Fedora 42 through 44 just rolled out a fresh wave of security patches that touch several essential system tools and libraries. These updates patch critical weaknesses in glibc, chromium, firefox, nano, insight, nss, and rust-sequoia-git by addressing dangerous issues like buffer overflows and use after free bugs. System administrators need to install these changes quickly since the unpatched flaws could let attackers run malicious code or crash your machines entirely. You can push the updates through using dnf with the exact advisory codes listed in each notification block.

Fedora 42 Update: rust-sequoia-git-0.6.0-1.fc42
Fedora 42 Update: insight-18.0.50.20260306-3.fc42
Fedora 43 Update: glibc-2.42-12.fc43
Fedora 43 Update: insight-18.0.50.20260306-3.fc43
Fedora 43 Update: rust-sequoia-git-0.6.0-1.fc43
Fedora 43 Update: nss-3.122.1-1.fc43
Fedora 43 Update: firefox-150.0-1.fc43
Fedora 44 Update: nano-8.7.1-2.fc44
Fedora 44 Update: chromium-147.0.7727.137-1.fc44

[SECURITY] Fedora 42 Update: rust-sequoia-git-0.6.0-1.fc42

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-6f64d2e143
2026-05-03 01:21:32.130994+00:00
--------------------------------------------------------------------------------

Name : rust-sequoia-git
Product : Fedora 42
Version : 0.6.0
Release : 1.fc42
URL : https://crates.io/crates/sequoia-git
Summary : Tool for managing and enforcing a commit signing policy
Description :
A tool for managing and enforcing a commit signing policy.

--------------------------------------------------------------------------------
Update Information:

Update to version 0.6.0. Addresses RUSTSEC-2026-0109.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Apr 23 2026 Fabio Valentini [decathorpe@gmail.com] - 0.6.0-1
- Update to version 0.6.0; Fixes RHBZ#2460155
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-6f64d2e143' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 42 Update: insight-18.0.50.20260306-3.fc42

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-ce402e1f82
2026-05-03 01:21:32.130955+00:00
--------------------------------------------------------------------------------

Name : insight
Product : Fedora 42
Version : 18.0.50.20260306
Release : 3.fc42
URL : https://www.sourceware.org/insight/
Summary : Graphical debugger based on GDB
Description :
Insight is a tight graphical user interface to GDB written in Tcl/Tk.
It provides a comprehensive interface that enables users to harness
most of GDB's power. It's also probably the only up-to-date UI for
the latest GDB version.

--------------------------------------------------------------------------------
Update Information:

Fix CVE-2026-6846.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Apr 24 2026 Patrick Monnerat [patrick@monnerat.net] 18.0.50.20260306-3
- Fix CVE-2026-6846.
https://sourceware.org/bugzilla/show_bug.cgi?id=34049
https://bugzilla.redhat.com/show_bug.cgi?id=2460525
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2460525 - CVE-2026-6846 insight: Binutils: Arbitrary code execution via malformed XCOFF object file processing [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2460525
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-ce402e1f82' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 43 Update: glibc-2.42-12.fc43

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-4b7780802c
2026-05-03 01:18:11.212694+00:00
--------------------------------------------------------------------------------

Name : glibc
Product : Fedora 43
Version : 2.42
Release : 12.fc43
URL : http://www.gnu.org/software/glibc/
Summary : The GNU libc libraries
Description :
The glibc package contains standard libraries which are used by
multiple programs on the system. In order to save disk space and
memory, as well as to make upgrading easier, common system code is
kept in one place and shared between programs. This particular package
contains the most important sets of shared libraries: the standard C
library and the standard math library. Without these two libraries, a
Linux system will not function.

--------------------------------------------------------------------------------
Update Information:

This update provides various security fixes.
Buffer overflow in scanf %mc (CVE-2026-5450)
ns_sprintrrf buffer overreads (CVE-2026-6238)
ns_sprintrrf buffer overflow in TSIG record processing (CVE-2026-5435)
Memory corruption in ungetwc (CVE-2026-5928)
Assertion failure in iconv with IBM1390, IBM1399 charsets (CVE-2026-4046)
--------------------------------------------------------------------------------
ChangeLog:

* Thu Apr 30 2026 Florian Weimer [fweimer@redhat.com] - 2.42-12
- Add downstream patches with fixes for vulnerabilities.
- Fix buffer overflow in scanf %mc (CVE-2026-5450)
- Fix ns_sprintrrf buffer overreads (CVE-2026-6238)
- Fix ns_sprintrrf buffer overflow in TSIG record processing (CVE-2026-5435)
- Fix memory corruption in ungetwc (CVE-2026-5928)
- Auto-sync with upstream branch release/2.42/master,
commit f13c1bb0f97fbc12a6ba1ab5669ce561ea32b80a:
- iconv: Use pending character state in IBM1390, IBM1399 character sets
(CVE-2026-4046)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2453212 - CVE-2026-4046 glibc: glibc: Denial of Service via iconv() function with specific character sets [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2453212
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-4b7780802c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 43 Update: insight-18.0.50.20260306-3.fc43

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-e0f5e87dd6
2026-05-03 01:18:11.212666+00:00
--------------------------------------------------------------------------------

Name : insight
Product : Fedora 43
Version : 18.0.50.20260306
Release : 3.fc43
URL : https://www.sourceware.org/insight/
Summary : Graphical debugger based on GDB
Description :
Insight is a tight graphical user interface to GDB written in Tcl/Tk.
It provides a comprehensive interface that enables users to harness
most of GDB's power. It's also probably the only up-to-date UI for
the latest GDB version.

--------------------------------------------------------------------------------
Update Information:

Fix CVE-2026-6846.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Apr 24 2026 Patrick Monnerat [patrick@monnerat.net] 18.0.50.20260306-3
- Fix CVE-2026-6846.
https://sourceware.org/bugzilla/show_bug.cgi?id=34049
https://bugzilla.redhat.com/show_bug.cgi?id=2460525
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2460525 - CVE-2026-6846 insight: Binutils: Arbitrary code execution via malformed XCOFF object file processing [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2460525
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-e0f5e87dd6' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 43 Update: rust-sequoia-git-0.6.0-1.fc43

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-95ac9001e8
2026-05-03 01:18:11.212687+00:00
--------------------------------------------------------------------------------

Name : rust-sequoia-git
Product : Fedora 43
Version : 0.6.0
Release : 1.fc43
URL : https://crates.io/crates/sequoia-git
Summary : Tool for managing and enforcing a commit signing policy
Description :
A tool for managing and enforcing a commit signing policy.

--------------------------------------------------------------------------------
Update Information:

Update to version 0.6.0. Addresses RUSTSEC-2026-0109.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Apr 23 2026 Fabio Valentini [decathorpe@gmail.com] - 0.6.0-1
- Update to version 0.6.0; Fixes RHBZ#2460155
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-95ac9001e8' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 43 Update: nss-3.122.1-1.fc43

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-c0a4f03150
2026-05-03 01:18:11.212640+00:00
--------------------------------------------------------------------------------

Name : nss
Product : Fedora 43
Version : 3.122.1
Release : 1.fc43
URL : http://www.mozilla.org/projects/security/pki/nss/
Summary : Network Security Services
Description :
Network Security Services (NSS) is a set of libraries designed to
support cross-platform development of security-enabled client and
server applications. Applications built with NSS can support SSL v2
and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509
v3 certificates, and other security standards.

--------------------------------------------------------------------------------
Update Information:

Update NSS to 3.122.1
Update to Firefox 150.0
--------------------------------------------------------------------------------
ChangeLog:

* Mon Apr 20 2026 Frantisek Krenzelok [fkrenzel@redhat.com] - 3.122.1-1
- Update NSS to 3.122.1
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-c0a4f03150' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 43 Update: firefox-150.0-1.fc43

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-c0a4f03150
2026-05-03 01:18:11.212640+00:00
--------------------------------------------------------------------------------

Name : firefox
Product : Fedora 43
Version : 150.0
Release : 1.fc43
URL : https://www.mozilla.org/firefox/
Summary : Mozilla Firefox Web browser
Description :
Mozilla Firefox is an open-source web browser, designed for standards
compliance, performance and portability.

--------------------------------------------------------------------------------
Update Information:

Update NSS to 3.122.1
Update to Firefox 150.0
--------------------------------------------------------------------------------
ChangeLog:

* Thu Apr 16 2026 Martin Stransky [stransky@redhat.com] - 150.0-1
- Update to latest upstream (150.0)
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-c0a4f03150' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 44 Update: nano-8.7.1-2.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-3111ffa11a
2026-05-03 00:48:41.051402+00:00
--------------------------------------------------------------------------------

Name : nano
Product : Fedora 44
Version : 8.7.1
Release : 2.fc44
URL : https://www.nano-editor.org
Summary : A small text editor
Description :
GNU nano is a small and friendly text editor.

--------------------------------------------------------------------------------
Update Information:

fix CVE-2026-6842 and CVE-29026-6843
Resolves: CVE-2026-6842
Resolves: CVE-2026-6843
Resolves: rhbz#2455127
Resolves: rhbz#2455314
--------------------------------------------------------------------------------
ChangeLog:

* Thu Apr 30 2026 Luk???? Zaoral [lzaoral@redhat.com] - 8.7.1-2
- fix CVE-2026-6842 and CVE-29026-6843
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2455127 - [Security] Format String Vulnerability in nano's statusline() via errormessage Buffer
https://bugzilla.redhat.com/show_bug.cgi?id=2455127
[ 2 ] Bug #2460502 - CVE-2026-6842 nano: nano: Local attacker can inject malicious .desktop launcher due to insecure directory permissions [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2460502
[ 3 ] Bug #2460503 - CVE-2026-6843 nano: nano: Format string vulnerability leads to Denial of Service [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2460503
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-3111ffa11a' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

[SECURITY] Fedora 44 Update: chromium-147.0.7727.137-1.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-f5ed344d5c
2026-05-03 00:48:41.051399+00:00
--------------------------------------------------------------------------------

Name : chromium
Product : Fedora 44
Version : 147.0.7727.137
Release : 1.fc44
URL : http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).

--------------------------------------------------------------------------------
Update Information:

The updates include fixes for:
Critical CVE-2026-7363: Use after free in Canvas
Critical CVE-2026-7361: Use after free in iOS
Critical CVE-2026-7344: Use after free in Accessibility
Critical CVE-2026-7343: Use after free in Views
High CVE-2026-7333: Use after free in GPU
High CVE-2026-7360: Insufficient validation of untrusted input in Compositing
High CVE-2026-7359: Use after free in ANGLE
High CVE-2026-7358: Use after free in Animation
High CVE-2026-7334: Use after free in Views
High CVE-2026-7357: Use after free in GPU
High CVE-2026-7356: Use after free in Navigation
High CVE-2026-7354: Out of bounds read and write in Angle
High CVE-2026-7353: Heap buffer overflow in Skia
High CVE-2026-7352: Use after free in Media
High CVE-2026-7351: Race in MHTML
High CVE-2026-7350: Use after free in WebMIDI
High CVE-2026-7349: Use after free in Cast
High CVE-2026-7348: Use after free in Codecs
High CVE-2026-7335: Use after free in media
High CVE-2026-7336: Use after free in WebRTC
High CVE-2026-7337: Type Confusion in V8
High CVE-2026-7347: Use after free in Chromoting
High CVE-2026-7346: Inappropriate implementation in Tint
High CVE-2026-7345: Insufficient validation of untrusted input in Feedback
High CVE-2026-7338: Use after free in Cast
High CVE-2026-7342: Use after free in WebView
High CVE-2026-7341: Use after free in WebRTC
Medium CVE-2026-7339: Heap buffer overflow in WebRTC
Medium CVE-2026-7340: Integer overflow in ANGLE
Medium CVE-2026-7355: Use after free in Media
--------------------------------------------------------------------------------
ChangeLog:

* Wed Apr 29 2026 Than Ngo [than@redhat.com] - 147.0.7727.137-1
- Update to 147.0.7727.137
* Critical CVE-2026-7363: Use after free in Canvas
* Critical CVE-2026-7361: Use after free in iOS
* Critical CVE-2026-7344: Use after free in Accessibility
* Critical CVE-2026-7343: Use after free in Views
* High CVE-2026-7333: Use after free in GPU
* High CVE-2026-7360: Insufficient validation of untrusted input in Compositing
* High CVE-2026-7359: Use after free in ANGLE
* High CVE-2026-7358: Use after free in Animation
* High CVE-2026-7334: Use after free in Views
* High CVE-2026-7357: Use after free in GPU
* High CVE-2026-7356: Use after free in Navigation
* High CVE-2026-7354: Out of bounds read and write in Angle
* High CVE-2026-7353: Heap buffer overflow in Skia
* High CVE-2026-7352: Use after free in Media
* High CVE-2026-7351: Race in MHTML
* High CVE-2026-7350: Use after free in WebMIDI
* High CVE-2026-7349: Use after free in Cast
* High CVE-2026-7348: Use after free in Codecs
* High CVE-2026-7335: Use after free in media
* High CVE-2026-7336: Use after free in WebRTC
* High CVE-2026-7337: Type Confusion in V8
* High CVE-2026-7347: Use after free in Chromoting
* High CVE-2026-7346: Inappropriate implementation in Tint
* High CVE-2026-7345: Insufficient validation of untrusted input in Feedback
* High CVE-2026-7338: Use after free in Cast
* High CVE-2026-7342: Use after free in WebView
* High CVE-2026-7341: Use after free in WebRTC
* Medium CVE-2026-7339: Heap buffer overflow in WebRTC
* Medium CVE-2026-7340: Integer overflow in ANGLE
* Medium CVE-2026-7355: Use after free in Media
* Sun Apr 26 2026 Than Ngo [than@redhat.com] - 147.0.7727.116-2
- Fix FTBFS with rust 1.95
- Backport the upstream fix GL native pixmap import support reset in GpuInit
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2463710 - CVE-2026-7333 CVE-2026-7334 CVE-2026-7335 CVE-2026-7336 CVE-2026-7337 CVE-2026-7338 CVE-2026-7339 CVE-2026-7340 CVE-2026-7341 CVE-2026-7342 CVE-2026-7343 CVE-2026-7344 CVE-2026-7345 CVE-2026-7346 CVE-2026-7347 ... chromium: various flaws [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2463710
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-f5ed344d5c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new