Explore top 10 tips to secure your open-source projects now. Read More
×
chromium-150.0.7871.46 security release includes 433 security fixes, CVE-2026-13774 - CVE-2026-14432. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-88eee44bfb 2026-07-05 00:49:16.510819+00:00 -------------------------------------------------------------------------------- Name : chromium Product : Fedora 43 Version : 150.0.7871.46 Release : 1.fc43 URL : http://www.chromium.org/Home Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use Description : Chromium is an open-source web browser, powered by WebKit (Blink). -------------------------------------------------------------------------------- Update Information: chromium-150.0.7871.46 security release includes 433 security fixes, CVE-2026-13774 - CVE-2026-14432 -------------------------------------------------------------------------------- ChangeLog: * Wed Jul 1 2026 Than Ngo - 150.0.7871.46-1 - Update to 150.0.7871.46 * CVE-2026-13774: Use after free in Extensions * CVE-2026-13775: Use after free in GPU * CVE-2026-13776: Type Confusion in Dawn * CVE-2026-13777: Insufficient validation of untrusted input in iOSWeb * CVE-2026-13778: Use after free in WebUSB * CVE-2026-13779: Use after free in Chromoting * CVE-2026-13780: Insufficient validation of untrusted input in ANGLE * CVE-2026-13781: Insufficient validation of untrusted input in Skia * CVE-2026-13782: Use after free in Browser * CVE-2026-13783: Use after free in Views * CVE-2026-13784: Use after free in Views * CVE-2026-13785: Use after free in Bluetooth * CVE-2026-13786: Use after free in Ozone * CVE-2026-13787: Use after free in Chromoting * CVE-2026-13788: Use after free in Fullscreen * CVE-2026-13789: Use after free in GPU * CVE-2026-13790: Side-channel information leakage in Scroll * CVE-2026-13791: Insufficient validation of untrusted input in Downloads * CVE-2026-13792: Useafter free in Touchbar * CVE-2026-13793: Insufficient policy enforcement in SVG * CVE-2026-13794: Insufficient validation of untrusted input in WebAppInstalls * CVE-2026-13795: Insufficient policy enforcement in Chrome for iOS * CVE-2026-13796: Integer overflow in Chromecast * CVE-2026-13797: Insufficient validation of untrusted input in Chromecast * CVE-2026-13798: Heap buffer overflow in Chromecast * CVE-2026-13799: Use after free in QUIC * CVE-2026-13800: Inappropriate implementation in Updater * CVE-2026-13801: Integer overflow in Chromecast * CVE-2026-13802: Use after free in Views * CVE-2026-13803: Type Confusion in Chrome Tabs * CVE-2026-13804: Use after free in Chromecast * CVE-2026-13805: Use after free in GFX * CVE-2026-13806: Insufficient validation of untrusted input in Accessibility * CVE-2026-13807: Use after free in Import * CVE-2026-13808: Insufficient data validation in Chrome for iOS * CVE-2026-13809: Side-channel information leakage in Safe Browsing * CVE-2026-13810: Inappropriate implementation in Input * CVE-2026-13811: Use after free in IME * CVE-2026-13812: Insufficient validation of untrusted input in Chrome for iOS * CVE-2026-13813: Insufficient validation of untrusted input in Chrome for iOS * CVE-2026-13814: Use after free in Views * CVE-2026-13815: Use after free in Blink * CVE-2026-13816: Insufficient validation of untrusted input in File Input * CVE-2026-13817: Insufficient validation of untrusted input in Glic * CVE-2026-13818: Inappropriate implementation in Passwords * CVE-2026-13819: Out of bounds read in ANGLE * CVE-2026-13820: Out of bounds read in Skia * CVE-2026-13821: Use after free in Canvas * CVE-2026-13822: Inappropriate implementation in Extensions * CVE-2026-13823: Use after free in Glic * CVE-2026-13824: Insufficient validation of untrusted input in Extensions * CVE-2026-13825: Uninitialized Use in Dawn * CVE-2026-13826: Inappropriate implementation in Autofill *CVE-2026-13827: Use after free in Updater * CVE-2026-13828: Inappropriate implementation in Enterprise * CVE-2026-13829: Insufficient validation of untrusted input in Settings * CVE-2026-13830: Use after free in Chromoting * CVE-2026-13831: Use after free in GPU * CVE-2026-13832: Use after free in Headless * CVE-2026-13833: Uninitialized Use in ANGLE * CVE-2026-13834: Insufficient validation of untrusted input in ANGLE * CVE-2026-13835: Inappropriate implementation in XML * CVE-2026-13836: Inappropriate implementation in CSS * CVE-2026-13837: Inappropriate implementation in CSS * CVE-2026-13838: Inappropriate implementation in CSS * CVE-2026-13839: Inappropriate implementation in CSS * CVE-2026-13840: Insufficient policy enforcement in Canvas * CVE-2026-13841: Integer overflow in Skia * CVE-2026-13842: Incorrect security UI in Chrome for iOS * CVE-2026-13843: Insufficient validation of untrusted input in Chrome for iOS * CVE-2026-13844: Use after free in Updater * CVE-2026-13845: Use after free in DOM * CVE-2026-13846: Use after free in USB * CVE-2026-13847: Insufficient validation of untrusted input in Chrome for iOS * CVE-2026-13848: Use after free in Forms * CVE-2026-13849: Insufficient validation of untrusted input in Chromoting * CVE-2026-13850: Insufficient validation of untrusted input in Chrome for iOS * CVE-2026-13851: Insufficient validation of untrusted input in WebAppInstalls * CVE-2026-13852: Insufficient validation of untrusted input in WebAppInstalls * CVE-2026-13853: Use after free in Journeys * CVE-2026-13854: Use after free in Ozone * CVE-2026-13855: Use after free in Ozone * CVE-2026-13856: Insufficient validation of untrusted input in Speech * CVE-2026-13857: Inappropriate implementation in Geometry * CVE-2026-13858: Out of bounds read in FFmpeg * CVE-2026-13859: Inappropriate implementation in ANGLE * CVE-2026-13860: Incorrect security UI in Autofill * CVE-2026-13861: Use after free inCore * CVE-2026-13862: Insufficient policy enforcement in Web Authentication (Passkeys & Security Keys) * CVE-2026-13863: Insufficient validation of untrusted input in CustomTabs * CVE-2026-13864: Insufficient policy enforcement in WebHID * CVE-2026-13865: Insufficient validation of untrusted input in Enterprise * CVE-2026-13866: Insufficient validation of untrusted input in Input * CVE-2026-13867: Inappropriate implementation in Geolocation * CVE-2026-13868: Inappropriate implementation in Network * CVE-2026-13869: Use after free in Device * CVE-2026-13870: Use after free in WebView * CVE-2026-13871: Insufficient data validation in GuestView * CVE-2026-13872: Insufficient validation of untrusted input in WebAppInstalls * CVE-2026-13873: Out of bounds memory access in Layout * CVE-2026-13874: Inappropriate implementation in DataTransfer * CVE-2026-13875: Insufficient validation of untrusted input in GPU * CVE-2026-13876: Inappropriate implementation in Network * CVE-2026-13877: Insufficient validation of untrusted input in ANGLE * CVE-2026-13878: Use after free in Bluetooth * CVE-2026-13879: Use after free in Bluetooth * CVE-2026-13880: Use after free in USB * CVE-2026-13881: Insufficient data validation in WebAppInstalls * CVE-2026-13882: Inappropriate implementation in USB * CVE-2026-13883: Type Confusion in ANGLE * CVE-2026-13884: Heap buffer overflow in Chromecast * CVE-2026-13885: Use after free in Skia * CVE-2026-13886: Policy bypass in Isolated Web Apps * CVE-2026-13887: Insufficient policy enforcement in NFC * CVE-2026-13888: Use after free in Extensions * CVE-2026-13889: Insufficient validation of untrusted input in WebAuthentication * CVE-2026-13890: Out of bounds read in Chromecast * CVE-2026-13891: Insufficient validation of untrusted input in Extensions * CVE-2026-13892: Inappropriate implementation in Chrome for iOS * CVE-2026-13893: Insufficient validation of untrusted input in WebUI *CVE-2026-13894: Insufficient policy enforcement in Network * CVE-2026-13895: Inappropriate implementation in Autofill * CVE-2026-13896: Insufficient policy enforcement in Glic * CVE-2026-13897: Insufficient policy enforcement in Chromecast * CVE-2026-13898: Use after free in Cast Receiver * CVE-2026-13899: Use after free in HTML * CVE-2026-13900: Insufficient validation of untrusted input in Chromecast * CVE-2026-13901: Insufficient validation of untrusted input in Serial * CVE-2026-13902: Inappropriate implementation in Chrome for iOS * CVE-2026-13903: Insufficient policy enforcement in Bluetooth * CVE-2026-13904: Incorrect security UI in Safe Browsing * CVE-2026-13905: Incorrect security UI in Chrome for iOS * CVE-2026-13906: Out of bounds read in Codecs * CVE-2026-13907: Inappropriate implementation in iOSWeb * CVE-2026-13908: Insufficient validation of untrusted input in Omnibox * CVE-2026-13909: Insufficient policy enforcement in DevTools * CVE-2026-13910: Insufficient policy enforcement in WebXR * CVE-2026-13911: Insufficient data validation in Spellcheck * CVE-2026-13912: Incorrect security UI in Safe Browsing * CVE-2026-13913: Insufficient policy enforcement in Autofill * CVE-2026-13914: Inappropriate implementation in Passwords * CVE-2026-13915: Use after free in Chrome for iOS * CVE-2026-13916: Inappropriate implementation in Chrome for iOS * CVE-2026-13917: Insufficient validation of untrusted input in Chrome for iOS * CVE-2026-13918: Use after free in Chrome for iOS * CVE-2026-13919: Insufficient data validation in Extensions * CVE-2026-13920: Insufficient validation of untrusted input in Media * CVE-2026-13921: Insufficient validation of untrusted input in DeviceBoundSessionCredentials * CVE-2026-13922: Side-channel information leakage in Paint * CVE-2026-13923: Uninitialized Use in GPU * CVE-2026-13924: Insufficient validation of untrusted input in WebView * CVE-2026-13925: Inappropriate implementation inDownloads * CVE-2026-13926: Insufficient validation of untrusted input in Network * CVE-2026-13927: Insufficient validation of untrusted input in UI * CVE-2026-13928: Insufficient validation of untrusted input in Enterprise * CVE-2026-13929: Insufficient validation of untrusted input in DevTools * CVE-2026-13930: Insufficient policy enforcement in Actor * CVE-2026-13931: Inappropriate implementation in Media * CVE-2026-13932: Inappropriate implementation in Sharing * CVE-2026-13933: Insufficient policy enforcement in Passwords * CVE-2026-13934: Insufficient validation of untrusted input in Dawn * CVE-2026-13935: Side-channel information leakage in ComputePressure * CVE-2026-13936: Inappropriate implementation in Passwords * CVE-2026-13937: Insufficient policy enforcement in Passwords * CVE-2026-13938: Integer overflow in Fonts * CVE-2026-13939: Insufficient validation of untrusted input in WebShare * CVE-2026-13940: Uninitialized Use in Cast * CVE-2026-13941: Inappropriate implementation in SiteSettings * CVE-2026-13942: Insufficient validation of untrusted input in Video Capture * CVE-2026-13943: Uninitialized Use in CSS * CVE-2026-13944: Inappropriate implementation in DataTransfer * CVE-2026-13945: Insufficient policy enforcement in Extensions * CVE-2026-13946: Inappropriate implementation in ScriptInjections * CVE-2026-13947: Uninitialized Use in XR * CVE-2026-13948: Insufficient policy enforcement in Extensions * CVE-2026-13949: Insufficient policy enforcement in Payments * CVE-2026-13950: Uninitialized Use in GPU * CVE-2026-13951: Policy bypass in USB * CVE-2026-13952: Inappropriate implementation in PerformanceAPIs * CVE-2026-13953: Inappropriate implementation in SplitView * CVE-2026-13954: Insufficient policy enforcement in XML * CVE-2026-13955: Insufficient validation of untrusted input in CustomTabs * CVE-2026-13956: Incorrect security UI in PageInfo * CVE-2026-13957: Incorrect security UI in Extensions * CVE-2026-13958: Uninitialized Use in Codecs * CVE-2026-13959: Insufficient validation of untrusted input in Blink * CVE-2026-13960: Inappropriate implementation in Passwords * CVE-2026-13961: Insufficient validation of untrusted input in DevTools * CVE-2026-13962: Insufficient data validation in PDF * CVE-2026-13963: Inappropriate implementation in DevTools * CVE-2026-13964: Insufficient policy enforcement in WebView * CVE-2026-13965: Use after free in Oilpan * CVE-2026-13966: Inappropriate implementation in History * CVE-2026-13967: Type Confusion in V8 * CVE-2026-13968: Insufficient validation of untrusted input in DevTools * CVE-2026-13969: Uninitialized Use in UI * CVE-2026-13970: Uninitialized Use in Media * CVE-2026-13971: Uninitialized Use in Skia * CVE-2026-13972: Inappropriate implementation in Paint * CVE-2026-13973: Inappropriate implementation in UI * CVE-2026-13974: Integer overflow in Safe Browsing * CVE-2026-13975: Out of bounds read in ANGLE * CVE-2026-13976: Heap buffer overflow in Storage * CVE-2026-13977: Inappropriate implementation in HTMLParser * CVE-2026-13978: Insufficient policy enforcement in PageInfo * CVE-2026-13979: Inappropriate implementation in Paint * CVE-2026-13980: Incorrect security UI in Chrome for iOS * CVE-2026-13981: Inappropriate implementation in Chrome for iOS * CVE-2026-13982: Incorrect security UI in Passwords * CVE-2026-13983: Incorrect security UI in Chrome for iOS * CVE-2026-13984: Incorrect security UI in TabStrip * CVE-2026-13985: Inappropriate implementation in MediaCapture * CVE-2026-13986: Inappropriate implementation in Media UI * CVE-2026-13987: Incorrect security UI in Mobile * CVE-2026-13988: Inappropriate implementation in Paint * CVE-2026-13989: Insufficient policy enforcement in PageInfo * CVE-2026-13990: Insufficient validation of untrusted input in DataTransfer * CVE-2026-13991: Insufficient validation of untrusted input in Chrome for iOS *CVE-2026-13992: Inappropriate implementation in UI * CVE-2026-13993: Incorrect security UI in WebAppInstalls * CVE-2026-13994: Inappropriate implementation in Credential Management * CVE-2026-13995: Insufficient validation of untrusted input in Autofill * CVE-2026-13996: Incorrect security UI in Permissions * CVE-2026-13997: Incorrect security UI in Extensions * CVE-2026-13998: Incorrect security UI in File Input * CVE-2026-13999: Inappropriate implementation in Extensions * CVE-2026-14000: Inappropriate implementation in XML * CVE-2026-14001: Inappropriate implementation in Network * CVE-2026-14002: Inappropriate implementation in Geolocation * CVE-2026-14003: Insufficient policy enforcement in Extensions * CVE-2026-14004: Inappropriate implementation in CSS * CVE-2026-14005: Use after free in Omnibox * CVE-2026-14006: Use after free in Navigation * CVE-2026-14007: Insufficient policy enforcement in PermissionsPolicy * CVE-2026-14008: Uninitialized Use in WebXR * CVE-2026-14009: Insufficient data validation in Passwords * CVE-2026-14010: Uninitialized Use in Codecs * CVE-2026-14011: Out of bounds read in SurfaceCapture * CVE-2026-14012: Side-channel information leakage in CSS * CVE-2026-14013: Inappropriate implementation in SVG * CVE-2026-14014: Inappropriate implementation in Paint * CVE-2026-14015: Inappropriate implementation in WebRTC * CVE-2026-14016: Insufficient policy enforcement in SVG * CVE-2026-14017: Inappropriate implementation in Navigation * CVE-2026-14018: Use after free in Updater * CVE-2026-14019: Inappropriate implementation in Passwords * CVE-2026-14020: Insufficient validation of untrusted input in WebXR * CVE-2026-14021: Insufficient validation of untrusted input in StorageAccessAPI * CVE-2026-14022: Insufficient validation of untrusted input in Network * CVE-2026-14023: Insufficient validation of untrusted input in SanitizerAPI * CVE-2026-14024: Use after free in Ozone * CVE-2026-14025: Useafter free in Views * CVE-2026-14026: Incorrect security UI in SplitView * CVE-2026-14027: Use after free in SignIn * CVE-2026-14028: Incorrect security UI in Chrome for iOS * CVE-2026-14030: Incorrect security UI in SplitView * CVE-2026-14031: Incorrect security UI in File Input * CVE-2026-14032: Use after free in Bluetooth * CVE-2026-14033: Insufficient policy enforcement in Media * CVE-2026-14034: Inappropriate implementation in WebXR * CVE-2026-14035: Insufficient policy enforcement in Bluetooth * CVE-2026-14036: Insufficient policy enforcement in Bluetooth * CVE-2026-14037: Insufficient policy enforcement in GPU * CVE-2026-14038: Insufficient validation of untrusted input in New Tab Page * CVE-2026-14039: Insufficient policy enforcement in GetUserMedia * CVE-2026-14040: Use after free in BrowserTag * CVE-2026-14041: Insufficient policy enforcement in Serial * CVE-2026-14042: Inappropriate implementation in Isolated Web Apps * CVE-2026-14043: Use after free in GetUserMedia * CVE-2026-14044: Use after free in ANGLE * CVE-2026-14045: Insufficient validation of untrusted input in Network * CVE-2026-14046: Inappropriate implementation in CustomTabs * CVE-2026-14047: Insufficient policy enforcement in Extensions * CVE-2026-14048: Use after free in Chromecast * CVE-2026-14049: Inappropriate implementation in GPU * CVE-2026-14050: Insufficient policy enforcement in Passwords * CVE-2026-14051: Uninitialized Use in GamepadAPI * CVE-2026-14052: Insufficient policy enforcement in FileSystem * CVE-2026-14053: Insufficient policy enforcement in Extensions * CVE-2026-14054: Insufficient policy enforcement in Network * CVE-2026-14055: Insufficient validation of untrusted input in Device Trust * CVE-2026-14056: Insufficient validation of untrusted input in Media * CVE-2026-14057: Insufficient policy enforcement in FedCM * CVE-2026-14058: Policy bypass in Parser * CVE-2026-14059: Insufficient policy enforcement inRelated-Website-Sets * CVE-2026-14060: Insufficient validation of untrusted input in Chromoting * CVE-2026-14061: Inappropriate implementation in Dawn * CVE-2026-14062: Inappropriate implementation in Views * CVE-2026-14063: Out of bounds memory access in Chromecast * CVE-2026-14064: Use after free in PageInfo * CVE-2026-14065: Insufficient validation of untrusted input in PageInfo * CVE-2026-14066: Insufficient validation of untrusted input in Chrome for iOS * CVE-2026-14067: Use after free in Chrome for iOS * CVE-2026-14068: Inappropriate implementation in Omnibox * CVE-2026-14069: Integer overflow in WebNN * CVE-2026-14070: Uninitialized Use in WebNN * CVE-2026-14071: Side-channel information leakage in WebAudio * CVE-2026-14072: Incorrect security UI in SplitView * CVE-2026-14073: Insufficient policy enforcement in WebXR * CVE-2026-14074: Side-channel information leakage in WebAuthentication * CVE-2026-14075: Policy bypass in Chrome for iOS * CVE-2026-14076: Policy bypass in Network * CVE-2026-14077: Incorrect security UI in Select * CVE-2026-14078: Policy bypass in WebRTC * CVE-2026-14079: Policy bypass in Network * CVE-2026-14080: Insufficient validation of untrusted input in TabSwitcher * CVE-2026-14081: Insufficient policy enforcement in DevTools * CVE-2026-14082: Race in Storage * CVE-2026-14083: Insufficient validation of untrusted input in HTML * CVE-2026-14084: Insufficient validation of untrusted input in Chromoting * CVE-2026-14085: Side-channel information leakage in CSS * CVE-2026-14086: Insufficient policy enforcement in HID * CVE-2026-14087: Insufficient validation of untrusted input in WebNN * CVE-2026-14088: Uninitialized Use in Canvas * CVE-2026-14089: Insufficient validation of untrusted input in PopupBlocker * CVE-2026-14090: Out of bounds read in CameraCapture * CVE-2026-14091: Use after free in DevTools * CVE-2026-14092: Insufficient policy enforcement in Privacy * CVE-2026-14093: Useafter free in Cast * CVE-2026-14094: Use after free in Installer * CVE-2026-14095: Insufficient validation of untrusted input in Browser * CVE-2026-14096: Object lifecycle issue in Input * CVE-2026-14097: Inappropriate implementation in WebAppInstalls * CVE-2026-14098: Inappropriate implementation in CSS * CVE-2026-14099: Use after free in Chrome for iOS * CVE-2026-14100: Insufficient data validation in NetworkCache * CVE-2026-14101: Insufficient policy enforcement in Sandbox * CVE-2026-14102: Use after free in Passwords * CVE-2026-14103: Use after free in SSL * CVE-2026-14104: Insufficient validation of untrusted input in WebAppInstalls * CVE-2026-14105: Insufficient policy enforcement in Speech * CVE-2026-14106: Insufficient validation of untrusted input in Text * CVE-2026-14107: Use after free in Scheduling * CVE-2026-14108: Use after free in PDFium * CVE-2026-14109: Insufficient policy enforcement in Mojo * CVE-2026-14110: Inappropriate implementation in DarkMode * CVE-2026-14111: Use after free in WebProtect * CVE-2026-14112: Inappropriate implementation in Enterprise * CVE-2026-14113: Use after free in Updater * CVE-2026-14114: Inappropriate implementation in WebAppInstalls * CVE-2026-14115: Insufficient validation of untrusted input in Cast * CVE-2026-14116: Insufficient validation of untrusted input in DevTools * CVE-2026-14117: Insufficient validation of untrusted input in DevTools * CVE-2026-14118: Insufficient data validation in DevTools * CVE-2026-14119: Type Confusion in Bluetooth * CVE-2026-14120: Inappropriate implementation in DevTools * CVE-2026-14121: Use after free in Chromoting * CVE-2026-14122: Insufficient validation of untrusted input in WebAppInstalls * CVE-2026-14123: Incorrect security UI in Chrome for iOS * CVE-2026-14124: Inappropriate implementation in CredentialProvider * CVE-2026-14125: Uninitialized Use in ANGLE * CVE-2026-14126: Incorrect security UI in UI * CVE-2026-14127:Inappropriate implementation in Printing * CVE-2026-14128: Insufficient data validation in Chrome for iOS * CVE-2026-14129: Incorrect security UI in PreviewTab * CVE-2026-14130: Incorrect security UI in Omnibox * CVE-2026-14131: Insufficient validation of untrusted input in WebAppInstalls * CVE-2026-14132: Inappropriate implementation in WebXR * CVE-2026-14133: Race in History Embeddings * CVE-2026-14134: Inappropriate implementation in Autofill * CVE-2026-14135: Insufficient validation of untrusted input in Network * CVE-2026-14136: Incorrect security UI in Chrome for iOS * CVE-2026-14137: Insufficient validation of untrusted input in Chrome for iOS * CVE-2026-14138: Inappropriate implementation in WebAppInstalls * CVE-2026-14139: Inappropriate implementation in TabStrip * CVE-2026-14140: Insufficient validation of untrusted input in Input * CVE-2026-14141: Incorrect security UI in Document Picture-in-Picture * CVE-2026-14142: Inappropriate implementation in Extensions * CVE-2026-14143: Incorrect security UI in Passwords * CVE-2026-14144: Incorrect security UI in Views * CVE-2026-14145: Inappropriate implementation in CSS * CVE-2026-14146: Inappropriate implementation in CSS * CVE-2026-14147: Inappropriate implementation in CSS * CVE-2026-14148: Type Confusion in CSS * CVE-2026-14149: Use after free in Audio * CVE-2026-14150: Insufficient validation of untrusted input in Speech * CVE-2026-14151: Inappropriate implementation in AI * CVE-2026-14152: Out of bounds write in ANGLE * CVE-2026-14153: Inappropriate implementation in Glic * CVE-2026-14154: Inappropriate implementation in DevTools * CVE-2026-14155: Insufficient policy enforcement in StorageAccessAPI * CVE-2026-14156: Policy bypass in StorageAccessAPI - Remove Darkmode patches, which are already included in v150 - Refresh patches for v150 - Fix FTBFS with system ffmpeg - Backport upstream patches to fixFTBFS -------------------------------------------------------------------------------- References: [ 1 ] Bug #2495844 - CVE-2026-14101 chromium: chromium-browser: Insufficient policy enforcement in Sandbox [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2495844 [ 2 ] Bug #2495845 - CVE-2026-14101 chromium: chromium-browser: Insufficient policy enforcement in Sandbox [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2495845 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-88eee44bfb' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
An update that solves one vulnerability can now be installed.. # Security update for python-urllib3 Announcement ID: SUSE-SU-2026:2065-1 Release Date: 2026-05-26T07:11:07Z Rating: important References: * bsc#1265267 Cross-References: * CVE-2026-44431 CVSS scores: * CVE-2026-44431 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-44431 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-44431 ( NVD ): 8.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-44431 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products: * Public Cloud Module 12 * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for python-urllib3 fixes the following issue * CVE-2026-44431: sensitive information disclosure due to sensitive headers being forwarded across origins in proxied low-level redirects(bsc#1265267). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Public Cloud Module 12 zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2026-2065=1 * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2026-2065=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-2065=1 ## Package List: * Public Cloud Module 12 (noarch) * python3-urllib3-1.25.10-3.51.1 * python-urllib3-1.25.10-3.51.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (noarch) * python3-urllib3-1.25.10-3.51.1 * python-urllib3-1.25.10-3.51.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (noarch) * python3-urllib3-1.25.10-3.51.1 * python-urllib3-1.25.10-3.51.1 ## References: * https://www.suse.com/security/cve/CVE-2026-44431.html * https://bugzilla.suse.com/show_bug.cgi?id=1265267 . An important security update for python-urllib3 is available, addressing a sensitive information disclosure issue.. python-urllib3 security update, SUSE Linux patch, sensitive information CVE. . Severity: Important. LinuxSecurity.com Team
An update that solves two vulnerabilities can now be installed.. # Security update for the Linux Kernel (Live Patch 6 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21334-1 Release Date: 2026-04-22T17:07:51Z Rating: important References: * bsc#1255066 * bsc#1259859 Cross-References: * CVE-2025-40309 * CVE-2026-23268 CVSS scores: * CVE-2025-40309 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40309 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves two vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-28.1 fixes various security issues The following security issues were fixed: * CVE-2025-40309: Bluetooth: SCO: Fix UAF on sco_conn_free (bsc#1255066). * CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-356=1 ## Package List: * SUSE Linux Micro 6.0 (s390x x86_64) * kernel-livepatch-MICRO-6-0_Update_6-debugsource-17-3.1 * kernel-livepatch-6_4_0-28-default-17-3.1 * kernel-livepatch-6_4_0-28-default-debuginfo-17-3.1 ## References: * https://www.suse.com/security/cve/CVE-2025-40309.html * https://www.suse.com/security/cve/CVE-2026-23268.html * https://bugzilla.suse.com/show_bug.cgi?id=1255066 * https://bugzilla.suse.com/show_bug.cgi?id=1259859 . SUSELinux Micro 6.0 kernel update resolves important security issues, enhancing system integrity and user privileges.. SUSE Linux Kernel Update, Security Fix, Privilege Management, Important Update. . Severity: Important. LinuxSecurity.com Team
An update that solves two vulnerabilities can now be installed.. # Security update for the Linux Kernel (Live Patch 7 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21343-1 Release Date: 2026-04-22T17:23:57Z Rating: important References: * bsc#1255066 * bsc#1259859 Cross-References: * CVE-2025-40309 * CVE-2026-23268 CVSS scores: * CVE-2025-40309 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40309 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves two vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-29.1 fixes various security issues The following security issues were fixed: * CVE-2025-40309: Bluetooth: SCO: Fix UAF on sco_conn_free (bsc#1255066). * CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-363=1 ## Package List: * SUSE Linux Micro 6.0 (s390x x86_64) * kernel-livepatch-6_4_0-29-default-16-1.2 * kernel-livepatch-6_4_0-29-default-debuginfo-16-1.2 * kernel-livepatch-MICRO-6-0_Update_7-debugsource-16-1.2 ## References: * https://www.suse.com/security/cve/CVE-2025-40309.html * https://www.suse.com/security/cve/CVE-2026-23268.html * https://bugzilla.suse.com/show_bug.cgi?id=1255066 * https://bugzilla.suse.com/show_bug.cgi?id=1259859 .Install vital security updates for important SUSE Linux Micro Kernel vulnerabilities and improve system safety.. SUSE Linux Micro, kernel update, important patch, security vulnerabilities. . Severity: Important. LinuxSecurity.com Team
Security fix for CVE-2026-31899: https://nvd.nist.gov/vuln/detail/CVE-2026-31899 / https://github.com/Kozea/CairoSVG/security/advisories/GHSA-f38f-5xpm-9r7c Exponential DoS via recursive element amplification. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-448e26a9c8 2026-04-25 01:21:36.173244+00:00 -------------------------------------------------------------------------------- Name : python-cairosvg Product : Fedora 44 Version : 2.9.0 Release : 1.fc44 URL : https://cairosvg.org/ Summary : A Simple SVG Converter for Cairo Description : CairoSVG is a SVG 1.1 to PNG, PDF, PS and SVG converter which can also be used as a Python library. -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2026-31899: https://nvd.nist.gov/vuln/detail/CVE-2026-31899 / https://github.com/Kozea/CairoSVG/security/advisories/GHSA-f38f-5xpm-9r7c Exponential DoS via recursive element amplification -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 15 2026 Michel Lind - 2.9.0-1 - Update to 2.9.0 upstream release - Resolves: rhbz#2229363 - Resolves: CVE-2026-31899 - Enable Packit - Drop unneeded test shenanigans - Enforce that license is preinstalled, stop installing by hand -------------------------------------------------------------------------------- References: [ 1 ] Bug #2447854 - CVE-2026-31899 python-cairosvg: CairoSVG: Denial of Service via recursive element amplification [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2447854 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-448e26a9c8' at the command line. For more information, refer to the dnf documentation availableat http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
An update that fixes one vulnerability is now available.. openSUSE Security Update: Security update for osslsigncode ______________________________________________________________________________ Announcement ID: openSUSE-SU-2026:0116-1 Rating: critical References: #1260680 Cross-References: CVE-2025-70888 Affected Products: openSUSE Backports SLE-15-SP7 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for osslsigncode fixes the following issues: - Update to 2.13 (boo#1260680, CVE-2025-70888): * fixed integer overflows when processing APPX compressed data streams * fixed double-free vulnerabilities in APPX file processing * fixed multiple memory corruption issues in PE page hash computation - Changes from 2.12: * fixed a buffer overflow while extracting message digests - Changes from 2.11: * added keyUsage validation for signer certificate * added printing CRL details during signature verification * implemented a workaround for CRL servers returning the HTTP Content-Type header other than application/pkix-crl * fixed HTTP keep-alive handling * fixed macOS compiler and linker flags * fixed undefined BIO_get_fp() behavior with BIO_FLAGS_UPLINK_INTERNAL - update to 2.10: * added JavaScript signing * added PKCS#11 provider support (requires OpenSSL 3.0+) * added support for providers without specifying "-pkcs11module" option * (OpenSSL 3.0+, e.g., for the upcoming CNG provider) * added compatibility with the CNG engine version 1.1 or later * added the "-engineCtrl" option to control hardware and CNG engines * added the '-blobFile' option to specify a file containing the blob content * improved unauthenticated blob support (thanks to Asger Hautop Drewsen) * improved UTF-8 handling for certificate subjects and issuers *fixed support for multiple signerInfo contentType OIDs (CTL and Authenticode) * fixed tests for python-cryptography > = 43.0.0 - update to version 2.9: * added a 64 bit long pseudo-random NONCE in the TSA request * missing NID_pkcs9_signingTime is no longer an error * added support for PEM-encoded CRLs * fixed the APPX central directory sorting order * added a special "-" file name to read the passphrase from stdin * used native HTTP client with OpenSSL 3.x, removing libcurl dependency * added '-login' option to force a login to PKCS11 engines * added the "-ignore-crl" option to disable fetching and verifying CRL Distribution Points * changed error output to stderr instead of stdout * various testing framework improvements * various memory corruption fixes - update to version 2.8: * Microsoft PowerShell signing sponsored by Cisco Systems, Inc. * fixed setting unauthenticated attributes (Countersignature, Unauthenticated * Data Blob) in a nested signature * added the "-index" option to verify a specific signature or modify its unauthenticated attributes * added CAT file verification * added listing the contents of a CAT file with the "-verbose" option * added the new "extract-data" command to extract a PKCS#7 data content to be signed with "sign" and attached with "attach-signature" * added PKCS9_SEQUENCE_NUMBER authenticated attribute support * added the "-ignore-cdp" option to disable CRL Distribution Points (CDP) online verification * unsuccessful CRL retrieval and verification changed into a critical error the "-p" option modified to also use to configured proxy to connect CRL Distribution Points * added implicit allowlisting of the Microsoft Root Authority serial number 00C1008B3C3C8811D13EF663ECDF40 * added listing of certificate chain retrieved from the signature in case of verification failure -update to 2.7.0 * fixed signing CAB files (by Michael Brown) * fixed handling of unsupported commands (by Maxim Bagryantsev) * fixed writing DIFAT sectors * added APPX support (by Maciej Panek and Ma\u0142gorzata Olszwka) * added a built-in TSA response generation (-TSA-certs, -TSA-key and -TSA-time options) * added verification of CRLs specified in the signing certificate * added MSI DIFAT sectors support (by Max Bagryantsev) * added the "-h" option to set the cryptographic hash function for the "attach -signature" and "add" commands * set the default hash function to "sha256" * added the "attach-signature" option to compute and compare the leaf certificate hash for the "add" command * renamed the "-st" option "-time" * updated the "-time" option to also set explicit verification time * added the "-ignore-timestamp" option * removed the "-timestamp-expiration" option * numerous bugfixes * documentation updates Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP7: zypper in -t patch openSUSE-2026-116=1 Package List: - openSUSE Backports SLE-15-SP7 (aarch64 i586 ppc64le s390x x86_64): osslsigncode-2.13-bp157.2.3.1 References: https://www.suse.com/security/cve/CVE-2025-70888.html https://bugzilla.suse.com/1260680 . A critical security update for osslsigncode addresses integer overflow and memory corruption issues in openSUSE.. osslsigncode security update, openSUSE critical patch, memory corruption fix. . Severity: Critical. LinuxSecurity.com Team
An update that solves 2 vulnerabilities can now be installed.. # python311-PyPDF2-2.11.1-5.1 on GA media Announcement ID: openSUSE-SU-2026:10284-1 Rating: moderate Cross-References: * CVE-2026-27628 * CVE-2026-27888 CVSS scores: * CVE-2026-27888 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-27888 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N Affected Products: * openSUSE Tumbleweed An update that solves 2 vulnerabilities can now be installed. ## Description: These are all security issues fixed in the python311-PyPDF2-2.11.1-5.1 package on the GA media of openSUSE Tumbleweed. ## Package List: * openSUSE Tumbleweed: * python311-PyPDF2 2.11.1-5.1 * python313-PyPDF2 2.11.1-5.1 ## References: * https://www.suse.com/security/cve/CVE-2026-27628.html * https://www.suse.com/security/cve/CVE-2026-27888.html . Critical update for openSUSE addressing two security issues in python311-PyPDF2, improving system protection.. openSUSE security, python PyPDF2, moderate vulnerabilities. . LinuxSecurity.com Team
An update that solves one vulnerability can now be installed.. # Security update for evolution-data-server Announcement ID: SUSE-SU-2026:0775-1 Release Date: 2026-03-03T13:19:22Z Rating: moderate References: * bsc#1258307 Cross-References: * CVE-2026-2604 CVSS scores: * CVE-2026-2604 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N * CVE-2026-2604 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:L Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Linux Enterprise Workstation Extension 15 SP7 * SUSE Package Hub 15 15-SP7 An update that solves one vulnerability can now be installed. ## Description: This update for evolution-data-server fixes the following issue: * CVE-2026-2604: arbitrary file deletion via inconsistent URI handling (bsc#1258307). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2026-775=1 SUSE-2026-775=1 * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-775=1 * SUSE Linux Enterprise Workstation Extension 15 SP7 zypper in -t patch SUSE-SLE-Product-WE-15-SP7-2026-775=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * typelib-1_0-EBook-1_2-3.50.3-150600.3.9.1 * typelib-1_0-EDataServerUI4-1_0-3.50.3-150600.3.9.1 * libedataserverui4-1_0-0-3.50.3-150600.3.9.1 * libedataserverui-1_2-4-3.50.3-150600.3.9.1 * typelib-1_0-EDataBook-1_2-3.50.3-150600.3.9.1 * typelib-1_0-EDataServerUI-1_2-3.50.3-150600.3.9.1 * typelib-1_0-ECal-2_0-3.50.3-150600.3.9.1 *libebook-1_2-21-debuginfo-3.50.3-150600.3.9.1 * evolution-data-server-debuginfo-3.50.3-150600.3.9.1 * libedata-book-1_2-27-3.50.3-150600.3.9.1 * libcamel-1_2-64-3.50.3-150600.3.9.1 * libedata-cal-2_0-2-debuginfo-3.50.3-150600.3.9.1 * evolution-data-server-devel-3.50.3-150600.3.9.1 * libebook-contacts-1_2-4-3.50.3-150600.3.9.1 * typelib-1_0-Camel-1_2-3.50.3-150600.3.9.1 * libecal-2_0-2-debuginfo-3.50.3-150600.3.9.1 * libebook-contacts-1_2-4-debuginfo-3.50.3-150600.3.9.1 * libebackend-1_2-11-3.50.3-150600.3.9.1 * typelib-1_0-EDataServer-1_2-3.50.3-150600.3.9.1 * libebackend-1_2-11-debuginfo-3.50.3-150600.3.9.1 * libedataserverui-1_2-4-debuginfo-3.50.3-150600.3.9.1 * evolution-data-server-3.50.3-150600.3.9.1 * libedataserver-1_2-27-debuginfo-3.50.3-150600.3.9.1 * libedataserverui4-1_0-0-debuginfo-3.50.3-150600.3.9.1 * libcamel-1_2-64-debuginfo-3.50.3-150600.3.9.1 * libedata-cal-2_0-2-3.50.3-150600.3.9.1 * typelib-1_0-EBackend-1_2-3.50.3-150600.3.9.1 * libecal-2_0-2-3.50.3-150600.3.9.1 * libedata-book-1_2-27-debuginfo-3.50.3-150600.3.9.1 * evolution-data-server-debugsource-3.50.3-150600.3.9.1 * libedataserver-1_2-27-3.50.3-150600.3.9.1 * typelib-1_0-EBookContacts-1_2-3.50.3-150600.3.9.1 * typelib-1_0-EDataCal-2_0-3.50.3-150600.3.9.1 * libebook-1_2-21-3.50.3-150600.3.9.1 * openSUSE Leap 15.6 (noarch) * evolution-data-server-lang-3.50.3-150600.3.9.1 * SUSE Package Hub 15 15-SP7 (aarch64 s390x) * evolution-data-server-3.50.3-150600.3.9.1 * evolution-data-server-devel-3.50.3-150600.3.9.1 * SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x) * typelib-1_0-EBook-1_2-3.50.3-150600.3.9.1 * libedataserverui-1_2-4-3.50.3-150600.3.9.1 * typelib-1_0-EDataBook-1_2-3.50.3-150600.3.9.1 * typelib-1_0-EDataServerUI-1_2-3.50.3-150600.3.9.1 * typelib-1_0-ECal-2_0-3.50.3-150600.3.9.1 * libebook-1_2-21-debuginfo-3.50.3-150600.3.9.1 * evolution-data-server-debuginfo-3.50.3-150600.3.9.1 *libedata-book-1_2-27-3.50.3-150600.3.9.1 * libcamel-1_2-64-3.50.3-150600.3.9.1 * libedata-cal-2_0-2-debuginfo-3.50.3-150600.3.9.1 * libebook-contacts-1_2-4-3.50.3-150600.3.9.1 * typelib-1_0-Camel-1_2-3.50.3-150600.3.9.1 * libecal-2_0-2-debuginfo-3.50.3-150600.3.9.1 * libebook-contacts-1_2-4-debuginfo-3.50.3-150600.3.9.1 * libebackend-1_2-11-3.50.3-150600.3.9.1 * typelib-1_0-EDataServer-1_2-3.50.3-150600.3.9.1 * libebackend-1_2-11-debuginfo-3.50.3-150600.3.9.1 * libedataserverui-1_2-4-debuginfo-3.50.3-150600.3.9.1 * libedataserver-1_2-27-debuginfo-3.50.3-150600.3.9.1 * libcamel-1_2-64-debuginfo-3.50.3-150600.3.9.1 * libedata-cal-2_0-2-3.50.3-150600.3.9.1 * typelib-1_0-EBackend-1_2-3.50.3-150600.3.9.1 * libecal-2_0-2-3.50.3-150600.3.9.1 * libedata-book-1_2-27-debuginfo-3.50.3-150600.3.9.1 * evolution-data-server-debugsource-3.50.3-150600.3.9.1 * libedataserver-1_2-27-3.50.3-150600.3.9.1 * typelib-1_0-EBookContacts-1_2-3.50.3-150600.3.9.1 * typelib-1_0-EDataCal-2_0-3.50.3-150600.3.9.1 * libebook-1_2-21-3.50.3-150600.3.9.1 * SUSE Package Hub 15 15-SP7 (noarch) * evolution-data-server-lang-3.50.3-150600.3.9.1 * SUSE Linux Enterprise Workstation Extension 15 SP7 (x86_64) * typelib-1_0-EBook-1_2-3.50.3-150600.3.9.1 * typelib-1_0-EDataServerUI4-1_0-3.50.3-150600.3.9.1 * libedataserverui4-1_0-0-3.50.3-150600.3.9.1 * libedataserverui-1_2-4-3.50.3-150600.3.9.1 * typelib-1_0-EDataServerUI-1_2-3.50.3-150600.3.9.1 * typelib-1_0-ECal-2_0-3.50.3-150600.3.9.1 * libebook-1_2-21-debuginfo-3.50.3-150600.3.9.1 * evolution-data-server-debuginfo-3.50.3-150600.3.9.1 * libedata-book-1_2-27-3.50.3-150600.3.9.1 * libcamel-1_2-64-3.50.3-150600.3.9.1 * libedata-cal-2_0-2-debuginfo-3.50.3-150600.3.9.1 * evolution-data-server-devel-3.50.3-150600.3.9.1 * libebook-contacts-1_2-4-3.50.3-150600.3.9.1 * typelib-1_0-Camel-1_2-3.50.3-150600.3.9.1 * libecal-2_0-2-debuginfo-3.50.3-150600.3.9.1 *libebook-contacts-1_2-4-debuginfo-3.50.3-150600.3.9.1 * libebackend-1_2-11-3.50.3-150600.3.9.1 * typelib-1_0-EDataServer-1_2-3.50.3-150600.3.9.1 * libebackend-1_2-11-debuginfo-3.50.3-150600.3.9.1 * libedataserverui-1_2-4-debuginfo-3.50.3-150600.3.9.1 * evolution-data-server-3.50.3-150600.3.9.1 * libedataserver-1_2-27-debuginfo-3.50.3-150600.3.9.1 * libedataserverui4-1_0-0-debuginfo-3.50.3-150600.3.9.1 * libcamel-1_2-64-debuginfo-3.50.3-150600.3.9.1 * libedata-cal-2_0-2-3.50.3-150600.3.9.1 * libecal-2_0-2-3.50.3-150600.3.9.1 * libedata-book-1_2-27-debuginfo-3.50.3-150600.3.9.1 * evolution-data-server-debugsource-3.50.3-150600.3.9.1 * libedataserver-1_2-27-3.50.3-150600.3.9.1 * typelib-1_0-EBookContacts-1_2-3.50.3-150600.3.9.1 * libebook-1_2-21-3.50.3-150600.3.9.1 * SUSE Linux Enterprise Workstation Extension 15 SP7 (noarch) * evolution-data-server-lang-3.50.3-150600.3.9.1 ## References: * https://www.suse.com/security/cve/CVE-2026-2604.html * https://bugzilla.suse.com/show_bug.cgi?id=1258307 . Update for evolution-data-server addresses a moderate issue enabling file deletion vulnerabilities on SUSE systems.. evolution-data-server update, SUSE protection, file deletion risk. . LinuxSecurity.com Team
Get the latest Linux and open source security news straight to your inbox.