CUPS, Tinyproxy, Sudo, and more updates for Fedora

Fedora Linux 9323 Published by

Fedora 42 and Fedora 43 have received a broad wave of security updates targeting dozens of widely used packages like Chromium, Python 3.14, CUPS, and pgAdmin 4. These patches address numerous vulnerabilities ranging from critical heap buffer overflows and use-after-free errors to command injection flaws and privilege escalation risks. System administrators should prioritize installing these fixes immediately since unpatched systems remain exposed to potential remote code execution and denial of service attacks.

Fedora 42 Update: cups-2.4.17-1.fc42
Fedora 42 Update: tinyproxy-1.11.2-7.fc42
Fedora 42 Update: perl-Net-CIDR-Lite-0.23-1.fc42
Fedora 42 Update: python-cbor2-5.6.5-8.fc42
Fedora 42 Update: opkssh-0.13.0-8.fc42
Fedora 43 Update: sudo-1.9.17-7.p2.fc43
Fedora 43 Update: pie-1.4.1-1.fc43
Fedora 43 Update: pgadmin4-9.14-3.fc43
Fedora 43 Update: python3-docs-3.14.4-1.fc43
Fedora 43 Update: python3.14-3.14.4-1.fc43
Fedora 42 Update: chromium-147.0.7727.101-1.fc42
Fedora 42 Update: pie-1.4.1-1.fc42
Fedora 42 Update: composer-2.9.7-1.fc42
Fedora 42 Update: pgadmin4-9.14-3.fc42
Fedora 42 Update: libcap-2.73-3.fc42




[SECURITY] Fedora 42 Update: cups-2.4.17-1.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-34454fdb74
2026-04-22 11:41:11.030813+00:00
--------------------------------------------------------------------------------

Name : cups
Product : Fedora 42
Version : 2.4.17
Release : 1.fc42
URL : https://openprinting.github.io/cups/
Summary : CUPS printing system
Description :
CUPS printing system provides a portable printing layer for
UNIX?? operating systems. It has been developed by Apple Inc.
to promote a standard printing solution for all UNIX vendors and users.
CUPS provides the System V and Berkeley command-line interfaces.

--------------------------------------------------------------------------------
Update Information:

2.4.17 - security fixes for CVE-2026-39316, CVE-2026-39314, CVE-2026-34979,
CVE-2026-34990, CVE-2026-27447, CVE-2026-34978
--------------------------------------------------------------------------------
ChangeLog:

* Fri Apr 17 2026 Zdenek Dohnal [zdohnal@redhat.com] - 1:2.4.17-1
- 2.4.17 (fedora#2456363, fedora#2456362, fedora#2454994, fedora#2454993,
fedora#2454992, fedora#2454990)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2454946 - CVE-2026-34979 cups: OpenPrinting CUPS: Denial of Service via heap-based buffer overflow in job attribute processing
https://bugzilla.redhat.com/show_bug.cgi?id=2454946
[ 2 ] Bug #2454947 - CVE-2026-34990 cups: OpenPrinting CUPS: Privilege escalation via arbitrary file overwrite due to coerced authentication
https://bugzilla.redhat.com/show_bug.cgi?id=2454947
[ 3 ] Bug #2454949 - CVE-2026-27447 cups: OpenPrinting CUPS: Authorization bypass via case-insensitive username comparison
https://bugzilla.redhat.com/show_bug.cgi?id=2454949
[ 4 ] Bug #2454954 - CVE-2026-34980 cups: OpenPrinting CUPS: Shared PostScript queue lets anonymous Print-Job requests reach `lp` code execution over the network
https://bugzilla.redhat.com/show_bug.cgi?id=2454954
[ 5 ] Bug #2454957 - CVE-2026-34978 cups: OpenPrinting CUPS: Denial of Service via path traversal in RSS notifier
https://bugzilla.redhat.com/show_bug.cgi?id=2454957
[ 6 ] Bug #2456107 - CVE-2026-39314 cups: CUPS: Denial of Service via integer underflow in IPP attribute handling
https://bugzilla.redhat.com/show_bug.cgi?id=2456107
[ 7 ] Bug #2456120 - CVE-2026-39316 cups: CUPS: Denial of Service and potential arbitrary code execution via use-after-free vulnerability when deleting temporary printers.
https://bugzilla.redhat.com/show_bug.cgi?id=2456120
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-34454fdb74' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------



[SECURITY] Fedora 42 Update: tinyproxy-1.11.2-7.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-d67a979089
2026-04-22 11:41:11.030779+00:00
--------------------------------------------------------------------------------

Name : tinyproxy
Product : Fedora 42
Version : 1.11.2
Release : 7.fc42
URL : https://tinyproxy.github.io/
Summary : A small, efficient HTTP/SSL proxy daemon
Description :
tinyproxy is a small, efficient HTTP/SSL proxy daemon that is very useful in a
small network setting, where a larger proxy like Squid would either be too
resource intensive, or a security risk.

--------------------------------------------------------------------------------
Update Information:

Backport upstream fixes for CVE-2026-3945 and CVE-2026-31842.
--------------------------------------------------------------------------------
ChangeLog:

* Sat Apr 11 2026 Carl George [carlwgeorge@fedoraproject.org] - 1.11.2-7
- Backport upstream CVE fixes
- Fixes CVE-2026-3945
- Fixes CVE-2026-31842
- Run upstream test suite
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 1.11.2-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2452969 - CVE-2026-3945 tinyproxy: tinyproxy: Denial of Service via integer overflow in HTTP chunked transfer encoding parser [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2452969
[ 2 ] Bug #2455913 - CVE-2026-31842 tinyproxy: HTTP Request parsing desynchronization via case-sensitive Transfer-Encoding handling [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2455913
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-d67a979089' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 42 Update: perl-Net-CIDR-Lite-0.23-1.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-4b112416d8
2026-04-22 11:41:11.030786+00:00
--------------------------------------------------------------------------------

Name : perl-Net-CIDR-Lite
Product : Fedora 42
Version : 0.23
Release : 1.fc42
URL : https://metacpan.org/release/Net-CIDR-Lite
Summary : Perl extension for merging IPv4 or IPv6 CIDR addresses
Description :
Faster alternative to Net::CIDR when merging a large number of CIDR address
ranges. Works for IPv4 and IPv6 addresses.

--------------------------------------------------------------------------------
Update Information:

This update addresses two security issues regarding incorrect handling of
malformed IPv6 addresses:
Fix IPv4 mapped IPv6 packed length (CVE-2026-40199)
Reject invalid uncompressed IPv6 (CVE-2026-40198)
--------------------------------------------------------------------------------
ChangeLog:

* Sat Apr 11 2026 Paul Howarth - 0.23-1
- Update to 0.23
- Security: Fix IPv4 mapped IPv6 packed length (CVE-2026-40199)
- Security: Reject invalid uncompressed IPv6 (CVE-2026-40198)
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 0.22-14
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
* Fri Jul 25 2025 Fedora Release Engineering [releng@fedoraproject.org] - 0.22-13
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-4b112416d8' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 42 Update: python-cbor2-5.6.5-8.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-0afc953516
2026-04-22 11:41:11.030775+00:00
--------------------------------------------------------------------------------

Name : python-cbor2
Product : Fedora 42
Version : 5.6.5
Release : 8.fc42
URL : https://github.com/agronholm/cbor2
Summary : Python CBOR (de)serializer with extensive tag support
Description :
This library provides encoding and decoding for the Concise Binary Object
Representation (CBOR) (RFC 7049) serialization format.

--------------------------------------------------------------------------------
Update Information:

Backport upstream patch for CVE-2025-64076
--------------------------------------------------------------------------------
ChangeLog:

* Fri Apr 10 2026 Carl George [carlwgeorge@fedoraproject.org] - 5.6.5-8
- Backport upstream patch for CVE-2025-64076
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 5.6.5-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
* Fri Sep 19 2025 Python Maint - 5.6.5-6
- Rebuilt for Python 3.14.0rc3 bytecode
* Fri Aug 15 2025 Python Maint - 5.6.5-5
- Rebuilt for Python 3.14.0rc2 bytecode
* Fri Jul 25 2025 Fedora Release Engineering [releng@fedoraproject.org] - 5.6.5-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Tue Jun 3 2025 Python Maint - 5.6.5-3
- Rebuilt for Python 3.14
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2418105 - CVE-2025-64076 python-cbor2: cbor2: Integer Underflow and Memory Leak leading to Denial of Service [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2418105
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-0afc953516' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 42 Update: opkssh-0.13.0-8.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-245867ac28
2026-04-22 11:41:11.030781+00:00
--------------------------------------------------------------------------------

Name : opkssh
Product : Fedora 42
Version : 0.13.0
Release : 8.fc42
URL : https://github.com/openpubkey/opkssh
Summary : OpenPubkey SSH
Description :
OpenPubkey SSH is a tool which enables ssh to be used with OpenID Connect
allowing SSH access to be managed via identities like alice@example.com instead
of long-lived SSH keys.

--------------------------------------------------------------------------------
Update Information:

Fix CVE-2026-34986 in bundled go-jose
--------------------------------------------------------------------------------
ChangeLog:

* Sat Apr 11 2026 Till Hofmann [thofmann@fedoraproject.org] - 0.13.0-8
- Update bundled go-jose to v4.1.4
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2455639 - CVE-2026-34986 opkssh: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2455639
[ 2 ] Bug #2455667 - CVE-2026-34986 opkssh: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2455667
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-245867ac28' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 43 Update: sudo-1.9.17-7.p2.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-e860be4db8
2026-04-23 01:08:14.063118+00:00
--------------------------------------------------------------------------------

Name : sudo
Product : Fedora 43
Version : 1.9.17
Release : 7.p2.fc43
URL : https://www.sudo.ws
Summary : Allows restricted root access for specified users
Description :
Sudo (superuser do) allows a system administrator to give certain
users (or groups of users) the ability to run some (or all) commands
as root while logging all commands and arguments. Sudo operates on a
per-command basis. It is not a replacement for the shell. Features
include: the ability to restrict what commands a user may run on a
per-host basis, copious logging of each command (providing a clear
audit trail of who did what), a configurable timeout of the sudo
command, and the ability to use the same configuration file (sudoers)
on many different machines.

--------------------------------------------------------------------------------
Update Information:

Fix CVE-2026-35535
--------------------------------------------------------------------------------
ChangeLog:

* Tue Apr 14 2026 Alejandro L??pez [allopez@redhat.com] - 1.9.17-7.p2
- Fix CVE-2026-35535
- Resolves: rhbz#2458153
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-e860be4db8' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------



[SECURITY] Fedora 43 Update: pie-1.4.1-1.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-3f4283f831
2026-04-23 01:08:14.063017+00:00
--------------------------------------------------------------------------------

Name : pie
Product : Fedora 43
Version : 1.4.1
Release : 1.fc43
URL : https://github.com/php/pie
Summary : PHP Installer for Extensions
Description :
PIE (PHP Installer for Extensions).

PIE can install an extension to any installed PHP version.

A list of extensions that support PIE can be found on
https://packagist.org/extensions.

Documentation: /usr/share/doc/pie/docs/usage.md

--------------------------------------------------------------------------------
Update Information:

Version 1.4.1
Update bundled Composer to 2.9.7
Version 1.4.0
New features!
Prompt to install missing system dependencies
Prompt to install build toolchain
Support pre-packaged-binary for download-url-method
Support INSTALL_ROOT environment variable to override destination
For more information, see Upstream annoucenement
--------------------------------------------------------------------------------
ChangeLog:

* Tue Apr 14 2026 Remi Collet [remi@remirepo.net] - 1.4.1-1
- update to 1.4.1
* Wed Apr 8 2026 Remi Collet [remi@remirepo.net] - 1.4.0-1
- update to 1.4.0
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-3f4283f831' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 43 Update: pgadmin4-9.14-3.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-e9ecdd44c4
2026-04-23 01:08:14.062994+00:00
--------------------------------------------------------------------------------

Name : pgadmin4
Product : Fedora 43
Version : 9.14
Release : 3.fc43
URL : https://www.pgadmin.org/
Summary : Administration tool for PostgreSQL
Description :
pgAdmin is the most popular and feature rich Open Source administration and development
platform for PostgreSQL, the most advanced Open Source database in the world.

--------------------------------------------------------------------------------
Update Information:

Update axios to 1.15.0, fixes CVE-2026-40175 and CVE-2025-62718.
Update to pgadmin4-9.14.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Apr 14 2026 Sandro Mani [manisandro@gmail.com] - 9.14-3
- Add pgadmin4_CVE-2026-40175.prebundle.patch
* Thu Apr 9 2026 Sandro Mani [manisandro@gmail.com] - 9.14-2
- Rework vendor bundle, use corepack yarn
* Thu Apr 2 2026 Sandro Mani [manisandro@gmail.com] - 9.14-1
- Update to 9.14
* Thu Apr 2 2026 Sandro Mani [manisandro@gmail.com] - 9.13-2
- Refresh vendor bundle, fixes CVE-2026-4800
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2454043 - CVE-2026-4800 pgadmin4: lodash: Arbitrary code execution via untrusted input in template imports [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2454043
[ 2 ] Bug #2454310 - pgadmin4-9.14 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2454310
[ 3 ] Bug #2454886 - Query Tool crashes with React error #130 in pgAdmin 9.14 (regression from 9.13)
https://bugzilla.redhat.com/show_bug.cgi?id=2454886
[ 4 ] Bug #2456577 - CVE-2026-39865 pgadmin4: Axios: Denial of Service via HTTP/2 session cleanup logic state corruption [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2456577
[ 5 ] Bug #2457505 - CVE-2025-62718 pgadmin4: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2457505
[ 6 ] Bug #2457878 - CVE-2026-40175 pgadmin4: Axios: Remote Code Execution via Prototype Pollution escalation [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2457878
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-e9ecdd44c4' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 43 Update: python3-docs-3.14.4-1.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-9a8fddee0b
2026-04-23 01:08:14.062938+00:00
--------------------------------------------------------------------------------

Name : python3-docs
Product : Fedora 43
Version : 3.14.4
Release : 1.fc43
URL : https://www.python.org/
Summary : Documentation for the Python 3 programming language
Description :
The python3-docs package contains documentation on the Python 3
programming language and interpreter.

--------------------------------------------------------------------------------
Update Information:

New minor version of the Python interpreter
--------------------------------------------------------------------------------
ChangeLog:

* Wed Apr 8 2026 Karolina Surma [ksurma@redhat.com] - 3.14.4-1
- Update to Python 3.14.4
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2444707 - CVE-2026-2297 python3.14: CPython: Logging Bypass in Legacy .pyc File Handling [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2444707
[ 2 ] Bug #2448191 - CVE-2026-3644 python3.14: Incomplete control character validation in http.cookies [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2448191
[ 3 ] Bug #2448207 - CVE-2026-4224 python3.14: Stack overflow parsing XML with deeply nested DTD content models [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2448207
[ 4 ] Bug #2449259 - CVE-2026-3479 python3.14: Python pkgutil.get_data(): Path Traversal via improper resource argument validation [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449259
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-9a8fddee0b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 43 Update: python3.14-3.14.4-1.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-9a8fddee0b
2026-04-23 01:08:14.062938+00:00
--------------------------------------------------------------------------------

Name : python3.14
Product : Fedora 43
Version : 3.14.4
Release : 1.fc43
URL : https://www.python.org/
Summary : Version 3.14 of the Python interpreter
Description :
Python 3.14 is an accessible, high-level, dynamically typed, interpreted
programming language, designed with an emphasis on code readability.
It includes an extensive standard library, and has a vast ecosystem of
third-party libraries.

--------------------------------------------------------------------------------
Update Information:

New minor version of the Python interpreter
--------------------------------------------------------------------------------
ChangeLog:

* Wed Apr 8 2026 Karolina Surma [ksurma@redhat.com] - 3.14.4-1
- Update to Python 3.14.4
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2444707 - CVE-2026-2297 python3.14: CPython: Logging Bypass in Legacy .pyc File Handling [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2444707
[ 2 ] Bug #2448191 - CVE-2026-3644 python3.14: Incomplete control character validation in http.cookies [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2448191
[ 3 ] Bug #2448207 - CVE-2026-4224 python3.14: Stack overflow parsing XML with deeply nested DTD content models [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2448207
[ 4 ] Bug #2449259 - CVE-2026-3479 python3.14: Python pkgutil.get_data(): Path Traversal via improper resource argument validation [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449259
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-9a8fddee0b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 42 Update: chromium-147.0.7727.101-1.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-3675ac2066
2026-04-23 00:55:31.005427+00:00
--------------------------------------------------------------------------------

Name : chromium
Product : Fedora 42
Version : 147.0.7727.101
Release : 1.fc42
URL : http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).

--------------------------------------------------------------------------------
Update Information:

Update to 147.0.7727.101
Critical CVE-2026-6296: Heap buffer overflow in ANGLE
Critical CVE-2026-6297: Use after free in Proxy
Critical CVE-2026-6298: Heap buffer overflow in Skia
Critical CVE-2026-6299: Use after free in Prerender
Critical CVE-2026-6358: Use after free in XR
High CVE-2026-6359: Use after free in Video
High CVE-2026-6300: Use after free in CSS
High CVE-2026-6301: Type Confusion in Turbofan
High CVE-2026-6302: Use after free in Video
High CVE-2026-6303: Use after free in Codecs
High CVE-2026-6304: Use after free in Graphite
High CVE-2026-6305: Heap buffer overflow in PDFium
High CVE-2026-6306: Heap buffer overflow in PDFium
High CVE-2026-6307: Type Confusion in Turbofan
High CVE-2026-6308: Out of bounds read in Media
High CVE-2026-6309: Use after free in Viz
High CVE-2026-6360: Use after free in FileSystem
High CVE-2026-6310: Use after free in Dawn
High CVE-2026-6311: Uninitialized Use in Accessibility
High CVE-2026-6312: Insufficient policy enforcement in Passwords
High CVE-2026-6313: Insufficient policy enforcement in CORS
High CVE-2026-6314: Out of bounds write in GPU
High CVE-2026-6315: Use after free in Permissions
High CVE-2026-6316: Use after free in Forms
High CVE-2026-6361: Heap buffer overflow in PDFium
High CVE-2026-6362: Use after free in Codecs
High CVE-2026-6317: Use after free in Cast
Medium CVE-2026-6363: Type Confusion in V8
Medium CVE-2026-6318: Use after free in Codecs
Medium CVE-2026-6319: Use after free in Payments
Medium CVE-2026-6364: Out of bounds read in Skia
Update to 147.0.7727.55
Critical CVE-2026-5858: Heap buffer overflow in WebML
Critical CVE-2026-5859: Integer overflow in WebML
High CVE-2026-5860: Use after free in WebRTC
High CVE-2026-5861: Use after free in V8
High CVE-2026-5862: Inappropriate implementation in V8
High CVE-2026-5863: Inappropriate implementation in V8
High CVE-2026-5864: Heap buffer overflow in WebAudio
High CVE-2026-5865: Type Confusion in V8
High CVE-2026-5866: Use after free in Media
High CVE-2026-5867: Heap buffer overflow in WebML
High CVE-2026-5868: Heap buffer overflow in ANGLE
High CVE-2026-5869: Heap buffer overflow in WebML
High CVE-2026-5870: Integer overflow in Skia
High CVE-2026-5871: Type Confusion in V8
High CVE-2026-5872: Use after free in Blink
High CVE-2026-5873: Out of bounds read and write in V8
Medium CVE-2026-5874: Use after free in PrivateAI
Medium CVE-2026-5875: Policy bypass in Blink
Medium CVE-2026-5876: Side-channel information leakage in Navigation
Medium CVE-2026-5877: Use after free in Navigation
Medium CVE-2026-5878: Incorrect security UI in Blink
Medium CVE-2026-5879: Insufficient validation of untrusted input in ANGLE
Medium CVE-2026-5880: Incorrect security UI in browser UI
Medium CVE-2026-5881: Policy bypass in LocalNetworkAccess
Medium CVE-2026-5882: Incorrect security UI in Fullscreen
Medium CVE-2026-5883: Use after free in Media
Medium CVE-2026-5884: Insufficient validation of untrusted input in Media
Medium CVE-2026-5885: Insufficient validation of untrusted input in WebML
Medium CVE-2026-5886: Out of bounds read in WebAudio
Medium CVE-2026-5887: Insufficient validation of untrusted input in Downloads
Medium CVE-2026-5888: Uninitialized Use in WebCodecs
Medium CVE-2026-5889: Cryptographic Flaw in PDFium
Medium CVE-2026-5890: Race in WebCodecs
Medium CVE-2026-5891: Insufficient policy enforcement in browser UI
Medium CVE-2026-5892: Insufficient policy enforcement in PWAs
Medium CVE-2026-5893: Race in V8
Low CVE-2026-5894: Inappropriate implementation in PDF
Low CVE-2026-5895: Incorrect security UI in Omnibox
Low CVE-2026-5896: Policy bypass in Audio
Low CVE-2026-5897: Incorrect security UI in Downloads
Low CVE-2026-5898: Incorrect security UI in Omnibox
Low CVE-2026-5899: Incorrect security UI in History Navigation
Low CVE-2026-5900: Policy bypass in Downloads
Low CVE-2026-5901: Policy bypass in DevTools
Low CVE-2026-5902: Race in Media
Low CVE-2026-5903: Policy bypass in IFrameSandbox
Low CVE-2026-5904: Use after free in V8
Low CVE-2026-5905: Incorrect security UI in Permissions
Low CVE-2026-5906: Incorrect security UI in Omnibox
Low CVE-2026-5907: Insufficient data validation in Media
Low CVE-2026-5908: Integer overflow in Media
Low CVE-2026-5909: Integer overflow in Media
Low CVE-2026-5910: Integer overflow in Media
Low CVE-2026-5911: Policy bypass in ServiceWorkers
Low CVE-2026-5912: Integer overflow in WebRTC
Low CVE-2026-5913: Out of bounds read in Blink
Low CVE-2026-5914: Type Confusion in CSS
Low CVE-2026-5915: Insufficient validation of untrusted input in WebML
Low CVE-2026-5918: Inappropriate implementation in Navigation
Low CVE-2026-5919: Insufficient validation of untrusted input in WebSockets
Update to 146.0.7680.177
High CVE-2026-5273: Use after free in CSS
High CVE-2026-5272: Heap buffer overflow in GPU
High CVE-2026-5274: Integer overflow in Codecs
High CVE-2026-5275: Heap buffer overflow in ANGLE
High CVE-2026-5276: Insufficient policy enforcement in WebUSB
High CVE-2026-5277: Integer overflow in ANGLE
High CVE-2026-5278: Use after free in Web MIDI
High CVE-2026-5279: Object corruption in V8
High CVE-2026-5280: Use after free in WebCodecs
High CVE-2026-5281: Use after free in Dawn
High CVE-2026-5282: Out of bounds read in WebCodecs
High CVE-2026-5283: Inappropriate implementation in ANGLE
High CVE-2026-5284: Use after free in Dawn
High CVE-2026-5285: Use after free in WebGL
High CVE-2026-5286: Use after free in Dawn
High CVE-2026-5287: Use after free in PDF
High CVE-2026-5288: Use after free in WebView
High CVE-2026-5289: Use after free in Navigation
High CVE-2026-5290: Use after free in Compositing
Medium CVE-2026-5291: Inappropriate implementation in WebGL
Medium CVE-2026-5292: Out of bounds read in WebCodecs
--------------------------------------------------------------------------------
ChangeLog:

* Wed Apr 15 2026 Than Ngo [than@redhat.com] - 147.0.7727.101-1
- Update to 147.0.7727.101
* Critical CVE-2026-6296: Heap buffer overflow in ANGLE
* Critical CVE-2026-6297: Use after free in Proxy
* Critical CVE-2026-6298: Heap buffer overflow in Skia
* Critical CVE-2026-6299: Use after free in Prerender
* Critical CVE-2026-6358: Use after free in XR
* High CVE-2026-6359: Use after free in Video
* High CVE-2026-6300: Use after free in CSS
* High CVE-2026-6301: Type Confusion in Turbofan
* High CVE-2026-6302: Use after free in Video
* High CVE-2026-6303: Use after free in Codecs
* High CVE-2026-6304: Use after free in Graphite
* High CVE-2026-6305: Heap buffer overflow in PDFium
* High CVE-2026-6306: Heap buffer overflow in PDFium
* High CVE-2026-6307: Type Confusion in Turbofan
* High CVE-2026-6308: Out of bounds read in Media
* High CVE-2026-6309: Use after free in Viz
* High CVE-2026-6360: Use after free in FileSystem
* High CVE-2026-6310: Use after free in Dawn
* High CVE-2026-6311: Uninitialized Use in Accessibility
* High CVE-2026-6312: Insufficient policy enforcement in Passwords
* High CVE-2026-6313: Insufficient policy enforcement in CORS
* High CVE-2026-6314: Out of bounds write in GPU
* High CVE-2026-6315: Use after free in Permissions
* High CVE-2026-6316: Use after free in Forms
* High CVE-2026-6361: Heap buffer overflow in PDFium
* High CVE-2026-6362: Use after free in Codecs
* High CVE-2026-6317: Use after free in Cast
* Medium CVE-2026-6363: Type Confusion in V8
* Medium CVE-2026-6318: Use after free in Codecs
* Medium CVE-2026-6319: Use after free in Payments
* Medium CVE-2026-6364: Out of bounds read in Skia
* Thu Apr 9 2026 Than Ngo [than@redhat.com] - 147.0.7727.55-1
- Update to 147.0.7727.55
* Critical CVE-2026-5858: Heap buffer overflow in WebML
* Critical CVE-2026-5859: Integer overflow in WebML
* High CVE-2026-5860: Use after free in WebRTC
* High CVE-2026-5861: Use after free in V8
* High CVE-2026-5862: Inappropriate implementation in V8
* High CVE-2026-5863: Inappropriate implementation in V8
* High CVE-2026-5864: Heap buffer overflow in WebAudio
* High CVE-2026-5865: Type Confusion in V8
* High CVE-2026-5866: Use after free in Media
* High CVE-2026-5867: Heap buffer overflow in WebML
* High CVE-2026-5868: Heap buffer overflow in ANGLE
* High CVE-2026-5869: Heap buffer overflow in WebML
* High CVE-2026-5870: Integer overflow in Skia
* High CVE-2026-5871: Type Confusion in V8
* High CVE-2026-5872: Use after free in Blink
* High CVE-2026-5873: Out of bounds read and write in V8
* Medium CVE-2026-5874: Use after free in PrivateAI
* Medium CVE-2026-5875: Policy bypass in Blink
* Medium CVE-2026-5876: Side-channel information leakage in Navigation
* Medium CVE-2026-5877: Use after free in Navigation
* Medium CVE-2026-5878: Incorrect security UI in Blink
* Medium CVE-2026-5879: Insufficient validation of untrusted input in ANGLE
* Medium CVE-2026-5880: Incorrect security UI in browser UI
* Medium CVE-2026-5881: Policy bypass in LocalNetworkAccess
* Medium CVE-2026-5882: Incorrect security UI in Fullscreen
* Medium CVE-2026-5883: Use after free in Media
* Medium CVE-2026-5884: Insufficient validation of untrusted input in Media
* Medium CVE-2026-5885: Insufficient validation of untrusted input in WebML
* Medium CVE-2026-5886: Out of bounds read in WebAudio
* Medium CVE-2026-5887: Insufficient validation of untrusted input in Downloads
* Medium CVE-2026-5888: Uninitialized Use in WebCodecs
* Medium CVE-2026-5889: Cryptographic Flaw in PDFium
* Medium CVE-2026-5890: Race in WebCodecs
* Medium CVE-2026-5891: Insufficient policy enforcement in browser UI
* Medium CVE-2026-5892: Insufficient policy enforcement in PWAs
* Medium CVE-2026-5893: Race in V8
* Low CVE-2026-5894: Inappropriate implementation in PDF
* Low CVE-2026-5895: Incorrect security UI in Omnibox
* Low CVE-2026-5896: Policy bypass in Audio
* Low CVE-2026-5897: Incorrect security UI in Downloads
* Low CVE-2026-5898: Incorrect security UI in Omnibox
* Low CVE-2026-5899: Incorrect security UI in History Navigation
* Low CVE-2026-5900: Policy bypass in Downloads
* Low CVE-2026-5901: Policy bypass in DevTools
* Low CVE-2026-5902: Race in Media
* Low CVE-2026-5903: Policy bypass in IFrameSandbox
* Low CVE-2026-5904: Use after free in V8
* Low CVE-2026-5905: Incorrect security UI in Permissions
* Low CVE-2026-5906: Incorrect security UI in Omnibox
* Low CVE-2026-5907: Insufficient data validation in Media
* Low CVE-2026-5908: Integer overflow in Media
* Low CVE-2026-5909: Integer overflow in Media
* Low CVE-2026-5910: Integer overflow in Media
* Low CVE-2026-5911: Policy bypass in ServiceWorkers
* Low CVE-2026-5912: Integer overflow in WebRTC
* Low CVE-2026-5913: Out of bounds read in Blink
* Low CVE-2026-5914: Type Confusion in CSS
* Low CVE-2026-5915: Insufficient validation of untrusted input in WebML
* Low CVE-2026-5918: Inappropriate implementation in Navigation
* Low CVE-2026-5919: Insufficient validation of untrusted input in WebSockets
* Wed Apr 1 2026 Than Ngo [than@redhat.com] - 146.0.7680.177-1
- Update to 146.0.7680.177
* High CVE-2026-5273: Use after free in CSS
* High CVE-2026-5272: Heap buffer overflow in GPU
* High CVE-2026-5274: Integer overflow in Codecs
* High CVE-2026-5275: Heap buffer overflow in ANGLE
* High CVE-2026-5276: Insufficient policy enforcement in WebUSB
* High CVE-2026-5277: Integer overflow in ANGLE
* High CVE-2026-5278: Use after free in Web MIDI
* High CVE-2026-5279: Object corruption in V8
* High CVE-2026-5280: Use after free in WebCodecs
* High CVE-2026-5281: Use after free in Dawn
* High CVE-2026-5282: Out of bounds read in WebCodecs
* High CVE-2026-5283: Inappropriate implementation in ANGLE
* High CVE-2026-5284: Use after free in Dawn
* High CVE-2026-5285: Use after free in WebGL
* High CVE-2026-5286: Use after free in Dawn
* High CVE-2026-5287: Use after free in PDF
* High CVE-2026-5288: Use after free in WebView
* High CVE-2026-5289: Use after free in Navigation
* High CVE-2026-5290: Use after free in Compositing
* Medium CVE-2026-5291: Inappropriate implementation in WebGL
* Medium CVE-2026-5292: Out of bounds read in WebCodecs
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2457163 - CVE-2026-5858 CVE-2026-5859 CVE-2026-5860 CVE-2026-5861 CVE-2026-5874 CVE-2026-5875 CVE-2026-5876 CVE-2026-5894 chromium: various flaws [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2457163
[ 2 ] Bug #2457164 - CVE-2026-5858 CVE-2026-5859 CVE-2026-5860 CVE-2026-5861 CVE-2026-5874 CVE-2026-5875 CVE-2026-5876 CVE-2026-5894 chromium: various flaws [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2457164
[ 3 ] Bug #2458847 - CVE-2026-6296 CVE-2026-6297 CVE-2026-6298 CVE-2026-6300 CVE-2026-6301 CVE-2026-6302 CVE-2026-6305 CVE-2026-6306 CVE-2026-6307 CVE-2026-6318 CVE-2026-6319 CVE-2026-6358 CVE-2026-6359 CVE-2026-6360 CVE-2026-6362 chromium: various flaws [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2458847
[ 4 ] Bug #2458848 - CVE-2026-6296 CVE-2026-6297 CVE-2026-6298 CVE-2026-6300 CVE-2026-6301 CVE-2026-6302 CVE-2026-6305 CVE-2026-6306 CVE-2026-6307 CVE-2026-6318 CVE-2026-6319 CVE-2026-6358 CVE-2026-6359 CVE-2026-6360 CVE-2026-6362 chromium: various flaws [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2458848
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-3675ac2066' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 42 Update: pie-1.4.1-1.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-3b2063832d
2026-04-23 00:55:31.005311+00:00
--------------------------------------------------------------------------------

Name : pie
Product : Fedora 42
Version : 1.4.1
Release : 1.fc42
URL : https://github.com/php/pie
Summary : PHP Installer for Extensions
Description :
PIE (PHP Installer for Extensions).

PIE can install an extension to any installed PHP version.

A list of extensions that support PIE can be found on
https://packagist.org/extensions.

Documentation: /usr/share/doc/pie/docs/usage.md

--------------------------------------------------------------------------------
Update Information:

Version 1.4.1
Update bundled Composer to 2.9.7
Version 1.4.0
New features!
Prompt to install missing system dependencies
Prompt to install build toolchain
Support pre-packaged-binary for download-url-method
Support INSTALL_ROOT environment variable to override destination
For more information, see Upstream annoucenement
--------------------------------------------------------------------------------
ChangeLog:

* Tue Apr 14 2026 Remi Collet [remi@remirepo.net] - 1.4.1-1
- update to 1.4.1
* Wed Apr 8 2026 Remi Collet [remi@remirepo.net] - 1.4.0-1
- update to 1.4.0
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-3b2063832d' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 42 Update: composer-2.9.7-1.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-d91f313a63
2026-04-23 00:55:31.005308+00:00
--------------------------------------------------------------------------------

Name : composer
Product : Fedora 42
Version : 2.9.7
Release : 1.fc42
URL : https://getcomposer.org/
Summary : Dependency Manager for PHP
Description :
Composer helps you declare, manage and install dependencies of PHP projects,
ensuring you have the right stack everywhere.

Documentation: https://getcomposer.org/doc/

--------------------------------------------------------------------------------
Update Information:

Version 2.9.7 - 2026-04-14
Fixes regression calling custom script command aliases that are called a
substring of a composer command (#12802)
Version 2.9.6 - 2026-04-14
Security: Fixed command injection via malicious Perforce reference (GHSA-
gqw4-4w2p-838q / CVE-2026-40261)
Security: Fixed command injection via malicious Perforce repository definition
(GHSA-wg36-wvj6-r67p / CVE-2026-40176)
Security: Fixed git credentials remaining in git mirror .git/config after clone
or update failed (2bcbfc3d)
Security: Fixed usage of insecure 3DES ciphers when ext-curl is missing
(5e71d77e)
Security: Fixed Perforce unescaped user input in queryP4User shell command
(ef3fc088)
Security: Hardened git/hg/perforce/fossil identifier validation to ensure branch
names starting with - do not cause issues (6621d45, d836b90, 5e08c764)
Fixed inconsistent treatment of SingleCommandApplication script commands wrt
autoloading (#12758)
Fixed GitHub API authentication errors not being visible to the user (#12737)
Fixed some platform package parsing failing when Composer runs in web SAPIs
(#12735)
Fixed error reporting for clarity when a constraint cannot be parsed (#12743)
--------------------------------------------------------------------------------
ChangeLog:

* Tue Apr 14 2026 Remi Collet [remi@remirepo.net] - 2.9.7-1
- update to 2.9.7
* Tue Apr 14 2026 Remi Collet [remi@remirepo.net] - 2.9.6-1
- update to 2.9.6
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2459009 - CVE-2026-40261 composer: command injection via malicious Perforce source reference/url [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2459009
[ 2 ] Bug #2459011 - CVE-2026-40176 composer: command injection via malicious Perforce repository definition [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2459011
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-d91f313a63' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 42 Update: pgadmin4-9.14-3.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-b4633cbe23
2026-04-23 00:55:31.005293+00:00
--------------------------------------------------------------------------------

Name : pgadmin4
Product : Fedora 42
Version : 9.14
Release : 3.fc42
URL : https://www.pgadmin.org/
Summary : Administration tool for PostgreSQL
Description :
pgAdmin is the most popular and feature rich Open Source administration and development
platform for PostgreSQL, the most advanced Open Source database in the world.

--------------------------------------------------------------------------------
Update Information:

Update axios to 1.15.0, fixes CVE-2026-40175 and CVE-2025-62718.
Update to pgadmin4-9.14.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Apr 14 2026 Sandro Mani [manisandro@gmail.com] - 9.14-3
- Add pgadmin4_CVE-2026-40175.prebundle.patch
* Thu Apr 9 2026 Sandro Mani [manisandro@gmail.com] - 9.14-2
- Rework vendor bundle, use corepack yarn
* Thu Apr 2 2026 Sandro Mani [manisandro@gmail.com] - 9.14-1
- Update to 9.14
* Thu Apr 2 2026 Sandro Mani [manisandro@gmail.com] - 9.13-2
- Refresh vendor bundle, fixes CVE-2026-4800
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2454043 - CVE-2026-4800 pgadmin4: lodash: Arbitrary code execution via untrusted input in template imports [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2454043
[ 2 ] Bug #2454310 - pgadmin4-9.14 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2454310
[ 3 ] Bug #2454886 - Query Tool crashes with React error #130 in pgAdmin 9.14 (regression from 9.13)
https://bugzilla.redhat.com/show_bug.cgi?id=2454886
[ 4 ] Bug #2456577 - CVE-2026-39865 pgadmin4: Axios: Denial of Service via HTTP/2 session cleanup logic state corruption [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2456577
[ 5 ] Bug #2457505 - CVE-2025-62718 pgadmin4: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2457505
[ 6 ] Bug #2457878 - CVE-2026-40175 pgadmin4: Axios: Remote Code Execution via Prototype Pollution escalation [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2457878
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-b4633cbe23' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 42 Update: libcap-2.73-3.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-d4c643a2ba
2026-04-23 00:55:31.005205+00:00
--------------------------------------------------------------------------------

Name : libcap
Product : Fedora 42
Version : 2.73
Release : 3.fc42
URL : https://sites.google.com/site/fullycapable/
Summary : Library for getting and setting POSIX.1e capabilities
Description :
libcap is a library for getting and setting POSIX.1e (formerly POSIX 6)
draft 15 capabilities.

--------------------------------------------------------------------------------
Update Information:

An update to patch a security vulnerability.
Advisory: https://github.com/AndrewGMorgan/libcap_mirror/security/advisories/GHS
A-f78v-p5hx-m7hh
Changelog
* Mon Apr 06 2026 Carlos Rodriguez-Fernandez [carlosrodrifernandez@gmail.com] -
2.73-3
- Patch for security vulnerability
--------------------------------------------------------------------------------
ChangeLog:

* Mon Apr 6 2026 Carlos Rodriguez-Fernandez [carlosrodrifernandez@gmail.com] - 2.73-3
- Patch for security vulnerability
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-d4c643a2ba' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new


OpenIDC, Inetutils, Packagekit, and more updates for Debian

Python, Perl-XML-Parser, Libarchive, and more updates for RHEL

Windows

Linux

macOS

Community

  • Lexonight
    Hey everyone,Wanted to share a project I've been b ...
  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...