Fedora 42 Update: freerdp-3.20.2-1.fc42
Fedora 42 Update: cef-143.0.13^chromium143.0.7499.192-1.fc42
Fedora 42 Update: libpcap-1.10.6-1.fc42
Fedora 42 Update: golang-github-tetratelabs-wazero-1.11.0-1.fc42
Fedora 43 Update: cef-143.0.13^chromium143.0.7499.192-1.fc43
[SECURITY] Fedora 42 Update: freerdp-3.20.2-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-a193f1698f
2026-01-21 01:30:15.162868+00:00
--------------------------------------------------------------------------------
Name : freerdp
Product : Fedora 42
Version : 3.20.2
Release : 1.fc42
URL : http://www.freerdp.com/
Summary : Free implementation of the Remote Desktop Protocol (RDP)
Description :
The xfreerdp & wlfreerdp Remote Desktop Protocol (RDP) clients from the FreeRDP
project.
xfreerdp & wlfreerdp can connect to RDP servers such as Microsoft Windows
machines, xrdp and VirtualBox.
--------------------------------------------------------------------------------
Update Information:
Update to 3.20.2
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jan 14 2026 Ondrej Holy [oholy@redhat.com] - 2:3.20.2-1
- Update to 3.20.2
* Wed Jan 14 2026 Ondrej Holy [oholy@redhat.com] - 2:3.20.1-1
- Update to 3.20.1
Resolves: rhbz#2423151
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2429779 - CVE-2026-22857 freerdp: FreeRDP heap-use-after-free [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2429779
[ 2 ] Bug #2429783 - CVE-2026-22852 freerdp: FreeRDP heap-buffer-overflow [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2429783
[ 3 ] Bug #2429785 - CVE-2026-22859 freerdp: FreeRDP heap-buffer-overflow [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2429785
[ 4 ] Bug #2429793 - CVE-2026-22853 freerdp: FreeRDP heap-buffer-overflow [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2429793
[ 5 ] Bug #2429798 - CVE-2026-22854 freerdp: FreeRDP heap-buffer-overflow [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2429798
[ 6 ] Bug #2429802 - CVE-2026-22855 freerdp: FreeRDP heap-buffer-overflow [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2429802
[ 7 ] Bug #2429805 - CVE-2026-22858 freerdp: FreeRDP global-buffer-overflow [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2429805
[ 8 ] Bug #2429810 - CVE-2026-22856 freerdp: FreeRDP heap-use-after-free [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2429810
[ 9 ] Bug #2429811 - CVE-2026-22851 freerdp: FreeRDP RDPGFX ResetGraphics race [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2429811
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-a193f1698f' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: cef-143.0.13^chromium143.0.7499.192-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-2a94cc43d9
2026-01-21 01:30:15.162802+00:00
--------------------------------------------------------------------------------
Name : cef
Product : Fedora 42
Version : 143.0.13^chromium143.0.7499.192
Release : 1.fc42
URL : https://bitbucket.org/chromiumembedded/cef
Summary : Chromium Embedded Framework
Description :
CEF is an embeddable build of Chromium, powered by WebKit (Blink).
--------------------------------------------------------------------------------
Update Information:
Update to 143.0.7499.192 [rhbz#2427842]
* High CVE-2026-0628: Insufficient policy enforcement in WebView tag
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jan 9 2026 Than Ngo [than@redhat.com] - 143.0.13^chromium143.0.7499.192-1
- Update to 143.0.7499.192 [rhbz#2427842]
- * High CVE-2026-0628: Insufficient policy enforcement in WebView tag
- Fix rhbz#2425338, Enable control flow integrity support for
x86_64/aarch64
- Enable build for epel10.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2427842 - cef-143.0.14 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2427842
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-2a94cc43d9' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: libpcap-1.10.6-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-1e3425e7ea
2026-01-21 01:30:15.162774+00:00
--------------------------------------------------------------------------------
Name : libpcap
Product : Fedora 42
Version : 1.10.6
Release : 1.fc42
URL : https://www.tcpdump.org/
Summary : A system-independent interface for user-level packet capture
Description :
Libpcap provides a portable framework for low-level network
monitoring. Libpcap can provide network statistics collection,
security monitoring and network debugging. Since almost every system
vendor provides a different interface for packet capture, the libpcap
authors created this system-independent API to ease in porting and to
alleviate the need for several system-dependent packet capture modules
in each application.
Install libpcap if you need to do low-level network traffic monitoring
on your network.
--------------------------------------------------------------------------------
Update Information:
New version 1.10.6
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jan 5 2026 Michal Ruprich [mruprich@redhat.com] - 14:1.10.6-1
- New version 1.10.6
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2426393 - libpcap-1.10.6 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2426393
[ 2 ] Bug #2426630 - CVE-2025-11961 libpcap: libpcap: Memory corruption via malformed MAC-48 address input [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2426630
[ 3 ] Bug #2426631 - CVE-2025-11961 libpcap: libpcap: Memory corruption via malformed MAC-48 address input [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2426631
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-1e3425e7ea' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: golang-github-tetratelabs-wazero-1.11.0-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-b793fa382f
2026-01-21 01:30:15.162797+00:00
--------------------------------------------------------------------------------
Name : golang-github-tetratelabs-wazero
Product : Fedora 42
Version : 1.11.0
Release : 1.fc42
URL : https://github.com/tetratelabs/wazero
Summary : Wazero: the zero dependency WebAssembly runtime for Go developers
Description :
WebAssembly is a way to safely run code compiled in other languages. Runtimes
execute WebAssembly Modules (Wasm), which are most often binaries with a .wasm
extension.
wazero is a WebAssembly Core Specification 1.0 and 2.0 compliant runtime
written in Go. It has zero dependencies, and doesn't rely on CGO. This means
you can run applications in other languages and still keep cross compilation.
--------------------------------------------------------------------------------
Update Information:
Update to 1.11.0 upstream release
Resolves: rhbz#2413614
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jan 12 2026 Packit [hello@packit.dev] - 1.11.0-1
- Update to 1.11.0 upstream release
- Resolves: rhbz#2413614
* Fri Oct 10 2025 Alejandro S??ez [asm@redhat.com] - 1.9.0-5
- rebuild
* Fri Aug 15 2025 Maxwell G [maxwell@gtmx.me] - 1.9.0-4
- Rebuild for golang-1.25.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2399457 - CVE-2025-47906 golang-github-tetratelabs-wazero: Unexpected paths returned from LookPath in os/exec [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2399457
[ 2 ] Bug #2413614 - golang-github-tetratelabs-wazero-1.11.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2413614
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-b793fa382f' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 43 Update: cef-143.0.13^chromium143.0.7499.192-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-77e3579a49
2026-01-21 01:10:49.670808+00:00
--------------------------------------------------------------------------------
Name : cef
Product : Fedora 43
Version : 143.0.13^chromium143.0.7499.192
Release : 1.fc43
URL : https://bitbucket.org/chromiumembedded/cef
Summary : Chromium Embedded Framework
Description :
CEF is an embeddable build of Chromium, powered by WebKit (Blink).
--------------------------------------------------------------------------------
Update Information:
Update to 143.0.7499.192 [rhbz#2427842]
* High CVE-2026-0628: Insufficient policy enforcement in WebView tag
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jan 9 2026 Than Ngo [than@redhat.com] - 143.0.13^chromium143.0.7499.192-1
- Update to 143.0.7499.192 [rhbz#2427842]
- * High CVE-2026-0628: Insufficient policy enforcement in WebView tag
- Fix rhbz#2425338, Enable control flow integrity support for
x86_64/aarch64
- Enable build for epel10.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2427842 - cef-143.0.14 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2427842
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-77e3579a49' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
