Fedora recently released security notifications covering three distinct software updates across its version 43 and 44 Linux distributions. A critical patch resolves an out of bounds write vulnerability in Skia affecting the chromium browser package on Fedora 43 specifically. Systemd gains better sanitization while forgejo receives a new release with upstream bug fixes included. Applying these changes safely requires administrators to run the dnf upgrade command using the specific advisory identifiers listed at the end of each notice.

Fedora 43 Update: chromium-146.0.7680.80-1.fc43
Fedora 44 Update: systemd-259.5-1.fc44
Fedora 44 Update: forgejo-14.0.3-1.fc44

[SECURITY] Fedora 43 Update: chromium-146.0.7680.80-1.fc43

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-44c7458a92
2026-03-18 01:08:58.822451+00:00
--------------------------------------------------------------------------------

Name : chromium
Product : Fedora 43
Version : 146.0.7680.80
Release : 1.fc43
URL : http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).

--------------------------------------------------------------------------------
Update Information:

Update to 146.0.7680.80
* CVE-2026-3909: Out of bounds write in Ski
--------------------------------------------------------------------------------
ChangeLog:

* Sat Mar 14 2026 Than Ngo [than@redhat.com] - 146.0.7680.80-1
- Update to 146.0.7680.80
* CVE-2026-3909: Out of bounds write in Skia
* Fri Mar 13 2026 Than Ngo [than@redhat.com] - 146.0.7680.75-1
- Update to 146.0.7680.75
* CVE-2026-3910: Inappropriate implementation in V8
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2447254 - CVE-2026-3909 CVE-2026-3910 chromium: various flaws [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2447254
[ 2 ] Bug #2447255 - CVE-2026-3909 CVE-2026-3910 chromium: various flaws [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2447255
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-44c7458a92' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 44 Update: systemd-259.5-1.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-67f57405ee
2026-03-18 00:14:40.063678+00:00
--------------------------------------------------------------------------------

Name : systemd
Product : Fedora 44
Version : 259.5
Release : 1.fc44
URL : https://systemd.io
Summary : System and Service Manager
Description :
systemd is a system and service manager that runs as PID 1 and starts the rest
of the system. It provides aggressive parallelization capabilities, uses socket
and D-Bus activation for starting services, offers on-demand starting of
daemons, keeps track of processes using Linux control groups, maintains mount
and automount points, and implements an elaborate transactional dependency-based
service control logic. systemd supports SysV and LSB init scripts and works as a
replacement for sysvinit. Other parts of this package are a logging daemon,
utilities to control basic system configuration like the hostname, date, locale,
maintain a list of logged-in users, system accounts, runtime directories and
settings, and a logging daemons.

This package was built from the v259-stable branch of systemd.

--------------------------------------------------------------------------------
Update Information:

More bugfixes.
A bunch of bugfixes
More sanitization for invalid values received from hardware and firmware
--------------------------------------------------------------------------------
ChangeLog:

* Fri Mar 13 2026 Zbigniew J??drzejewski-Szmek [zbyszek@amutable.com] - 259.5-1
- Version 259.5
- Even more fixes, incl. a fix for a bad patch in .4
* Thu Mar 12 2026 Zbigniew J??drzejewski-Szmek [zbyszek@amutable.com] - 259.4-1
- Version 259.4
- A bunch of bugfixes
- More sanitization for invalid values received from hardware and firmware
* Thu Mar 12 2026 Marcin Juszkiewicz [mjuszkiewicz@redhat.com] - 259.3-3
- riscv64 port has LTO disabled
* Thu Mar 5 2026 Hans de Goede [johannes.goede@oss.qualcomm.com] - 259.3-2
- Silence false positive "HWID match failed, no DT blob" error
(rhbz#2444759)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2447267 - CVE-2026-4105 systemd: systemd: Privilege escalation via improper access control in RegisterMachine D-Bus method [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2447267
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-67f57405ee' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

[SECURITY] Fedora 44 Update: forgejo-14.0.3-1.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-a02182de40
2026-03-18 00:14:40.063614+00:00
--------------------------------------------------------------------------------

Name : forgejo
Product : Fedora 44
Version : 14.0.3
Release : 1.fc44
URL : https://forgejo.org
Summary : A lightweight software forge
Description :
Forgejo (pronounced /for??d????e.jo/) is a lightweight software forge. Use it to
host git repositories, track their issues and allow people to contribute to
them!

--------------------------------------------------------------------------------
Update Information:

This is an upstream bug and security fix release. Please view the upstream
release notes for more details.
--------------------------------------------------------------------------------
ChangeLog:

* Mon Mar 9 2026 Nils Philippsen [nils@redhat.com] - 14.0.3-1
- Update to 14.0.3
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-a02182de40' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------