Fedora alert FEDORA-2026-0bced5158d (cef)
| From: | updates--- via package-announce <package-announce@lists.fedoraproject.org> | |
| To: | package-announce@lists.fedoraproject.org | |
| Subject: | [SECURITY] Fedora 43 Update: cef-145.0.25^chromium145.0.7632.75-4.fc43 | |
| Date: | Mon, 02 Mar 2026 00:42:42 +0000 | |
| Message-ID: | <20260302004242.9C358793AC@bastion01.rdu3.fedoraproject.org> | |
| Archive-link: | Article |
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-0bced5158d 2026-03-02 00:40:42.980478+00:00 -------------------------------------------------------------------------------- Name : cef Product : Fedora 43 Version : 145.0.25^chromium145.0.7632.75 Release : 4.fc43 URL : https://bitbucket.org/chromiumembedded/cef Summary : Chromium Embedded Framework Description : CEF is an embeddable build of Chromium, powered by WebKit (Blink). -------------------------------------------------------------------------------- Update Information: Update to cef-145.0.25 + chromium 145.0.7632.75 CVE-2026-1861: Heap buffer overflow in libvpx CVE-2026-1862: Type Confusion in V8 CVE-2026-2313: Use after free in CSS CVE-2026-2314: Heap buffer overflow in Codecs CVE-2026-2315: Inappropriate implementation in WebGPU CVE-2026-2316: Insufficient policy enforcement in Frames CVE-2026-2317: Inappropriate implementation in Animation CVE-2026-2318: Inappropriate implementation in PictureInPicture CVE-2026-2319: Race in DevTools CVE-2026-2320: Inappropriate implementation in File input CVE-2026-2321: Use after free in Ozone CVE-2026-2322: Inappropriate implementation in File input CVE-2026-2323: Inappropriate implementation in Downloads CVE-2026-2441: Use after free in CSS -------------------------------------------------------------------------------- ChangeLog: * Fri Feb 20 2026 Than Ngo <than@redhat.com> - 145.0.25^chromium145.0.7632.75-1 - Update to 145.0.7632.75 - * CVE-2026-2441: Use after free in CSS - Fix FTFS on aarch64/ppc64le caused by missing include file (el9) - Enable rustc_nightly_capability * Fri Feb 20 2026 Than Ngo <than@redhat.com> - 145.0.25^chromium145.0.7632.45-1 - Update to 145.0.7632.45 - * CVE-2026-2313: Use after free in CSS - * CVE-2026-2314: Heap buffer overflow in Codecs - * CVE-2026-2315: Inappropriate implementation in WebGPU - * CVE-2026-2316: Insufficient policy enforcement in Frames - * CVE-2026-2317: Inappropriate implementation in Animation - * CVE-2026-2318: Inappropriate implementation in PictureInPicture - * CVE-2026-2319: Race in DevTools - * CVE-2026-2320: Inappropriate implementation in File input - * CVE-2026-2321: Use after free in Ozone - * CVE-2026-2322: Inappropriate implementation in File input - * CVE-2026-2323: Inappropriate implementation in Downloads - Hoshino Lina: Update to cef-145.0.25+g265860d * Fri Feb 20 2026 Than Ngo <than@redhat.com> - 144.0.11^chromium144.0.7559.132-1 - Update to 144.0.7559.132 - * CVE-2026-1861: Heap buffer overflow in libvpx - * CVE-2026-1862: Type Confusion in V8 - Add BR on esbuild - Disable devtool bundle - Update scripts for downloading the source -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-0bced5158d' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgr... All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-cond... List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-ann... Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new