Chromium, Firefox, Nextcloud, Xen, and more updates for Fedora

Fedora Linux 9388 Published by

Fedora administrators should immediately apply a comprehensive batch of security patches released for both Fedora 43 and Fedora 44 distributions. These updates address numerous high severity vulnerabilities across widely used software including Chromium, Firefox, Nextcloud, Xen hypervisor, and various networking libraries. Developers have resolved critical flaws ranging from authentication bypasses and path traversal exploits to memory corruption issues and command injection risks that could compromise system integrity. Users can quickly install the corrected packages by running the standard DNF upgrade command with the provided advisory identifiers through their terminal.

Fedora 44 Update: nss-3.124.0-1.fc44
Fedora 44 Update: firefox-152.0-1.fc44
Fedora 44 Update: tig-2.6.1-1.fc44
Fedora 44 Update: chromium-149.0.7827.114-1.fc44
Fedora 44 Update: xen-4.21.1-4.fc44
Fedora 44 Update: ldns-1.9.2-1.fc44
Fedora 44 Update: librabbitmq-0.16.0-1.fc44
Fedora 44 Update: vorbis-tools-1.4.3-5.fc44
Fedora 44 Update: bird-3.3.1-1.fc44
Fedora 44 Update: nextcloud-33.0.5-1.fc44
Fedora 44 Update: perl-Protocol-HTTP2-1.13-1.fc44
Fedora 44 Update: openslide-4.0.0-14.fc44
Fedora 43 Update: tig-2.6.1-1.fc43
Fedora 43 Update: bird-3.3.1-1.fc43
Fedora 43 Update: nextcloud-33.0.5-1.fc43
Fedora 43 Update: perl-Protocol-HTTP2-1.13-1.fc43
Fedora 43 Update: openslide-4.0.0-14.fc43
Fedora 43 Update: ack-3.10.0-1.fc43



[SECURITY] Fedora 44 Update: nss-3.124.0-1.fc44


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-5eeadd9b1b
2026-06-17 08:41:51.002555+00:00
--------------------------------------------------------------------------------

Name : nss
Product : Fedora 44
Version : 3.124.0
Release : 1.fc44
URL : http://www.mozilla.org/projects/security/pki/nss/
Summary : Network Security Services
Description :
Network Security Services (NSS) is a set of libraries designed to
support cross-platform development of security-enabled client and
server applications. Applications built with NSS can support SSL v2
and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509
v3 certificates, and other security standards.

--------------------------------------------------------------------------------
Update Information:

Update NSS to 3.124.0
Update Firefox to 152.0
--------------------------------------------------------------------------------
ChangeLog:

* Mon Jun 1 2026 Frantisek Krenzelok [fkrenzel@redhat.com] - 3.124.0-1
- Update NSS to 3.124.0
- Remove libcrmf as it is being deprecated and we don't use it.
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-5eeadd9b1b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 44 Update: firefox-152.0-1.fc44


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-5eeadd9b1b
2026-06-17 08:41:51.002555+00:00
--------------------------------------------------------------------------------

Name : firefox
Product : Fedora 44
Version : 152.0
Release : 1.fc44
URL : https://www.mozilla.org/firefox/
Summary : Mozilla Firefox Web browser
Description :
Mozilla Firefox is an open-source web browser, designed for standards
compliance, performance and portability.

--------------------------------------------------------------------------------
Update Information:

Update NSS to 3.124.0
Update Firefox to 152.0
--------------------------------------------------------------------------------
ChangeLog:

* Thu Jun 11 2026 Martin Stransky [stransky@redhat.com] - 152.0-1
- Update to latest upstream (152.0)
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-5eeadd9b1b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 44 Update: tig-2.6.1-1.fc44


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-5cb64cc909
2026-06-17 08:41:51.002549+00:00
--------------------------------------------------------------------------------

Name : tig
Product : Fedora 44
Version : 2.6.1
Release : 1.fc44
URL : https://jonas.github.io/tig/
Summary : Text-mode interface for the git revision control system
Description :
Tig is a repository browser for the git revision control system that
additionally can act as a pager for output from various git commands.

When browsing repositories, it uses the underlying git commands to present the
user with various views, such as summarized revision log and showing the commit
with the log message, diffstat, and the diff.

Using it as a pager, it will display input from stdin and colorize it.

--------------------------------------------------------------------------------
Update Information:

Fix editor command injection vulnerability (only affectsversion 2.6.0). (#1432)
https://github.com/jonas/tig/issues/1432
--------------------------------------------------------------------------------
ChangeLog:

* Mon Jun 15 2026 Steve Traylen [steve.traylen@cern.ch] - 2.6.1-1
- Update to v2.6.1
- Resolves: rhbz#2488692
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-5cb64cc909' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 44 Update: chromium-149.0.7827.114-1.fc44


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-59f46c195f
2026-06-17 08:41:51.002543+00:00
--------------------------------------------------------------------------------

Name : chromium
Product : Fedora 44
Version : 149.0.7827.114
Release : 1.fc44
URL : http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).

--------------------------------------------------------------------------------
Update Information:

Update to 149.0.7827.114
CVE-2026-12007: Use after free Core
CVE-2026-12008: Use after free DigitalCredentials
CVE-2026-12009: Insufficient validation of untrusted input Accessibility
CVE-2026-12010: Heap buffer overflow GPU
CVE-2026-12011: Use after free WebMIDI
CVE-2026-12012: Use after free Network
CVE-2026-12013: Use after free Media
CVE-2026-12014: Use after free Cast
CVE-2026-12015: Use after free Autofill
CVE-2026-12016: Insufficient validation of untrusted input DevTools
CVE-2026-12017: Insufficient validation of untrusted input Extensions
CVE-2026-12018: Inappropriate implementation Mojo
CVE-2026-12019: Out of bounds write Codecs
CVE-2026-12020: Use after free Autofill
CVE-2026-12022: Race Safe Browsing
CVE-2026-12023: Use after free GPU
CVE-2026-12024: Insufficient policy enforcement DevTools
CVE-2026-12025: Insufficient validation of untrusted input Network
CVE-2026-12026: Out of bounds read Video
CVE-2026-12027: Insufficient policy enforcement Headless
CVE-2026-12028: Use after free GPU
CVE-2026-12029: Use after free Video
CVE-2026-12030: Heap buffer overflow GPU
CVE-2026-12031: Inappropriate implementation Views
CVE-2026-12032: Inappropriate implementation Passwords
CVE-2026-12033: Out of bounds read VideoCapture
CVE-2026-12034: Insufficient validation of untrusted input Linux Toolkit
Theming
CVE-2026-12035: Use after free Views
Disable AI Mode settings
--------------------------------------------------------------------------------
ChangeLog:

* Fri Jun 12 2026 Than Ngo [than@redhat.com] - 149.0.7827.114-1
- Update to 149.0.7827.114
* CVE-2026-12007: Use after free Core
* CVE-2026-12008: Use after free DigitalCredentials
* CVE-2026-12009: Insufficient validation of untrusted input Accessibility
* CVE-2026-12010: Heap buffer overflow GPU
* CVE-2026-12011: Use after free WebMIDI
* CVE-2026-12012: Use after free Network
* CVE-2026-12013: Use after free Media
* CVE-2026-12014: Use after free Cast
* CVE-2026-12015: Use after free Autofill
* CVE-2026-12016: Insufficient validation of untrusted input DevTools
* CVE-2026-12017: Insufficient validation of untrusted input Extensions
* CVE-2026-12018: Inappropriate implementation Mojo
* CVE-2026-12019: Out of bounds write Codecs
* CVE-2026-12020: Use after free Autofill
* CVE-2026-12022: Race Safe Browsing
* CVE-2026-12023: Use after free GPU
* CVE-2026-12024: Insufficient policy enforcement DevTools
* CVE-2026-12025: Insufficient validation of untrusted input Network
* CVE-2026-12026: Out of bounds read Video
* CVE-2026-12027: Insufficient policy enforcement Headless
* CVE-2026-12028: Use after free GPU
* CVE-2026-12029: Use after free Video
* CVE-2026-12030: Heap buffer overflow GPU
* CVE-2026-12031: Inappropriate implementation Views
* CVE-2026-12032: Inappropriate implementation Passwords
* CVE-2026-12033: Out of bounds read VideoCapture
* CVE-2026-12034: Insufficient validation of untrusted input Linux Toolkit Theming
* CVE-2026-12035: Use after free Views
- Disable AI Mode settings
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-59f46c195f' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 44 Update: xen-4.21.1-4.fc44


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-24b84f97af
2026-06-17 08:41:51.002515+00:00
--------------------------------------------------------------------------------

Name : xen
Product : Fedora 44
Version : 4.21.1
Release : 4.fc44
URL : http://xen.org/
Summary : Xen is a virtual machine monitor
Description :
This package contains the XenD daemon and xm command line
tools, needed to manage virtual machines running under the
Xen hypervisor

--------------------------------------------------------------------------------
Update Information:

x86 HVM I/O port list traversal [XSA-491, CVE-2026-42487]
domctl lock open to abuse [XSA-492, CVE-2026-42489, CVE-2026-42490]
Arm: Completion of memory accesses not guaranteed by completion of a TLBI
[XSA-493, CVE-2025-10263]
x86: mismatched mapcache metadata [XSA-494, CVE-2026-42488]
--------------------------------------------------------------------------------
ChangeLog:

* Fri Jun 12 2026 Michael Young [m.a.young@durham.ac.uk] - 4.21.1-4
- x86 HVM I/O port list traversal [XSA-491, CVE-2026-42487]
- domctl lock open to abuse [XSA-492, CVE-2026-42489, CVE-2026-42490]
- Arm: Completion of memory accesses not guaranteed by completion of a TLBI
[XSA-493, CVE-2025-10263]
- x86: mismatched mapcache metadata [XSA-494, CVE-2026-42488]
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-24b84f97af' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 44 Update: ldns-1.9.2-1.fc44


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-1c6479b257
2026-06-17 08:41:51.002489+00:00
--------------------------------------------------------------------------------

Name : ldns
Product : Fedora 44
Version : 1.9.2
Release : 1.fc44
URL : https://www.nlnetlabs.nl/ldns/
Summary : Low-level DNS(SEC) library with API
Description :
ldns is a library with the aim to simplify DNS programming in C. All
low-level DNS/DNSSEC operations are supported. We also define a higher
level API which allows a programmer to (for instance) create or sign
packets.

--------------------------------------------------------------------------------
Update Information:

Update to 1.9.2 for CVE-2026-10846
--------------------------------------------------------------------------------
ChangeLog:

* Thu Jun 11 2026 Paul Wouters [paul.wouters@aiven.io] - 1.9.2-1
- Update to 1.9.2 for CVE-2026-10846 (re-release upstream)
* Wed Jun 10 2026 Paul Wouters [paul.wouters@aiven.io] - 1.9.0-8
- Fix for CVE-2026-10846
* Wed Jun 3 2026 Python Maint - 1.9.0-3
- Rebuilt for Python 3.15
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-1c6479b257' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 44 Update: librabbitmq-0.16.0-1.fc44


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-7174ee9a91
2026-06-17 08:41:51.002473+00:00
--------------------------------------------------------------------------------

Name : librabbitmq
Product : Fedora 44
Version : 0.16.0
Release : 1.fc44
URL : https://github.com/alanxz/rabbitmq-c
Summary : Client library for AMQP
Description :
This is a C-language AMQP client library for use with AMQP servers
speaking protocol versions 0-9-1.

--------------------------------------------------------------------------------
Update Information:

Version 0.16.0 - 2026-06-08
Security
Fix out-of-bounds read via undersized frames in amqp_handle_input
(GHSA-9mmv-r8g3-qp46, #878)
Fix client crash when server negotiates frame_max below the AMQP protocol
minimum (GHSA-jh48-qjf5-fx5v)
Added
Add amqp_bytes_from_buffer macro to create amqp_bytes_t from an arbitrary byte
buffer with explicit length (#856, #866)
Fixed
Fix NULL pointer dereferences on allocation failure in tools/publish.c (#860,
#861)
Fix NULL pointer dereference in tools/consume.c stringify_bytes() on allocation
failure (#858)
Fix file stream leak in tools/common.c read_authfile() (#859)
Fix handling of absolute CMAKE_INSTALL_INCLUDEDIR in exported CMake targets
(#849)
Changed
amqp_literal_bytes macro now uses an explicit (void *) cast (#853)
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jun 10 2026 Remi Collet [remi@remirepo.net] - 0.16.0-1
- update to 0.16.0
- re-license spec file to CECILL-2.1
- spec file cleanup
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-7174ee9a91' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 44 Update: vorbis-tools-1.4.3-5.fc44


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-884a9f0fc3
2026-06-17 08:41:51.002462+00:00
--------------------------------------------------------------------------------

Name : vorbis-tools
Product : Fedora 44
Version : 1.4.3
Release : 5.fc44
URL : https://www.xiph.org/
Summary : The Vorbis General Audio Compression Codec tools
Description :
Ogg Vorbis is a fully open, non-proprietary, patent- and royalty-free,
general-purpose compressed audio format for audio and music at fixed
and variable bitrates from 16 to 128 kbps/channel.

The vorbis package contains an encoder, a decoder, a playback tool, and a
comment editor.

--------------------------------------------------------------------------------
Update Information:

CVE-2026-34253 - fix arbitrary code execution via buffer underflow
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jun 9 2026 Luk???? Zaoral [lzaoral@redhat.com] - 1:1.4.3-5
- CVE-2026-34253 - fix arbitrary code execution via buffer underflow (rhbz#2479549)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2479549 - CVE-2026-34253 vorbis-tools: vorbis-tools ogg123: Arbitrary code execution via buffer underflow in remote control functionality [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2479549
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-884a9f0fc3' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------



[SECURITY] Fedora 44 Update: bird-3.3.1-1.fc44


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-8f225adf49
2026-06-17 08:41:51.002471+00:00
--------------------------------------------------------------------------------

Name : bird
Product : Fedora 44
Version : 3.3.1
Release : 1.fc44
URL : https://bird.nic.cz/
Summary : BIRD Internet Routing Daemon
Description :
BIRD is a dynamic IP routing daemon supporting both, IPv4 and IPv6, Border
Gateway Protocol (BGPv4), Routing Information Protocol (RIPv2, RIPng), Open
Shortest Path First protocol (OSPFv2, OSPFv3), Babel Routing Protocol (Babel),
Bidirectional Forwarding Detection (BFD), IPv6 router advertisements, static
routes, inter-table protocol, command-line interface allowing on-line control
and inspection of the status of the daemon, soft reconfiguration as well as a
powerful language for route filtering.

--------------------------------------------------------------------------------
Update Information:

BIRD 3.3.1 (2026-06-09)
BGP: Fix crash when incoming connection for disabled protocol arrives
BGP: Fix parsing labelled NLRIs with no next hop
BGP: Fix cork behavior in collision with graceful restart
BGP: Fix crash on dumping pending export statistics
BGP: Fix several issues in Flowspec handling
BMP/Nest: No refeed after listener or protocol restart
MPLS: Fix crash on reconfiguring CS_DOWN channel
OSPF: Fix handling of LLS data length field
OSPF: Fix OOB read in authentication check
OSPF: Fix OOB read in Router-LSA validation
Proto: Fix regression in protocol enabling
Channel: Fix refeeds and reloads during graceful restart
Export: Mitigate duplicate withdrawals
Filters: Fix crash when setting gateway on recursive nexthops
Filters: Fix path matching when AS path is too long
Table: Fix RCU double-anchor
Table: Propagate thread group config into aux
RCU: Catch leaks sooner
See also: https://trubka.network.cz/pipermail/bird-users/2026-June/018790.html
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jun 10 2026 Robert Scheck [robert@fedoraproject.org] - 3.3.1-1
- Upgrade to 3.3.1 (#2487252)
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-8f225adf49' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 44 Update: nextcloud-33.0.5-1.fc44


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-86fab2703b
2026-06-17 08:41:51.002424+00:00
--------------------------------------------------------------------------------

Name : nextcloud
Product : Fedora 44
Version : 33.0.5
Release : 1.fc44
URL : http://nextcloud.com
Summary : Private file sync and share server
Description :
NextCloud gives you universal access to your files through a web interface or
WebDAV. It also provides a platform to easily view & sync your contacts,
calendars and bookmarks across all your devices and enables basic editing right
on the web. NextCloud is extendable via a simple but powerful API for
applications and plugins.

--------------------------------------------------------------------------------
Update Information:

33.0.5 Release
--------------------------------------------------------------------------------
ChangeLog:

* Mon Jun 8 2026 Andrew Bauer [zonexpertconsulting@outlook.com] - 33.0.5-1
- 33.0.5 Release
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2483840 - CVE-2026-45690 nextcloud: Nextcloud Server: Authentication bypass allows unauthorized access by circumventing two-factor authentication. [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2483840
[ 2 ] Bug #2483841 - CVE-2026-45690 nextcloud: Nextcloud Server: Authentication bypass allows unauthorized access by circumventing two-factor authentication. [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2483841
[ 3 ] Bug #2483842 - CVE-2026-45810 nextcloud: Nextcloud Server: Information disclosure via missing relation check in file comments [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2483842
[ 4 ] Bug #2483843 - CVE-2026-45285 nextcloud: Nextcloud: Unauthorized data access and modification via unlisted public links [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2483843
[ 5 ] Bug #2483844 - CVE-2026-45691 nextcloud: Nextcloud Server: Two-factor authentication bypass via session cookie reuse [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2483844
[ 6 ] Bug #2483845 - CVE-2026-45279 nextcloud: Nextcloud Server: Path traversal vulnerability allows unauthorized file copying [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2483845
[ 7 ] Bug #2483846 - CVE-2026-45810 nextcloud: Nextcloud Server: Information disclosure via missing relation check in file comments [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2483846
[ 8 ] Bug #2483847 - CVE-2026-45281 nextcloud: Nextcloud Server: Authenticated users can gain full calendar access due to improper authorization. [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2483847
[ 9 ] Bug #2483848 - CVE-2026-45281 nextcloud: Nextcloud Server: Authenticated users can gain full calendar access due to improper authorization. [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2483848
[ 10 ] Bug #2483849 - CVE-2026-45285 nextcloud: Nextcloud: Unauthorized data access and modification via unlisted public links [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2483849
[ 11 ] Bug #2483850 - CVE-2026-45279 nextcloud: Nextcloud Server: Path traversal vulnerability allows unauthorized file copying [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2483850
[ 12 ] Bug #2483851 - CVE-2026-45691 nextcloud: Nextcloud Server: Two-factor authentication bypass via session cookie reuse [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2483851
[ 13 ] Bug #2484167 - CVE-2026-45155 nextcloud: Nextcloud Server: Information disclosure due to missing API access check [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2484167
[ 14 ] Bug #2484168 - CVE-2026-45157 nextcloud: Nextcloud Server: Information disclosure via file share token [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2484168
[ 15 ] Bug #2484169 - CVE-2026-45155 nextcloud: Nextcloud Server: Information disclosure due to missing API access check [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2484169
[ 16 ] Bug #2484170 - CVE-2026-45283 nextcloud: Nextcloud Server: Unauthorized file modification and denial of service via improper WebDAV handling [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2484170
[ 17 ] Bug #2484171 - CVE-2026-45157 nextcloud: Nextcloud Server: Information disclosure via file share token [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2484171
[ 18 ] Bug #2484172 - CVE-2026-45283 nextcloud: Nextcloud Server: Unauthorized file modification and denial of service via improper WebDAV handling [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2484172
[ 19 ] Bug #2484572 - CVE-2026-45282 nextcloud: Nextcloud Server: Information disclosure via circumventing link share protections [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2484572
[ 20 ] Bug #2484573 - CVE-2026-45282 nextcloud: Nextcloud Server: Information disclosure via circumventing link share protections [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2484573
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-86fab2703b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 44 Update: perl-Protocol-HTTP2-1.13-1.fc44


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-12765c0719
2026-06-17 08:41:51.002407+00:00
--------------------------------------------------------------------------------

Name : perl-Protocol-HTTP2
Product : Fedora 44
Version : 1.13
Release : 1.fc44
URL : https://metacpan.org/release/Protocol-HTTP2
Summary : HTTP/2 protocol implementation (RFC 7540)
Description :
Protocol::HTTP2 is Perl HTTP/2 protocol implementation (RFC 7540) with
stateful decoders/encoders of HTTP/2 frames. You may use this module to
implement your own HTTP/2 client/server/intermediate on top of your favorite
event loop over plain or TLS socket.

--------------------------------------------------------------------------------
Update Information:

This release fixes CVE-2026-10725 (exhausting memory when decompressing request
headers). It also improves examples.
--------------------------------------------------------------------------------
ChangeLog:

* Mon Jun 8 2026 Petr Pisar [ppisar@redhat.com] - 1.13-1
- 1.13 bump
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2485660 - CVE-2026-10725 Protocol::HTTP2: Protocol::HTTP2: Denial of Service via HTTP/2 Bomb
https://bugzilla.redhat.com/show_bug.cgi?id=2485660
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-12765c0719' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 44 Update: openslide-4.0.0-14.fc44


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-e31dda6e44
2026-06-17 08:41:51.002387+00:00
--------------------------------------------------------------------------------

Name : openslide
Product : Fedora 44
Version : 4.0.0
Release : 14.fc44
URL : https://openslide.org/
Summary : C library for reading virtual slides
Description :
The OpenSlide library allows programs to access virtual slide files
regardless of the underlying image format.

--------------------------------------------------------------------------------
Update Information:

Fix arbitrary memory write with crafted Ventana BIF file (CVE-2026-48977).
--------------------------------------------------------------------------------
ChangeLog:

* Sun Jun 7 2026 Benjamin Gilbert [bgilbert@backtick.net] - 4.0.0-14
- Fix CVE-2026-48977
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-e31dda6e44' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 43 Update: tig-2.6.1-1.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-28df92c223
2026-06-17 08:24:34.389310+00:00
--------------------------------------------------------------------------------

Name : tig
Product : Fedora 43
Version : 2.6.1
Release : 1.fc43
URL : https://jonas.github.io/tig/
Summary : Text-mode interface for the git revision control system
Description :
Tig is a repository browser for the git revision control system that
additionally can act as a pager for output from various git commands.

When browsing repositories, it uses the underlying git commands to present the
user with various views, such as summarized revision log and showing the commit
with the log message, diffstat, and the diff.

Using it as a pager, it will display input from stdin and colorize it.

--------------------------------------------------------------------------------
Update Information:

Fix editor command injection vulnerability (only affectsversion 2.6.0). (#1432)
https://github.com/jonas/tig/issues/1432
--------------------------------------------------------------------------------
ChangeLog:

* Mon Jun 15 2026 Steve Traylen [steve.traylen@cern.ch] - 2.6.1-1
- Update to v2.6.1
- Resolves: rhbz#2488692
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-28df92c223' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 43 Update: bird-3.3.1-1.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-564680920c
2026-06-17 08:24:34.389300+00:00
--------------------------------------------------------------------------------

Name : bird
Product : Fedora 43
Version : 3.3.1
Release : 1.fc43
URL : https://bird.nic.cz/
Summary : BIRD Internet Routing Daemon
Description :
BIRD is a dynamic IP routing daemon supporting both, IPv4 and IPv6, Border
Gateway Protocol (BGPv4), Routing Information Protocol (RIPv2, RIPng), Open
Shortest Path First protocol (OSPFv2, OSPFv3), Babel Routing Protocol (Babel),
Bidirectional Forwarding Detection (BFD), IPv6 router advertisements, static
routes, inter-table protocol, command-line interface allowing on-line control
and inspection of the status of the daemon, soft reconfiguration as well as a
powerful language for route filtering.

--------------------------------------------------------------------------------
Update Information:

BIRD 3.3.1 (2026-06-09)
BGP: Fix crash when incoming connection for disabled protocol arrives
BGP: Fix parsing labelled NLRIs with no next hop
BGP: Fix cork behavior in collision with graceful restart
BGP: Fix crash on dumping pending export statistics
BGP: Fix several issues in Flowspec handling
BMP/Nest: No refeed after listener or protocol restart
MPLS: Fix crash on reconfiguring CS_DOWN channel
OSPF: Fix handling of LLS data length field
OSPF: Fix OOB read in authentication check
OSPF: Fix OOB read in Router-LSA validation
Proto: Fix regression in protocol enabling
Channel: Fix refeeds and reloads during graceful restart
Export: Mitigate duplicate withdrawals
Filters: Fix crash when setting gateway on recursive nexthops
Filters: Fix path matching when AS path is too long
Table: Fix RCU double-anchor
Table: Propagate thread group config into aux
RCU: Catch leaks sooner
See also: https://trubka.network.cz/pipermail/bird-users/2026-June/018790.html
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jun 10 2026 Robert Scheck [robert@fedoraproject.org] - 3.3.1-1
- Upgrade to 3.3.1 (#2487252)
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-564680920c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 43 Update: nextcloud-33.0.5-1.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-cb3feafe41
2026-06-17 08:24:34.389285+00:00
--------------------------------------------------------------------------------

Name : nextcloud
Product : Fedora 43
Version : 33.0.5
Release : 1.fc43
URL : http://nextcloud.com
Summary : Private file sync and share server
Description :
NextCloud gives you universal access to your files through a web interface or
WebDAV. It also provides a platform to easily view & sync your contacts,
calendars and bookmarks across all your devices and enables basic editing right
on the web. NextCloud is extendable via a simple but powerful API for
applications and plugins.

--------------------------------------------------------------------------------
Update Information:

33.0.5 Release
--------------------------------------------------------------------------------
ChangeLog:

* Mon Jun 8 2026 Andrew Bauer [zonexpertconsulting@outlook.com] - 33.0.5-1
- 33.0.5 Release
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2483840 - CVE-2026-45690 nextcloud: Nextcloud Server: Authentication bypass allows unauthorized access by circumventing two-factor authentication. [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2483840
[ 2 ] Bug #2483841 - CVE-2026-45690 nextcloud: Nextcloud Server: Authentication bypass allows unauthorized access by circumventing two-factor authentication. [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2483841
[ 3 ] Bug #2483842 - CVE-2026-45810 nextcloud: Nextcloud Server: Information disclosure via missing relation check in file comments [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2483842
[ 4 ] Bug #2483843 - CVE-2026-45285 nextcloud: Nextcloud: Unauthorized data access and modification via unlisted public links [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2483843
[ 5 ] Bug #2483844 - CVE-2026-45691 nextcloud: Nextcloud Server: Two-factor authentication bypass via session cookie reuse [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2483844
[ 6 ] Bug #2483845 - CVE-2026-45279 nextcloud: Nextcloud Server: Path traversal vulnerability allows unauthorized file copying [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2483845
[ 7 ] Bug #2483846 - CVE-2026-45810 nextcloud: Nextcloud Server: Information disclosure via missing relation check in file comments [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2483846
[ 8 ] Bug #2483847 - CVE-2026-45281 nextcloud: Nextcloud Server: Authenticated users can gain full calendar access due to improper authorization. [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2483847
[ 9 ] Bug #2483848 - CVE-2026-45281 nextcloud: Nextcloud Server: Authenticated users can gain full calendar access due to improper authorization. [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2483848
[ 10 ] Bug #2483849 - CVE-2026-45285 nextcloud: Nextcloud: Unauthorized data access and modification via unlisted public links [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2483849
[ 11 ] Bug #2483850 - CVE-2026-45279 nextcloud: Nextcloud Server: Path traversal vulnerability allows unauthorized file copying [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2483850
[ 12 ] Bug #2483851 - CVE-2026-45691 nextcloud: Nextcloud Server: Two-factor authentication bypass via session cookie reuse [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2483851
[ 13 ] Bug #2484167 - CVE-2026-45155 nextcloud: Nextcloud Server: Information disclosure due to missing API access check [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2484167
[ 14 ] Bug #2484168 - CVE-2026-45157 nextcloud: Nextcloud Server: Information disclosure via file share token [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2484168
[ 15 ] Bug #2484169 - CVE-2026-45155 nextcloud: Nextcloud Server: Information disclosure due to missing API access check [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2484169
[ 16 ] Bug #2484170 - CVE-2026-45283 nextcloud: Nextcloud Server: Unauthorized file modification and denial of service via improper WebDAV handling [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2484170
[ 17 ] Bug #2484171 - CVE-2026-45157 nextcloud: Nextcloud Server: Information disclosure via file share token [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2484171
[ 18 ] Bug #2484172 - CVE-2026-45283 nextcloud: Nextcloud Server: Unauthorized file modification and denial of service via improper WebDAV handling [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2484172
[ 19 ] Bug #2484572 - CVE-2026-45282 nextcloud: Nextcloud Server: Information disclosure via circumventing link share protections [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2484572
[ 20 ] Bug #2484573 - CVE-2026-45282 nextcloud: Nextcloud Server: Information disclosure via circumventing link share protections [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2484573
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-cb3feafe41' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 43 Update: perl-Protocol-HTTP2-1.13-1.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-4c8da3ad64
2026-06-17 08:24:34.389275+00:00
--------------------------------------------------------------------------------

Name : perl-Protocol-HTTP2
Product : Fedora 43
Version : 1.13
Release : 1.fc43
URL : https://metacpan.org/release/Protocol-HTTP2
Summary : HTTP/2 protocol implementation (RFC 7540)
Description :
Protocol::HTTP2 is Perl HTTP/2 protocol implementation (RFC 7540) with
stateful decoders/encoders of HTTP/2 frames. You may use this module to
implement your own HTTP/2 client/server/intermediate on top of your favorite
event loop over plain or TLS socket.

--------------------------------------------------------------------------------
Update Information:

This release fixes CVE-2026-10725 (exhausting memory when decompressing request
headers). It also improves examples.
--------------------------------------------------------------------------------
ChangeLog:

* Mon Jun 8 2026 Petr Pisar [ppisar@redhat.com] - 1.13-1
- 1.13 bump
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2485660 - CVE-2026-10725 Protocol::HTTP2: Protocol::HTTP2: Denial of Service via HTTP/2 Bomb
https://bugzilla.redhat.com/show_bug.cgi?id=2485660
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-4c8da3ad64' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 43 Update: openslide-4.0.0-14.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-3c93ea23b5
2026-06-17 08:24:34.389260+00:00
--------------------------------------------------------------------------------

Name : openslide
Product : Fedora 43
Version : 4.0.0
Release : 14.fc43
URL : https://openslide.org/
Summary : C library for reading virtual slides
Description :
The OpenSlide library allows programs to access virtual slide files
regardless of the underlying image format.

--------------------------------------------------------------------------------
Update Information:

Fix arbitrary memory write with crafted Ventana BIF file (CVE-2026-48977).
--------------------------------------------------------------------------------
ChangeLog:

* Sun Jun 7 2026 Benjamin Gilbert [bgilbert@backtick.net] - 4.0.0-14
- Fix CVE-2026-48977
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-3c93ea23b5' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 43 Update: ack-3.10.0-1.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-45190a3b6b
2026-06-17 08:24:34.389254+00:00
--------------------------------------------------------------------------------

Name : ack
Product : Fedora 43
Version : 3.10.0
Release : 1.fc43
URL : http://beyondgrep.com/
Summary : A Grep-like source code search tool
Description :
Ack is a grep-like search tool designed for use with large heterogeneous
trees of source code. It searchs recursively and ignores common version
control directories.

--------------------------------------------------------------------------------
Update Information:

Update to version 3.10.0
--------------------------------------------------------------------------------
ChangeLog:

* Sun Jun 7 2026 Bill Pemberton [wfp5p@worldbroken.com] - 3.10.0-1
- Update to version 3.10.0
* Fri Jan 16 2026 Fedora Release Engineering [releng@fedoraproject.org] - 3.9.0-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
* Fri Jan 16 2026 Fedora Release Engineering [releng@fedoraproject.org] - 3.9.0-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2486102 - ack-3.10.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2486102
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-45190a3b6b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new


LibreOffice, Nginx, Firefox ESR, and Atril updates for Debian

Kernel, Firefox, OpenShift, and Core Packages updates for RHEL

Windows

Linux

macOS

Community

  • Lexonight
    Hey everyone,Wanted to share a project I've been b ...
  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...