Containernetworking-Plugins, Chromium, Python-Multipart, Musescore updates for Fedora

Fedora Linux 9290 Published 2026-03-25 07:21 by Philipp Esselbach

News

Fedora users on versions 42, 43 and 44 need to apply several new security patches to fix vulnerabilities in popular packages like chromium and musescore. These updates address serious issues including container escape risks, memory corruption bugs, and improper input validation found within the browser engine. Other important fixes also appear for containernetworking-plugins and python-multipart alongside a major browser release containing many CVEs. System administrators can install these changes securely using the dnf upgrade command with the provided advisory identifiers.

Fedora 42 Update: containernetworking-plugins-1.9.1-1.fc42
Fedora 43 Update: chromium-146.0.7680.153-1.fc43
Fedora 43 Update: python-multipart-1.3.1-1.fc43
Fedora 43 Update: containernetworking-plugins-1.9.1-1.fc43
Fedora 44 Update: chromium-146.0.7680.153-1.fc44
Fedora 44 Update: musescore-4.6.5-37.fc44
Fedora 44 Update: containernetworking-plugins-1.9.1-1.fc44

[SECURITY] Fedora 42 Update: containernetworking-plugins-1.9.1-1.fc42

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-7ed700921c
2026-03-25 02:08:12.251941+00:00
--------------------------------------------------------------------------------

Name : containernetworking-plugins
Product : Fedora 42
Version : 1.9.1
Release : 1.fc42
URL : https://github.com/containernetworking/plugins
Summary : Reference and example networking plugins, maintained by the CNI team
Description :

Reference and example networking plugins, maintained by the CNI team.
The CNI (Container Network Interface) project consists of a specification
and libraries for writing plugins to configure network interfaces in Linux
containers, along with a number of supported plugins. CNI concerns itself
only with network connectivity of containers and removing allocated resources
when the container is deleted.

--------------------------------------------------------------------------------
Update Information:

Update to release v1.9.1
--------------------------------------------------------------------------------
ChangeLog:

* Mon Mar 16 2026 Bradley G Smith [bradley.g.smith@gmail.com] - 1.9.1-1
- Update to release v1.9.1
- Resolves: rhbz#2448053, rhbz#2423997, rhbz#2424031
- Upstream fixes
* Mon Feb 2 2026 Maxwell G [maxwell@gtmx.me] - 1.9.0-4
- Rebuild for https://fedoraproject.org/wiki/Changes/golang1.26
* Fri Jan 16 2026 Fedora Release Engineering [releng@fedoraproject.org] - 1.9.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
* Fri Jan 16 2026 Fedora Release Engineering [releng@fedoraproject.org] - 1.9.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2423997 - [Minor Incident] CVE-2025-52881 containernetworking-plugins: container escape and denial of service due to arbitrary write gadgets and procfs write redirects [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2423997
[ 2 ] Bug #2424031 - [Minor Incident] CVE-2025-52881 containernetworking-plugins: container escape and denial of service due to arbitrary write gadgets and procfs write redirects [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2424031
[ 3 ] Bug #2448053 - containernetworking-plugins-1.9.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2448053
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-7ed700921c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 43 Update: chromium-146.0.7680.153-1.fc43

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-ae897eb928
2026-03-25 01:38:51.797407+00:00
--------------------------------------------------------------------------------

Name : chromium
Product : Fedora 43
Version : 146.0.7680.153
Release : 1.fc43
URL : http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).

--------------------------------------------------------------------------------
Update Information:

Update to 146.0.7680.153
* CVE-2026-4439: Out of bounds memory access in WebGL
* CVE-2026-4440: Out of bounds read and write in WebGL
* CVE-2026-4441: Use after free in Base
* CVE-2026-4442: Heap buffer overflow in CSS
* CVE-2026-4443: Heap buffer overflow in WebAudio
* CVE-2026-4444: Stack buffer overflow in WebRTC
* CVE-2026-4445: Use after free in WebRTC
* CVE-2026-4446: Use after free in WebRTC
* CVE-2026-4447: Inappropriate implementation in V8
* CVE-2026-4448: Heap buffer overflow in ANGLE
* CVE-2026-4449: Use after free in Blink
* CVE-2026-4450: Out of bounds write in V8
* CVE-2026-4451: Insufficient validation of untrusted input in Navigation
* CVE-2026-4452: Integer overflow in ANGLE
* CVE-2026-4453: Integer overflow in Dawn
* CVE-2026-4454: Use after free in Network
* CVE-2026-4455: Heap buffer overflow in PDFium
* CVE-2026-4456: Use after free in Digital Credentials API
* CVE-2026-4457: Type Confusion in V8
* CVE-2026-4458: Use after free in Extensions
* CVE-2026-4459: Out of bounds read and write in WebAudio
* CVE-2026-4460: Out of bounds read in Skia
* CVE-2026-4461: Inappropriate implementation in V8
* CVE-2026-4462: Out of bounds read in Blink
* CVE-2026-4463: Heap buffer overflow in WebRTC
* CVE-2026-4464: Integer overflow in ANGLE
--------------------------------------------------------------------------------
ChangeLog:

* Fri Mar 20 2026 Than Ngo [than@redhat.com] - 146.0.7680.153-1
- Update to 146.0.7680.153
* CVE-2026-4439: Out of bounds memory access in WebGL
* CVE-2026-4440: Out of bounds read and write in WebGL
* CVE-2026-4441: Use after free in Base
* CVE-2026-4442: Heap buffer overflow in CSS
* CVE-2026-4443: Heap buffer overflow in WebAudio
* CVE-2026-4444: Stack buffer overflow in WebRTC
* CVE-2026-4445: Use after free in WebRTC
* CVE-2026-4446: Use after free in WebRTC
* CVE-2026-4447: Inappropriate implementation in V8
* CVE-2026-4448: Heap buffer overflow in ANGLE
* CVE-2026-4449: Use after free in Blink
* CVE-2026-4450: Out of bounds write in V8
* CVE-2026-4451: Insufficient validation of untrusted input in Navigation
* CVE-2026-4452: Integer overflow in ANGLE
* CVE-2026-4453: Integer overflow in Dawn
* CVE-2026-4454: Use after free in Network
* CVE-2026-4455: Heap buffer overflow in PDFium
* CVE-2026-4456: Use after free in Digital Credentials API
* CVE-2026-4457: Type Confusion in V8
* CVE-2026-4458: Use after free in Extensions
* CVE-2026-4459: Out of bounds read and write in WebAudio
* CVE-2026-4460: Out of bounds read in Skia
* CVE-2026-4461: Inappropriate implementation in V8
* CVE-2026-4462: Out of bounds read in Blink
* CVE-2026-4463: Heap buffer overflow in WebRTC
* CVE-2026-4464: Integer overflow in ANGLE
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-ae897eb928' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 43 Update: python-multipart-1.3.1-1.fc43

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-5c75eb75d1
2026-03-25 01:38:51.797400+00:00
--------------------------------------------------------------------------------

Name : python-multipart
Product : Fedora 43
Version : 1.3.1
Release : 1.fc43
URL : https://github.com/defnull/multipart
Summary : Parser for multipart/form-data
Description :
This module provides a fast incremental non-blocking parser for
multipart/form-data [HTML5, RFC7578], as well as blocking alternatives for
easier use in WSGI or CGI applications.

--------------------------------------------------------------------------------
Update Information:

Update to version 1.3.1 to fix CVE-2026-28356.
--------------------------------------------------------------------------------
ChangeLog:

* Mon Mar 16 2026 Carl George [carlwgeorge@fedoraproject.org] - 1.3.1-1
- Update to version 1.3.1 rhbz#2443306
- Fixes CVE-2026-28356 rhbz#2447328
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2447328 - CVE-2026-28356 python-multipart: denial of service via maliciously crafted HTTP or multipart segment headers [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2447328
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-5c75eb75d1' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 43 Update: containernetworking-plugins-1.9.1-1.fc43

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-8ee0451243
2026-03-25 01:38:51.797389+00:00
--------------------------------------------------------------------------------

Name : containernetworking-plugins
Product : Fedora 43
Version : 1.9.1
Release : 1.fc43
URL : https://github.com/containernetworking/plugins
Summary : Reference and example networking plugins, maintained by the CNI team
Description :

Reference and example networking plugins, maintained by the CNI team.
The CNI (Container Network Interface) project consists of a specification
and libraries for writing plugins to configure network interfaces in Linux
containers, along with a number of supported plugins. CNI concerns itself
only with network connectivity of containers and removing allocated resources
when the container is deleted.

--------------------------------------------------------------------------------
Update Information:

Update to release v1.9.1
Resolves: rhbz#2448053, rhbz#2423997, rhbz#2424031
Upstream fixes
--------------------------------------------------------------------------------
ChangeLog:

* Mon Mar 16 2026 Bradley G Smith [bradley.g.smith@gmail.com] - 1.9.1-1
- Update to release v1.9.1
- Resolves: rhbz#2448053, rhbz#2423997, rhbz#2424031
- Upstream fixes
* Mon Feb 2 2026 Maxwell G [maxwell@gtmx.me] - 1.9.0-4
- Rebuild for https://fedoraproject.org/wiki/Changes/golang1.26
* Fri Jan 16 2026 Fedora Release Engineering [releng@fedoraproject.org] - 1.9.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
* Fri Jan 16 2026 Fedora Release Engineering [releng@fedoraproject.org] - 1.9.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2423997 - [Minor Incident] CVE-2025-52881 containernetworking-plugins: container escape and denial of service due to arbitrary write gadgets and procfs write redirects [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2423997
[ 2 ] Bug #2424031 - [Minor Incident] CVE-2025-52881 containernetworking-plugins: container escape and denial of service due to arbitrary write gadgets and procfs write redirects [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2424031
[ 3 ] Bug #2448053 - containernetworking-plugins-1.9.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2448053
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-8ee0451243' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 44 Update: chromium-146.0.7680.153-1.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-920df14fb5
2026-03-25 00:55:25.741845+00:00
--------------------------------------------------------------------------------

Name : chromium
Product : Fedora 44
Version : 146.0.7680.153
Release : 1.fc44
URL : http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).

--------------------------------------------------------------------------------
Update Information:

Update to 146.0.7680.153
* CVE-2026-4439: Out of bounds memory access in WebGL
* CVE-2026-4440: Out of bounds read and write in WebGL
* CVE-2026-4441: Use after free in Base
* CVE-2026-4442: Heap buffer overflow in CSS
* CVE-2026-4443: Heap buffer overflow in WebAudio
* CVE-2026-4444: Stack buffer overflow in WebRTC
* CVE-2026-4445: Use after free in WebRTC
* CVE-2026-4446: Use after free in WebRTC
* CVE-2026-4447: Inappropriate implementation in V8
* CVE-2026-4448: Heap buffer overflow in ANGLE
* CVE-2026-4449: Use after free in Blink
* CVE-2026-4450: Out of bounds write in V8
* CVE-2026-4451: Insufficient validation of untrusted input in Navigation
* CVE-2026-4452: Integer overflow in ANGLE
* CVE-2026-4453: Integer overflow in Dawn
* CVE-2026-4454: Use after free in Network
* CVE-2026-4455: Heap buffer overflow in PDFium
* CVE-2026-4456: Use after free in Digital Credentials API
* CVE-2026-4457: Type Confusion in V8
* CVE-2026-4458: Use after free in Extensions
* CVE-2026-4459: Out of bounds read and write in WebAudio
* CVE-2026-4460: Out of bounds read in Skia
* CVE-2026-4461: Inappropriate implementation in V8
* CVE-2026-4462: Out of bounds read in Blink
* CVE-2026-4463: Heap buffer overflow in WebRTC
* CVE-2026-4464: Integer overflow in ANGLE
--------------------------------------------------------------------------------
ChangeLog:

* Fri Mar 20 2026 Than Ngo [than@redhat.com] - 146.0.7680.153-1
- Update to 146.0.7680.153
* CVE-2026-4439: Out of bounds memory access in WebGL
* CVE-2026-4440: Out of bounds read and write in WebGL
* CVE-2026-4441: Use after free in Base
* CVE-2026-4442: Heap buffer overflow in CSS
* CVE-2026-4443: Heap buffer overflow in WebAudio
* CVE-2026-4444: Stack buffer overflow in WebRTC
* CVE-2026-4445: Use after free in WebRTC
* CVE-2026-4446: Use after free in WebRTC
* CVE-2026-4447: Inappropriate implementation in V8
* CVE-2026-4448: Heap buffer overflow in ANGLE
* CVE-2026-4449: Use after free in Blink
* CVE-2026-4450: Out of bounds write in V8
* CVE-2026-4451: Insufficient validation of untrusted input in Navigation
* CVE-2026-4452: Integer overflow in ANGLE
* CVE-2026-4453: Integer overflow in Dawn
* CVE-2026-4454: Use after free in Network
* CVE-2026-4455: Heap buffer overflow in PDFium
* CVE-2026-4456: Use after free in Digital Credentials API
* CVE-2026-4457: Type Confusion in V8
* CVE-2026-4458: Use after free in Extensions
* CVE-2026-4459: Out of bounds read and write in WebAudio
* CVE-2026-4460: Out of bounds read in Skia
* CVE-2026-4461: Inappropriate implementation in V8
* CVE-2026-4462: Out of bounds read in Blink
* CVE-2026-4463: Heap buffer overflow in WebRTC
* CVE-2026-4464: Integer overflow in ANGLE
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-920df14fb5' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 44 Update: musescore-4.6.5-37.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-390ce5262d
2026-03-25 00:55:25.741814+00:00
--------------------------------------------------------------------------------

Name : musescore
Product : Fedora 44
Version : 4.6.5
Release : 37.fc44
URL : https://musescore.org/
Summary : Music Composition & Notation Software
Description :
MuseScore is a free cross platform WYSIWYG music notation program. Some
highlights:

* WYSIWYG, notes are entered on a "virtual note sheet"
* Unlimited number of staves
* Up to four voices per staff
* Easy and fast note entry with mouse, keyboard or MIDI
* Integrated sequencer and FluidSynth software synthesizer
* Import and export of MusicXML and Standard MIDI Files (SMF)
* Translated in 26 languages

--------------------------------------------------------------------------------
Update Information:

Rebuilt with updated dr_wav to fix CVE-2026-29022.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Mar 4 2026 Benjamin A. Beasley [code@musicinmybrain.net] - 4.6.5-37
- Rebuilt with updated dr_wav to fix CVE-2026-29022
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-390ce5262d' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 44 Update: containernetworking-plugins-1.9.1-1.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-d6b4b4df31
2026-03-25 00:55:25.741810+00:00
--------------------------------------------------------------------------------

Name : containernetworking-plugins
Product : Fedora 44
Version : 1.9.1
Release : 1.fc44
URL : https://github.com/containernetworking/plugins
Summary : Reference and example networking plugins, maintained by the CNI team
Description :

Reference and example networking plugins, maintained by the CNI team.
The CNI (Container Network Interface) project consists of a specification
and libraries for writing plugins to configure network interfaces in Linux
containers, along with a number of supported plugins. CNI concerns itself
only with network connectivity of containers and removing allocated resources
when the container is deleted.

--------------------------------------------------------------------------------
Update Information:

Update to release v1.9.1
Resolves: rhbz#2448053, rhbz#2423997, rhbz#2424031
Upstream fixes
--------------------------------------------------------------------------------
ChangeLog:

* Mon Mar 16 2026 Bradley G Smith [bradley.g.smith@gmail.com] - 1.9.1-1
- Update to release v1.9.1
- Resolves: rhbz#2448053, rhbz#2423997, rhbz#2424031
- Upstream fixes
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2423997 - [Minor Incident] CVE-2025-52881 containernetworking-plugins: container escape and denial of service due to arbitrary write gadgets and procfs write redirects [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2423997
[ 2 ] Bug #2424031 - [Minor Incident] CVE-2025-52881 containernetworking-plugins: container escape and denial of service due to arbitrary write gadgets and procfs write redirects [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2424031
[ 3 ] Bug #2448053 - containernetworking-plugins-1.9.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2448053
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-d6b4b4df31' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

Kali Linux 2026.1 released

Dracut, Xfsprogs, Yggdrasil, and more updates for Oracle Linux

Containernetworking-Plugins, Chromium, Python-Multipart, Musescore updates for Fedora

[SECURITY] Fedora 42 Update: containernetworking-plugins-1.9.1-1.fc42

[SECURITY] Fedora 43 Update: chromium-146.0.7680.153-1.fc43

[SECURITY] Fedora 43 Update: python-multipart-1.3.1-1.fc43

[SECURITY] Fedora 43 Update: containernetworking-plugins-1.9.1-1.fc43

[SECURITY] Fedora 44 Update: chromium-146.0.7680.153-1.fc44

[SECURITY] Fedora 44 Update: musescore-4.6.5-37.fc44

[SECURITY] Fedora 44 Update: containernetworking-plugins-1.9.1-1.fc44

Windows

Linux

macOS

Community