026-9256
--------------------------------------------------------------------------------
ChangeLog:

* Fri May 22 2026 Felix Kaechele [felix@kaechele.ca] - 2:1.30.2-1
- update to 1.30.2
- fixes CVE-2026-9256
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2481243 - CVE-2026-9256 nginx: code execution and denial of service [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2481243
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-dd9cd16b18' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 44 Update: chromium-148.0.7778.215-1.fc44


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-a688180654
2026-06-01 00:48:39.785102+00:00
--------------------------------------------------------------------------------

Name : chromium
Product : Fedora 44
Version : 148.0.7778.215
Release : 1.fc44
URL : http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).

--------------------------------------------------------------------------------
Update Information:

Update to 148.0.7778.215
CVE-2026-9872: Out of bounds write in GPU
CVE-2026-9873: Use after free in Network
CVE-2026-9874: Use after free in Dawn
CVE-2026-9875: Out of bounds read in WebGL
CVE-2026-9876: Use after free in WebGL
CVE-2026-9877: Use after free in ANGLE
CVE-2026-9878: Use after free in ANGLE
CVE-2026-9879: Out of bounds write in ANGLE
CVE-2026-9880: Insufficient validation of untrusted input in WebGL
CVE-2026-9881: Use after free in Bluetooth
CVE-2026-9882: Integer overflow in ANGLE
CVE-2026-9883: Use after free in Base
CVE-2026-9884: Use after free in Browser
CVE-2026-9885: Insufficient validation of untrusted input in UI
CVE-2026-9886: Use after free in Base
CVE-2026-9887: Use after free in Proxy
CVE-2026-9888: Use after free in WebView
CVE-2026-9889: Out of bounds read and write in Dawn
CVE-2026-9890: Use after free in XR
CVE-2026-9891: Use after free in Extensions
CVE-2026-9892: Inappropriate implementation in Skia
CVE-2026-9893: Use after free in Skia
CVE-2026-9894: Use after free in GPU
CVE-2026-9895: Out of bounds read in GPU
CVE-2026-9896: Out of bounds write in V8
CVE-2026-9897: Use after free in DOM
CVE-2026-9898: Insufficient validation of untrusted input in GPU
CVE-2026-9899: Use after free in ANGLE
CVE-2026-9900: Out of bounds write in ANGLE
CVE-2026-9901: Use after free in ANGLE
CVE-2026-9902: Use after free in Accessibility
CVE-2026-9903: Insufficient validation of untrusted input in Site Isolation
CVE-2026-9904: Use after free in ANGLE
CVE-2026-9905: Use after free in Accessibility
CVE-2026-9906: Out of bounds write in GPU
CVE-2026-9907: Out of bounds read in Dawn
CVE-2026-9908: Out of bounds read in ANGLE
CVE-2026-9909: Integer overflow in Skia
CVE-2026-9910: Out of bounds memory access in ANGLE
CVE-2026-9911: Integer overflow in ANGLE
CVE-2026-9912: Inappropriate implementation in GPU
CVE-2026-9913: Inappropriate implementation in ANGLE
CVE-2026-9914: Insufficient validation of untrusted input in ANGLE
CVE-2026-9915: Heap buffer overflow in ANGLE
CVE-2026-9916: Out of bounds write in ANGLE
CVE-2026-9917: Uninitialized Use in WebGL
CVE-2026-9918: Inappropriate implementation in Tint
CVE-2026-9919: Out of bounds read in WebGL
CVE-2026-9920: Uninitialized Use in GPU
CVE-2026-9921: Uninitialized Use in WebGL
CVE-2026-9922: Use after free in GPU
CVE-2026-9923: Use after free in Skia
CVE-2026-9924: Heap buffer overflow in ANGLE
CVE-2026-9925: Use after free in ANGLE
CVE-2026-9926: Heap buffer overflow in ANGLE
CVE-2026-9927: Use after free in ANGLE
CVE-2026-9928: Out of bounds read in ANGLE
CVE-2026-9929: Inappropriate implementation in WebGL
CVE-2026-9930: Out of bounds write in Dawn
CVE-2026-9931: Use after free in GPU
CVE-2026-9932: Use after free in ANGLE
CVE-2026-9933: Use after free in Input
CVE-2026-9934: Use after free in Aura
CVE-2026-9935: Uninitialized Use in ANGLE
CVE-2026-9936: Use after free in GFX
CVE-2026-9937: Use after free in UI
CVE-2026-9938: Inappropriate implementation in V8
CVE-2026-9939: Heap buffer overflow in WebCodecs
CVE-2026-9940: Heap buffer overflow in ANGLE
CVE-2026-9941: Use after free in ANGLE
CVE-2026-9942: Uninitialized Use in ANGLE
CVE-2026-9943: Out of bounds read in WebGL
CVE-2026-9944: Uninitialized Use in ANGLE
CVE-2026-9945: Use after free in Media
CVE-2026-9946: Use after free in ANGLE
CVE-2026-9947: Use after free in XML
CVE-2026-9948: Use after free in Views
CVE-2026-9949: Use after free in Core
CVE-2026-9950: Insufficient validation of untrusted input in iOS
CVE-2026-9951: Use after free in UI
CVE-2026-9952: Use after free in WebAudio
CVE-2026-9953: Out of bounds read in ANGLE
CVE-2026-9954: Use after free in TabStrip
CVE-2026-9955: Inappropriate implementation in iOS
CVE-2026-9956: Use after free in iOS
CVE-2026-9957: Use after free in PDF
CVE-2026-9958: Use after free in PDFium
CVE-2026-9959: Race in WebRTC
CVE-2026-9960: Integer overflow in PDFium
CVE-2026-9961: Use after free in SurfaceCapture
CVE-2026-9962: Use after free in WebRTC
CVE-2026-9963: Uninitialized Use in iOS
CVE-2026-9964: Use after free in Bluetooth
CVE-2026-9965: Out of bounds write in ANGLE
CVE-2026-9966: Integer overflow in XML
CVE-2026-9967: Out of bounds write in GPU
CVE-2026-9968: Integer overflow in V8
CVE-2026-9969: Insufficient validation of untrusted input in ANGLE
CVE-2026-9970: Use after free in WebGL
CVE-2026-9971: Inappropriate implementation in iOS
CVE-2026-9972: Uninitialized Use in Gamepad
CVE-2026-9973: Out of bounds write in V8
CVE-2026-9974: Out of bounds write in GPU
CVE-2026-9975: Out of bounds read and write in ANGLE
CVE-2026-9976: Inappropriate implementation in USB
CVE-2026-9977: Insufficient validation of untrusted input in WebShare
CVE-2026-9978: Use after free in Glic
CVE-2026-9979: Insufficient validation of untrusted input in Input
CVE-2026-9980: Insufficient validation of untrusted input in Printing
CVE-2026-9981: Inappropriate implementation in Skia
CVE-2026-9982: Insufficient validation of untrusted input in ANGLE
CVE-2026-9983: Type Confusion in Skia
CVE-2026-9984: Use after free in UI
CVE-2026-9985: Insufficient validation of untrusted input in Media
CVE-2026-9986: Insufficient validation of untrusted input in OptimizationGuide
CVE-2026-9987: Insufficient validation of untrusted input in WebAppInstalls
CVE-2026-9988: Use after free in WebRTC
CVE-2026-9989: Inappropriate implementation in Media
CVE-2026-9990: Use after free in WebAppInstalls
CVE-2026-9991: Inappropriate implementation in Media
CVE-2026-9992: Use after free in Network
CVE-2026-9993: Use after free in Views
CVE-2026-9994: Use after free in Core
CVE-2026-9995: Use after free in WebXR
CVE-2026-9996: Out of bounds read in WebRTC
CVE-2026-9997: Use after free in Input
CVE-2026-9998: Integer overflow in Skia
CVE-2026-9999: Inappropriate implementation in ANGLE
CVE-2026-10000: Use after free in Passwords
CVE-2026-10001: Use after free in PerformanceManager
CVE-2026-10002: Use after free in PDFium
CVE-2026-10003: Use after free in Views
CVE-2026-10004: Insufficient validation of untrusted input in Passwords
CVE-2026-10005: Use after free in WebAppInstalls
CVE-2026-10006: Race in WebAudio
CVE-2026-10007: Use after free in SVG
CVE-2026-10008: Uninitialized Use in GPU
CVE-2026-10009: Integer overflow in Skia
CVE-2026-10010: Inappropriate implementation in Input
CVE-2026-10011: Inappropriate implementation in Skia
CVE-2026-10012: Use after free in Skia
CVE-2026-10013: Use after free in WebCodecs
CVE-2026-10014: Use after free in WebMIDI
CVE-2026-10015: Integer overflow in WTF
CVE-2026-10016: Use after free in DOM
CVE-2026-10017: Out of bounds read in Headless
CVE-2026-10018: Integer overflow in ANGLE
CVE-2026-10019: Integer overflow in ANGLE
CVE-2026-10020: Insufficient validation of untrusted input in Skia
CVE-2026-10021: Insufficient validation of untrusted input in USB
CVE-2026-10022: Type Confusion in V8
--------------------------------------------------------------------------------
ChangeLog:

* Fri May 29 2026 Than Ngo [than@redhat.com] - 148.0.7778.215-1
- Update to 148.0.7778.215
* CVE-2026-9872: Out of bounds write in GPU
* CVE-2026-9873: Use after free in Network
* CVE-2026-9874: Use after free in Dawn
* CVE-2026-9875: Out of bounds read in WebGL
* CVE-2026-9876: Use after free in WebGL
* CVE-2026-9877: Use after free in ANGLE
* CVE-2026-9878: Use after free in ANGLE
* CVE-2026-9879: Out of bounds write in ANGLE
* CVE-2026-9880: Insufficient validation of untrusted input in WebGL
* CVE-2026-9881: Use after free in Bluetooth
* CVE-2026-9882: Integer overflow in ANGLE
* CVE-2026-9883: Use after free in Base
* CVE-2026-9884: Use after free in Browser
* CVE-2026-9885: Insufficient validation of untrusted input in UI
* CVE-2026-9886: Use after free in Base
* CVE-2026-9887: Use after free in Proxy
* CVE-2026-9888: Use after free in WebView
* CVE-2026-9889: Out of bounds read and write in Dawn
* CVE-2026-9890: Use after free in XR
* CVE-2026-9891: Use after free in Extensions
* CVE-2026-9892: Inappropriate implementation in Skia
* CVE-2026-9893: Use after free in Skia
* CVE-2026-9894: Use after free in GPU
* CVE-2026-9895: Out of bounds read in GPU
* CVE-2026-9896: Out of bounds write in V8
* CVE-2026-9897: Use after free in DOM
* CVE-2026-9898: Insufficient validation of untrusted input in GPU
* CVE-2026-9899: Use after free in ANGLE
* CVE-2026-9900: Out of bounds write in ANGLE
* CVE-2026-9901: Use after free in ANGLE
* CVE-2026-9902: Use after free in Accessibility
* CVE-2026-9903: Insufficient validation of untrusted input in Site Isolation
* CVE-2026-9904: Use after free in ANGLE
* CVE-2026-9905: Use after free in Accessibility
* CVE-2026-9906: Out of bounds write in GPU
* CVE-2026-9907: Out of bounds read in Dawn
* CVE-2026-9908: Out of bounds read in ANGLE
* CVE-2026-9909: Integer overflow in Skia
* CVE-2026-9910: Out of bounds memory access in ANGLE
* CVE-2026-9911: Integer overflow in ANGLE
* CVE-2026-9912: Inappropriate implementation in GPU
* CVE-2026-9913: Inappropriate implementation in ANGLE
* CVE-2026-9914: Insufficient validation of untrusted input in ANGLE
* CVE-2026-9915: Heap buffer overflow in ANGLE
* CVE-2026-9916: Out of bounds write in ANGLE
* CVE-2026-9917: Uninitialized Use in WebGL
* CVE-2026-9918: Inappropriate implementation in Tint
* CVE-2026-9919: Out of bounds read in WebGL
* CVE-2026-9920: Uninitialized Use in GPU
* CVE-2026-9921: Uninitialized Use in WebGL
* CVE-2026-9922: Use after free in GPU
* CVE-2026-9923: Use after free in Skia
* CVE-2026-9924: Heap buffer overflow in ANGLE
* CVE-2026-9925: Use after free in ANGLE
* CVE-2026-9926: Heap buffer overflow in ANGLE
* CVE-2026-9927: Use after free in ANGLE
* CVE-2026-9928: Out of bounds read in ANGLE
* CVE-2026-9929: Inappropriate implementation in WebGL
* CVE-2026-9930: Out of bounds write in Dawn
* CVE-2026-9931: Use after free in GPU
* CVE-2026-9932: Use after free in ANGLE
* CVE-2026-9933: Use after free in Input
* CVE-2026-9934: Use after free in Aura
* CVE-2026-9935: Uninitialized Use in ANGLE
* CVE-2026-9936: Use after free in GFX
* CVE-2026-9937: Use after free in UI
* CVE-2026-9938: Inappropriate implementation in V8
* CVE-2026-9939: Heap buffer overflow in WebCodecs
* CVE-2026-9940: Heap buffer overflow in ANGLE
* CVE-2026-9941: Use after free in ANGLE
* CVE-2026-9942: Uninitialized Use in ANGLE
* CVE-2026-9943: Out of bounds read in WebGL
* CVE-2026-9944: Uninitialized Use in ANGLE
* CVE-2026-9945: Use after free in Media
* CVE-2026-9946: Use after free in ANGLE
* CVE-2026-9947: Use after free in XML
* CVE-2026-9948: Use after free in Views
* CVE-2026-9949: Use after free in Core
* CVE-2026-9950: Insufficient validation of untrusted input in iOS
* CVE-2026-9951: Use after free in UI
* CVE-2026-9952: Use after free in WebAudio
* CVE-2026-9953: Out of bounds read in ANGLE
* CVE-2026-9954: Use after free in TabStrip
* CVE-2026-9955: Inappropriate implementation in iOS
* CVE-2026-9956: Use after free in iOS
* CVE-2026-9957: Use after free in PDF
* CVE-2026-9958: Use after free in PDFium
* CVE-2026-9959: Race in WebRTC
* CVE-2026-9960: Integer overflow in PDFium
* CVE-2026-9961: Use after free in SurfaceCapture
* CVE-2026-9962: Use after free in WebRTC
* CVE-2026-9963: Uninitialized Use in iOS
* CVE-2026-9964: Use after free in Bluetooth
* CVE-2026-9965: Out of bounds write in ANGLE
* CVE-2026-9966: Integer overflow in XML
* CVE-2026-9967: Out of bounds write in GPU
* CVE-2026-9968: Integer overflow in V8
* CVE-2026-9969: Insufficient validation of untrusted input in ANGLE
* CVE-2026-9970: Use after free in WebGL
* CVE-2026-9971: Inappropriate implementation in iOS
* CVE-2026-9972: Uninitialized Use in Gamepad
* CVE-2026-9973: Out of bounds write in V8
* CVE-2026-9974: Out of bounds write in GPU
* CVE-2026-9975: Out of bounds read and write in ANGLE
* CVE-2026-9976: Inappropriate implementation in USB
* CVE-2026-9977: Insufficient validation of untrusted input in WebShare
* CVE-2026-9978: Use after free in Glic
* CVE-2026-9979: Insufficient validation of untrusted input in Input
* CVE-2026-9980: Insufficient validation of untrusted input in Printing
* CVE-2026-9981: Inappropriate implementation in Skia
* CVE-2026-9982: Insufficient validation of untrusted input in ANGLE
* CVE-2026-9983: Type Confusion in Skia
* CVE-2026-9984: Use after free in UI
* CVE-2026-9985: Insufficient validation of untrusted input in Media
* CVE-2026-9986: Insufficient validation of untrusted input in OptimizationGuide
* CVE-2026-9987: Insufficient validation of untrusted input in WebAppInstalls
* CVE-2026-9988: Use after free in WebRTC
* CVE-2026-9989: Inappropriate implementation in Media
* CVE-2026-9990: Use after free in WebAppInstalls
* CVE-2026-9991: Inappropriate implementation in Media
* CVE-2026-9992: Use after free in Network
* CVE-2026-9993: Use after free in Views
* CVE-2026-9994: Use after free in Core
* CVE-2026-9995: Use after free in WebXR
* CVE-2026-9996: Out of bounds read in WebRTC
* CVE-2026-9997: Use after free in Input
* CVE-2026-9998: Integer overflow in Skia
* CVE-2026-9999: Inappropriate implementation in ANGLE
* CVE-2026-10000: Use after free in Passwords
* CVE-2026-10001: Use after free in PerformanceManager
* CVE-2026-10002: Use after free in PDFium
* CVE-2026-10003: Use after free in Views
* CVE-2026-10004: Insufficient validation of untrusted input in Passwords
* CVE-2026-10005: Use after free in WebAppInstalls
* CVE-2026-10006: Race in WebAudio
* CVE-2026-10007: Use after free in SVG
* CVE-2026-10008: Uninitialized Use in GPU
* CVE-2026-10009: Integer overflow in Skia
* CVE-2026-10010: Inappropriate implementation in Input
* CVE-2026-10011: Inappropriate implementation in Skia
* CVE-2026-10012: Use after free in Skia
* CVE-2026-10013: Use after free in WebCodecs
* CVE-2026-10014: Use after free in WebMIDI
* CVE-2026-10015: Integer overflow in WTF
* CVE-2026-10016: Use after free in DOM
* CVE-2026-10017: Out of bounds read in Headless
* CVE-2026-10018: Integer overflow in ANGLE
* CVE-2026-10019: Integer overflow in ANGLE
* CVE-2026-10020: Insufficient validation of untrusted input in Skia
* CVE-2026-10021: Insufficient validation of untrusted input in USB
* CVE-2026-10022: Type Confusion in V8
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-a688180654' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 44 Update: suricata-8.0.5-1.fc44


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-53a00bb643
2026-06-01 00:48:39.785078+00:00
--------------------------------------------------------------------------------

Name : suricata
Product : Fedora 44
Version : 8.0.5
Release : 1.fc44
URL : https://suricata.io/
Summary : Intrusion Detection System
Description :
The Suricata Engine is an Open Source Next Generation Intrusion
Detection and Prevention Engine. This engine is not intended to
just replace or emulate the existing tools in the industry, but
will bring new ideas and technologies to the field. This new Engine
supports Multi-threading, Automatic Protocol Detection (IP, TCP,
UDP, ICMP, HTTP, TLS, FTP and SMB! ), Gzip Decompression, Fast IP
Matching, and GeoIP identification.

--------------------------------------------------------------------------------
Update Information:

Upstream bugfix/security release
--------------------------------------------------------------------------------
ChangeLog:

* Sat May 23 2026 Jason Taylor [jtfas90@proton.me] - 8.0.5-1
- Upstream security/bugfix release
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-53a00bb643' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 44 Update: mingw-objfw-1.5.4-1.fc44


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-59c21cd48b
2026-06-01 00:48:39.785075+00:00
--------------------------------------------------------------------------------

Name : mingw-objfw
Product : Fedora 44
Version : 1.5.4
Release : 1.fc44
URL : https://objfw.nil.im
Summary : MinGW port of ObjFW
Description :
ObjFW is a portable, lightweight framework for the Objective-C language. It
enables you to write an application in Objective-C that will run on any
platform supported by ObjFW without having to worry about differences between
operating systems or various frameworks you would otherwise need if you want to
be portable.

It supports all modern Objective-C features when using Clang, but is also
compatible with GCC ??? 4.6 to allow maximum portability.

ObjFW also comes with its own lightweight and extremely fast Objective-C
runtime, which in real world use cases was found to be significantly faster
than both GNU's and Apple's runtime.

--------------------------------------------------------------------------------
Update Information:

Update to 1.5.4.
Fixes a buffer overflow caused by integer promotion rules in
OFBMPImageFormatHandler and OFQOIImageFormatHandler.
Update to 1.5.3
--------------------------------------------------------------------------------
ChangeLog:

* Sat May 23 2026 Jonathan Schleifer [js@fedoraproject.org] - 1.5.4-1
- Update to 1.5.4
* Wed May 20 2026 Jonathan Schleifer [js@fedoraproject.org] - 1.5.3-1
- Update to 1.5.3
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-59c21cd48b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------



[SECURITY] Fedora 44 Update: objfw-1.5.4-1.fc44


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-f9938a84c7
2026-06-01 00:48:39.785072+00:00
--------------------------------------------------------------------------------

Name : objfw
Product : Fedora 44
Version : 1.5.4
Release : 1.fc44
URL : https://objfw.nil.im
Summary : Portable, lightweight framework for the Objective-C language
Description :
ObjFW is a portable, lightweight framework for the Objective-C language. It
enables you to write an application in Objective-C that will run on any
platform supported by ObjFW without having to worry about differences between
operating systems or various frameworks you would otherwise need if you want to
be portable.

It supports all modern Objective-C features when using Clang, but is also
compatible with GCC ??? 4.6 to allow maximum portability.

ObjFW also comes with its own lightweight and extremely fast Objective-C
runtime, which in real world use cases was found to be significantly faster
than both GNU's and Apple's runtime.

--------------------------------------------------------------------------------
Update Information:

Update to 1.5.4.
Fixes a buffer overflow caused by integer promotion rules in
OFBMPImageFormatHandler and OFQOIImageFormatHandler.
Update to 1.5.3
--------------------------------------------------------------------------------
ChangeLog:

* Sat May 23 2026 Jonathan Schleifer [js@fedoraproject.org] - 1.5.4-1
- Update to 1.5.4
* Wed May 20 2026 Jonathan Schleifer [js@fedoraproject.org] - 1.5.3-1
- Update to 1.5.3
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-f9938a84c7' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------



[SECURITY] Fedora 44 Update: perl-Crypt-PasswdMD5-1.4.3-1.fc44


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-30d86fe986
2026-06-01 00:48:39.785062+00:00
--------------------------------------------------------------------------------

Name : perl-Crypt-PasswdMD5
Product : Fedora 44
Version : 1.4.3
Release : 1.fc44
URL : https://metacpan.org/release/Crypt-PasswdMD5
Summary : Provides interoperable MD5-based crypt() functions
Description :
This package provides MD5-based crypt() functions.

--------------------------------------------------------------------------------
Update Information:

This update uses a cryptographically strong random number source rather than
perl's rand() function to generate random salt values when required
(CVE-2026-6659)
--------------------------------------------------------------------------------
ChangeLog:

* Sat May 23 2026 Paul Howarth - 1.4.3-1
- Update to 1.43
- Replace use of the cryptographically weak rand() function with the much
stronger Crypt::URandom::urandom() (GH#3, CVE-2026-6659, rhbz#2479575)
- Add Encode, Exporter, ExtUtils::MakeMaker to Makefile.PL
- Add files AI_POLICY.md and SECURITY.md
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2479575 - CVE-2026-6659 perl: Crypt::PasswdMD5: Weak cryptographic salts due to predictable random number generation [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2479575
[ 2 ] Bug #2480988 - perl-Crypt-PasswdMD5-1.43 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2480988
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-30d86fe986' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 44 Update: libsoup3-3.6.6-8.fc44


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-ce6cab40ac
2026-06-01 00:48:39.785049+00:00
--------------------------------------------------------------------------------

Name : libsoup3
Product : Fedora 44
Version : 3.6.6
Release : 8.fc44
URL : https://wiki.gnome.org/Projects/libsoup
Summary : Soup, an HTTP library implementation
Description :
Libsoup is an HTTP library implementation in C. It was originally part
of a SOAP (Simple Object Access Protocol) implementation called Soup, but
the SOAP and non-SOAP parts have now been split into separate packages.

libsoup uses the Glib main loop and is designed to work well with GTK
applications. This enables GNOME applications to access HTTP servers
on the network in a completely asynchronous fashion, very similar to
the Gtk+ programming model (a synchronous operation mode is also
supported for those who want it), but the SOAP parts were removed
long ago.

--------------------------------------------------------------------------------
Update Information:

Patch for CVE-2026-5119
--------------------------------------------------------------------------------
ChangeLog:

* Wed May 20 2026 Luigi Pavan [lpavan@redhat.com] - 3.6.6-8
- Fix CVE-2026-5119: cookies sent in cleartext to HTTP proxy for HTTPS
requests
* Mon Apr 27 2026 Michael Catanzaro [mcatanzaro@gnome.org] - 3.6.6-7
- Tighten glib-networking dependency to Requires
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2452935 - CVE-2026-5119 libsoup3: libsoup: Information disclosure via cleartext transmission of cookies during HTTPS tunnel establishment [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2452935
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-ce6cab40ac' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new


Symfony, Chromium, Git LFS, Keystone, and Dovecot updates for Debian

PHP, Python, Fence-Agents and Virtual Networking updates for RHEL

Windows

Linux

macOS

Community

  • Lexonight
    Hey everyone,Wanted to share a project I've been b ...
  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...