Fedora 44 Update: chromium-149.0.7827.196-1.fc44
Fedora 44 Update: thunderbird-152.0-1.fc44
Fedora 44 Update: pacemaker-3.0.2-3.fc44
Fedora 44 Update: tinyproxy-1.11.2-8.fc44
Fedora 44 Update: docker-buildx-0.35.0-1.fc44
Fedora 44 Update: docker-buildkit-0.31.0-1.fc44
Fedora 44 Update: lighttpd-1.4.84-1.fc44
Fedora 44 Update: nginx-mod-vts-0.2.4-11.fc44
Fedora 44 Update: nginx-mod-modsecurity-1.0.4-12.fc44
Fedora 44 Update: nginx-1.30.3-1.fc44
Fedora 44 Update: nginx-mod-naxsi-1.6-19.fc44
Fedora 44 Update: nginx-mod-headers-more-0.39-11.fc44
Fedora 44 Update: nginx-mod-fancyindex-0.6.0-6.fc44
Fedora 44 Update: nginx-mod-js-challenge-0^20230517.gitda6852d-9.fc44
Fedora 44 Update: nginx-mod-brotli-1.0.0~rc-11.fc44
Fedora 44 Update: openbao-2.5.5-1.fc44
Fedora 44 Update: python-postorius-1.3.13-1.fc44
Fedora 44 Update: liferea-1.16.12-1.fc44
Fedora 43 Update: tinyproxy-1.11.2-8.fc43
Fedora 43 Update: docker-buildx-0.35.0-1.fc43
Fedora 43 Update: docker-buildkit-0.31.0-1.fc43
Fedora 43 Update: tigervnc-1.16.2-4.fc43
Fedora 43 Update: lighttpd-1.4.84-1.fc43
Fedora 43 Update: pacemaker-3.0.2-3.fc43
Fedora 43 Update: nginx-mod-headers-more-0.39-11.fc43
Fedora 43 Update: nginx-mod-vts-0.2.4-11.fc43
Fedora 43 Update: nginx-mod-fancyindex-0.6.0-6.fc43
Fedora 43 Update: nginx-mod-brotli-1.0.0~rc-11.fc43
Fedora 43 Update: nginx-1.30.3-1.fc43
Fedora 43 Update: nginx-mod-naxsi-1.6-19.fc43
Fedora 43 Update: nginx-mod-modsecurity-1.0.4-12.fc43
Fedora 43 Update: openbao-2.5.5-1.fc43
Fedora 43 Update: python-postorius-1.3.13-1.fc43
Fedora 43 Update: python-jupyter-server-2.19.0-2.fc43
Fedora 43 Update: util-linux-2.41.5-1.fc43
Fedora 43 Update: ldns-1.9.2-1.fc43
[SECURITY] Fedora 44 Update: chromium-149.0.7827.196-1.fc44
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-504709cab7
2026-06-27 01:10:00.374925+00:00
--------------------------------------------------------------------------------
Name : chromium
Product : Fedora 44
Version : 149.0.7827.196
Release : 1.fc44
URL : http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).
--------------------------------------------------------------------------------
Update Information:
chromium-149.0.7827.196 security release
* CVE-2026-13028: Use after free in WebGL
* CVE-2026-13032: Use after free in WebGL
* CVE-2026-13033: Out of bounds read in Blink>InterestGroups
* CVE-2026-13038: Use after free in Autofill
* CVE-2026-13021: Inappropriate implementation in
DeviceBoundSessionCredentials
* CVE-2026-13022: Inappropriate implementation in Autofill
* CVE-2026-13023: Uninitialized Use in GPU
* CVE-2026-13024: Insufficient validation of untrusted input in Navigation
* CVE-2026-13025: Insufficient validation of untrusted input in DevTools
* CVE-2026-13026: Use after free in Digital Credentials
* CVE-2026-13027: Use after free in FileSystem
* CVE-2026-13029: Use after free in Web Authentication
* CVE-2026-13030: Uninitialized Use in GPU
* CVE-2026-13031: Use after free in Blink
* CVE-2026-13034: Inappropriate implementation in Passwords
* CVE-2026-13035: Use after free in Bluetooth
* CVE-2026-13036: Use after free in Blink
* CVE-2026-13037: Use after free in WebView
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 24 2026 Than Ngo [than@redhat.com] - 149.0.7827.196-1
- Update to 149.0.7827.196
- Upstream patch, Make dark mode apply filter to images irrespective of layout zoom
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-504709cab7' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 44 Update: thunderbird-152.0-1.fc44
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-cda0c20ce0
2026-06-27 01:10:00.374915+00:00
--------------------------------------------------------------------------------
Name : thunderbird
Product : Fedora 44
Version : 152.0
Release : 1.fc44
URL : http://www.mozilla.org/projects/thunderbird/
Summary : Mozilla Thunderbird mail/newsgroup client
Description :
Mozilla Thunderbird is a standalone mail and newsgroup client.
--------------------------------------------------------------------------------
Update Information:
Update to latest upstream version
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jun 23 2026 Jan Horak [jhorak@redhat.com] - 152.0-1
- Update to 152.0
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-cda0c20ce0' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 44 Update: pacemaker-3.0.2-3.fc44
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-2c31df81dc
2026-06-27 01:10:00.374904+00:00
--------------------------------------------------------------------------------
Name : pacemaker
Product : Fedora 44
Version : 3.0.2
Release : 3.fc44
URL : https://www.clusterlabs.org/
Summary : Scalable High-Availability cluster resource manager
Description :
Pacemaker is an advanced, scalable High-Availability cluster resource
manager.
It supports more than 16 node clusters with significant capabilities
for managing resources and dependencies.
It will run scripts at initialization, when machines go up or down,
when related resources fail and can be configured to periodically check
resource health.
Available rpmbuild rebuild options:
--with(out) : cibsecrets hardening linuxha nls pre_release profiling
--------------------------------------------------------------------------------
Update Information:
* Wed Jun 17 2026 Klaus Wenninger [klaus.wenninger@aon.at] - 3.0.2-3
- fix CVE-2026-10649: Fix integer overflows in remote message code
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 17 2026 Klaus Wenninger [klaus.wenninger@aon.at] - 3.0.2-3
- fix CVE-2026-10649: Fix integer overflows in remote message code
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2489310 - CVE-2026-10649 pacemaker: Pacemaker: Denial of Service via integer overflow in remote message decompression [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2489310
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-2c31df81dc' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 44 Update: tinyproxy-1.11.2-8.fc44
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-efbe094630
2026-06-27 01:10:00.374896+00:00
--------------------------------------------------------------------------------
Name : tinyproxy
Product : Fedora 44
Version : 1.11.2
Release : 8.fc44
URL : https://tinyproxy.github.io/
Summary : A small, efficient HTTP/SSL proxy daemon
Description :
tinyproxy is a small, efficient HTTP/SSL proxy daemon that is very useful in a
small network setting, where a larger proxy like Squid would either be too
resource intensive, or a security risk.
--------------------------------------------------------------------------------
Update Information:
Backport upstream fixes for CVE-2026-54387 and CVE-2026-54388.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jun 18 2026 Carl George [carlwgeorge@gmail.com] - 1.11.2-8
- Backport upstream CVE fixes
- Fixes CVE-2026-54387
- Fixes CVE-2026-54388
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2490299 - CVE-2026-54387 tinyproxy: HTTP Request Smuggling via CL/TE desynchronization [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2490299
[ 2 ] Bug #2490301 - CVE-2026-54388 tinyproxy: HTTP Request Smuggling via duplicate Content-Length headers [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2490301
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-efbe094630' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 44 Update: docker-buildx-0.35.0-1.fc44
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-105f7df940
2026-06-27 01:10:00.374865+00:00
--------------------------------------------------------------------------------
Name : docker-buildx
Product : Fedora 44
Version : 0.35.0
Release : 1.fc44
URL : https://github.com/docker/buildx
Summary : Docker CLI plugin for extended build capabilities with BuildKit
Description :
Docker CLI plugin for extended build capabilities with BuildKit.
--------------------------------------------------------------------------------
Update Information:
Update to release v0.35.0
Resolves: rhbz#2487819
Resolves CVE-2026-39828: rhbz#2489918, rhbz#2490102
Upstream enhancements, new features, and fixes
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jun 18 2026 Bradley G Smith [bradley.g.smith@gmail.com] - 0.35.0-1
- Update to release v0.35.0
- Resolves: rhbz#2487819
- Resolves CVE-2026-39828: rhbz#2489918, rhbz#2490102
- Upstream enhancements, new features, and fixes
* Tue May 19 2026 Bradley G Smith [bradley.g.smith@gmail.com] - 0.34.1-1
- Update to release v0.34.1
- Resolves: rhbz#2479976
- Upstream fixes
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2487819 - docker-buildx-0.35.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2487819
[ 2 ] Bug #2489918 - CVE-2026-39828 docker-buildx: golang.org/x/crypto/ssh: Unauthorized command execution via discarded SSH permissions [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2489918
[ 3 ] Bug #2490102 - CVE-2026-39829 docker-buildx: golang.org/x/crypto/ssh: Denial of Service via crafted public key with excessive parameters [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2490102
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-105f7df940' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 44 Update: docker-buildkit-0.31.0-1.fc44
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-1e00728616
2026-06-27 01:10:00.374822+00:00
--------------------------------------------------------------------------------
Name : docker-buildkit
Product : Fedora 44
Version : 0.31.0
Release : 1.fc44
URL : https://github.com/moby/buildkit
Summary : Concurrent, cache-efficient, and Dockerfile-agnostic builder toolkit
Description :
Concurrent, cache-efficient, and Dockerfile-agnostic builder toolkit.
--------------------------------------------------------------------------------
Update Information:
Update to release v0.31.0
Resolve CVE-2026-39829: rhbz#2489939, rhbz#2490056
Upstream new features and fixes
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 17 2026 Bradley G Smith [bradley.g.smith@gmail.com] - 0.31.0-1
- Update to release v0.31.0
- Resolve CVE-2026-39829: rhbz#2489939, rhbz#2490056
- Upstream new features and fixes
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2489939 - CVE-2026-39828 docker-buildkit: golang.org/x/crypto/ssh: Unauthorized command execution via discarded SSH permissions [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2489939
[ 2 ] Bug #2490056 - CVE-2026-39829 docker-buildkit: golang.org/x/crypto/ssh: Denial of Service via crafted public key with excessive parameters [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2490056
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-1e00728616' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 44 Update: lighttpd-1.4.84-1.fc44
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-1907dd9339
2026-06-27 01:10:00.374817+00:00
--------------------------------------------------------------------------------
Name : lighttpd
Product : Fedora 44
Version : 1.4.84
Release : 1.fc44
URL : http://www.lighttpd.net/
Summary : Lightning fast webserver with light system requirements
Description :
lighttpd (pronounced /lighty/) is a secure, fast, compliant, and very flexible
web server that has been optimized for high-performance environments. lighttpd
uses memory and CPU efficiently and has lower resource use than other popular
web servers. Its advanced feature-set (FastCGI, CGI, Auth, Output-Compression,
URL-Rewriting and much more) make lighttpd the perfect web server for all
systems, small and large.
--------------------------------------------------------------------------------
Update Information:
1.4.84
1.4.83
https://wiki.lighttpd.net/Release-1_4_83
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jun 18 2026 Gwyn Ciesla [gwync@protonmail.com] - 1.4.84-1
- 1.4.84
* Mon Jun 15 2026 Gwyn Ciesla [gwync@protonmail.com] - 1.4.83-1
- 1.4.83
* Fri Jun 12 2026 Yaakov Selkowitz [yselkowi@redhat.com] - 1.4.82-5
- Rebuilt for openssl 4.0
* Thu Apr 16 2026 Tom Callaway [spot@fedoraproject.org] - 1.4.82-4
- rebuild
* Tue Mar 3 2026 Tom Callaway [spot@fedoraproject.org] - 1.4.82-3
- rebuild for lua 5.5
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2488792 - lighttpd-1.4.83 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2488792
[ 2 ] Bug #2490240 - lighttpd-1.4.84 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2490240
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-1907dd9339' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 44 Update: nginx-mod-vts-0.2.4-11.fc44
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-b8e751787c
2026-06-27 01:10:00.374795+00:00
--------------------------------------------------------------------------------
Name : nginx-mod-vts
Product : Fedora 44
Version : 0.2.4
Release : 11.fc44
URL : https://github.com/vozlt/nginx-module-vts
Summary : Nginx virtual host traffic status module
Description :
Nginx virtual host traffic status module.
--------------------------------------------------------------------------------
Update Information:
nginx-mod-brotli:
Rebuild for 1.30.3
nginx-mod-fancyindex:
Rebuild for 1.30.3
nginx-mod-vts:
Rebuild for 1.30.3
nginx-mod-modsecurity:
Rebuild for 1.30.3
nginx-mod-headers-more:
Rebuild for 1.30.3
nginx-mod-naxsi:
Rebuild for 1.30.3
nginx-mod-js-challenge:
Rebuild for 1.30.3
nginx:
update to 1.30.3
fixes CVE-2026-42055, CVE-2026-42530 and CVE-2026-48142
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 17 2026 Felix Kaechele [felix@kaechele.ca] - 0.2.4-11
- Rebuild for 1.30.3
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-b8e751787c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 44 Update: nginx-mod-modsecurity-1.0.4-12.fc44
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-b8e751787c
2026-06-27 01:10:00.374795+00:00
--------------------------------------------------------------------------------
Name : nginx-mod-modsecurity
Product : Fedora 44
Version : 1.0.4
Release : 12.fc44
URL : https://github.com/SpiderLabs/ModSecurity-nginx
Summary : ModSecurity v3 nginx connector
Description :
The ModSecurity-nginx connector is the connection point between nginx and
libmodsecurity (ModSecurity v3). Said another way, this project provides a
communication channel between nginx and libmodsecurity. This connector is
required to use LibModSecurity with nginx.
The ModSecurity-nginx connector takes the form of an nginx module. The module
simply serves as a layer of communication between nginx and ModSecurity
--------------------------------------------------------------------------------
Update Information:
nginx-mod-brotli:
Rebuild for 1.30.3
nginx-mod-fancyindex:
Rebuild for 1.30.3
nginx-mod-vts:
Rebuild for 1.30.3
nginx-mod-modsecurity:
Rebuild for 1.30.3
nginx-mod-headers-more:
Rebuild for 1.30.3
nginx-mod-naxsi:
Rebuild for 1.30.3
nginx-mod-js-challenge:
Rebuild for 1.30.3
nginx:
update to 1.30.3
fixes CVE-2026-42055, CVE-2026-42530 and CVE-2026-48142
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 17 2026 Felix Kaechele [felix@kaechele.ca] - 1.0.4-12
- Rebuild for 1.30.3
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-b8e751787c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 44 Update: nginx-1.30.3-1.fc44
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-b8e751787c
2026-06-27 01:10:00.374795+00:00
--------------------------------------------------------------------------------
Name : nginx
Product : Fedora 44
Version : 1.30.3
Release : 1.fc44
URL : https://nginx.org
Summary : A high performance web server and reverse proxy server
Description :
Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and
IMAP protocols, with a strong focus on high concurrency, performance and low
memory usage.
--------------------------------------------------------------------------------
Update Information:
nginx-mod-brotli:
Rebuild for 1.30.3
nginx-mod-fancyindex:
Rebuild for 1.30.3
nginx-mod-vts:
Rebuild for 1.30.3
nginx-mod-modsecurity:
Rebuild for 1.30.3
nginx-mod-headers-more:
Rebuild for 1.30.3
nginx-mod-naxsi:
Rebuild for 1.30.3
nginx-mod-js-challenge:
Rebuild for 1.30.3
nginx:
update to 1.30.3
fixes CVE-2026-42055, CVE-2026-42530 and CVE-2026-48142
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 17 2026 Felix Kaechele [felix@kaechele.ca] - 2:1.30.3-1
- update to 1.30.3
- fixes CVE-2026-42055, CVE-2026-42530 and CVE-2026-48142
* Fri Jun 12 2026 Yaakov Selkowitz [yselkowi@redhat.com] - 2:1.30.2-2
- Rebuilt for openssl 4.0
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-b8e751787c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 44 Update: nginx-mod-naxsi-1.6-19.fc44
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-b8e751787c
2026-06-27 01:10:00.374795+00:00
--------------------------------------------------------------------------------
Name : nginx-mod-naxsi
Product : Fedora 44
Version : 1.6
Release : 19.fc44
URL : https://github.com/wargio/naxsi
Summary : nginx web application firewall module
Description :
naxsi is an nginx module that provides score based Web Application Firewall
(WAF) abilities in a highly granular fashion.
--------------------------------------------------------------------------------
Update Information:
nginx-mod-brotli:
Rebuild for 1.30.3
nginx-mod-fancyindex:
Rebuild for 1.30.3
nginx-mod-vts:
Rebuild for 1.30.3
nginx-mod-modsecurity:
Rebuild for 1.30.3
nginx-mod-headers-more:
Rebuild for 1.30.3
nginx-mod-naxsi:
Rebuild for 1.30.3
nginx-mod-js-challenge:
Rebuild for 1.30.3
nginx:
update to 1.30.3
fixes CVE-2026-42055, CVE-2026-42530 and CVE-2026-48142
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 17 2026 Felix Kaechele [felix@kaechele.ca] - 1.6-19
- Rebuild for 1.30.3
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-b8e751787c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 44 Update: nginx-mod-headers-more-0.39-11.fc44
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-b8e751787c
2026-06-27 01:10:00.374795+00:00
--------------------------------------------------------------------------------
Name : nginx-mod-headers-more
Product : Fedora 44
Version : 0.39
Release : 11.fc44
URL : https://github.com/openresty/headers-more-nginx-module
Summary : This module allows adding, setting, or clearing specified input/output headers
Description :
This module allows adding, setting, or clearing specified input/output headers.
This is an enhanced version of the standard headers module because it provides
more utilities like resetting or clearing "builtin headers" like Content-Type,
Content-Length, and Server.
--------------------------------------------------------------------------------
Update Information:
nginx-mod-brotli:
Rebuild for 1.30.3
nginx-mod-fancyindex:
Rebuild for 1.30.3
nginx-mod-vts:
Rebuild for 1.30.3
nginx-mod-modsecurity:
Rebuild for 1.30.3
nginx-mod-headers-more:
Rebuild for 1.30.3
nginx-mod-naxsi:
Rebuild for 1.30.3
nginx-mod-js-challenge:
Rebuild for 1.30.3
nginx:
update to 1.30.3
fixes CVE-2026-42055, CVE-2026-42530 and CVE-2026-48142
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 17 2026 Felix Kaechele [felix@kaechele.ca] - 0.39-11
- Rebuild for 1.30.3
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-b8e751787c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 44 Update: nginx-mod-fancyindex-0.6.0-6.fc44
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-b8e751787c
2026-06-27 01:10:00.374795+00:00
--------------------------------------------------------------------------------
Name : nginx-mod-fancyindex
Product : Fedora 44
Version : 0.6.0
Release : 6.fc44
URL : https://github.com/aperezdc/ngx-fancyindex
Summary : Nginx FancyIndex module
Description :
The Fancy Index module makes possible the generation of file listings,
like the built-in autoindex module does, but adding a touch of style.
This is possible because the module allows a certain degree of
customization of the generated content:
* Custom headers. Either local or stored remotely.
* Custom footers. Either local or stored remotely.
* Add you own CSS style rules.
* Allow choosing to sort elements by name (default),
modification time, or size; both ascending (default),
or descending.
--------------------------------------------------------------------------------
Update Information:
nginx-mod-brotli:
Rebuild for 1.30.3
nginx-mod-fancyindex:
Rebuild for 1.30.3
nginx-mod-vts:
Rebuild for 1.30.3
nginx-mod-modsecurity:
Rebuild for 1.30.3
nginx-mod-headers-more:
Rebuild for 1.30.3
nginx-mod-naxsi:
Rebuild for 1.30.3
nginx-mod-js-challenge:
Rebuild for 1.30.3
nginx:
update to 1.30.3
fixes CVE-2026-42055, CVE-2026-42530 and CVE-2026-48142
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 17 2026 Felix Kaechele [felix@kaechele.ca] - 0.6.0-6
- Rebuild for 1.30.3
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-b8e751787c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 44 Update: nginx-mod-js-challenge-0^20230517.gitda6852d-9.fc44
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-b8e751787c
2026-06-27 01:10:00.374795+00:00
--------------------------------------------------------------------------------
Name : nginx-mod-js-challenge
Product : Fedora 44
Version : 0^20230517.gitda6852d
Release : 9.fc44
URL : https://github.com/simon987/ngx_http_js_challenge_module
Summary : Simple JavaScript proof-of-work based access for Nginx with virtually no overhead
Description :
Simple JavaScript proof-of-work based access for Nginx with virtually no overhead.
--------------------------------------------------------------------------------
Update Information:
nginx-mod-brotli:
Rebuild for 1.30.3
nginx-mod-fancyindex:
Rebuild for 1.30.3
nginx-mod-vts:
Rebuild for 1.30.3
nginx-mod-modsecurity:
Rebuild for 1.30.3
nginx-mod-headers-more:
Rebuild for 1.30.3
nginx-mod-naxsi:
Rebuild for 1.30.3
nginx-mod-js-challenge:
Rebuild for 1.30.3
nginx:
update to 1.30.3
fixes CVE-2026-42055, CVE-2026-42530 and CVE-2026-48142
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 17 2026 Felix Kaechele [felix@kaechele.ca] - 0^20230517.gitda6852d-9
- Rebuild for 1.30.3
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-b8e751787c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 44 Update: nginx-mod-brotli-1.0.0~rc-11.fc44
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-b8e751787c
2026-06-27 01:10:00.374795+00:00
--------------------------------------------------------------------------------
Name : nginx-mod-brotli
Product : Fedora 44
Version : 1.0.0~rc
Release : 11.fc44
URL : https://github.com/google/ngx_brotli
Summary : NGINX module for Brotli compression
Description :
NGINX module for Brotli compression.
--------------------------------------------------------------------------------
Update Information:
nginx-mod-brotli:
Rebuild for 1.30.3
nginx-mod-fancyindex:
Rebuild for 1.30.3
nginx-mod-vts:
Rebuild for 1.30.3
nginx-mod-modsecurity:
Rebuild for 1.30.3
nginx-mod-headers-more:
Rebuild for 1.30.3
nginx-mod-naxsi:
Rebuild for 1.30.3
nginx-mod-js-challenge:
Rebuild for 1.30.3
nginx:
update to 1.30.3
fixes CVE-2026-42055, CVE-2026-42530 and CVE-2026-48142
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 17 2026 Felix Kaechele [felix@kaechele.ca] - 1.0.0~rc-11
- Rebuild for 1.30.3
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-b8e751787c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 44 Update: openbao-2.5.5-1.fc44
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-84ff0044db
2026-06-27 01:10:00.374787+00:00
--------------------------------------------------------------------------------
Name : openbao
Product : Fedora 44
Version : 2.5.5
Release : 1.fc44
URL : https://openbao.org
Summary : A tool for securely accessing secrets
Description :
Openbao secures, stores, and tightly controls access to tokens, passwords,
certificates, API keys, and other secrets in modern computing. Openbao handles
leasing, key revocation, key rolling, and auditing. Through a unified API, users
can access an encrypted Key/Value store and network encryption-as-a-service, or
generate AWS IAM/STS credentials, SQL/NoSQL databases, X.509 certificates, SSH
credentials, and more.
--------------------------------------------------------------------------------
Update Information:
Update to upstream 2.5.5. Also fixes CVE-2026-55770, CVE-2026-55774,
CVE-2026-55775, and CVE-2026-55776.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 17 2026 Dave Dykstra - 2.5.5-1
- update to upstream 2.5.5
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2489817 - openbao-2.5.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2489817
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-84ff0044db' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 44 Update: python-postorius-1.3.13-1.fc44
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-ef34f94241
2026-06-27 01:10:00.374784+00:00
--------------------------------------------------------------------------------
Name : python-postorius
Product : Fedora 44
Version : 1.3.13
Release : 1.fc44
URL : https://gitlab.com/mailman/postorius
Summary : Web UI for GNU Mailman
Description :
The Postorius Django app provides a web user interface to access GNU Mailman.
--------------------------------------------------------------------------------
Update Information:
Update to 1.3.13 (minor packaging changes); backport unreleased fix for cross-
side scripting via unescaped HTML
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 17 2026 Michel Lind [salimma@fedoraproject.org] - 1.3.13-1
- Backport unreleased fix for CVE-2026-44742
- With 1.3.13 we no longer need to exclude example_project
* Tue Jun 16 2026 Python Maint - 1.3.12-8
- Rebuilt for Python 3.15
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2476457 - CVE-2026-44742 python-postorius: Postorius: Cross-Site Scripting via unescaped HTML in message subject [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2476457
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-ef34f94241' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 44 Update: liferea-1.16.12-1.fc44
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-79d9e34e36
2026-06-27 01:10:00.374769+00:00
--------------------------------------------------------------------------------
Name : liferea
Product : Fedora 44
Version : 1.16.12
Release : 1.fc44
URL : https://lzone.de/liferea/
Summary : An RSS/RDF feed reader
Description :
Liferea (Linux Feed Reader) is an RSS/RDF feed reader.
It's intended to be a clone of the Windows-only FeedReader.
It can be used to maintain a list of subscribed feeds,
browse through their items, and show their contents.
--------------------------------------------------------------------------------
Update Information:
Update to 1.16.12
Update to 1.16.11
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 17 2026 Yanko Kaneti [yaneti@declera.com] - 1:1.16.12-1
- Update to 1.16.12
* Thu Jun 11 2026 Yanko Kaneti [yaneti@declera.com] - 1:1.16.11-1
- Update to 1.16.11
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-79d9e34e36' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: tinyproxy-1.11.2-8.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-77f1ca9c8f
2026-06-27 00:54:50.049783+00:00
--------------------------------------------------------------------------------
Name : tinyproxy
Product : Fedora 43
Version : 1.11.2
Release : 8.fc43
URL : https://tinyproxy.github.io/
Summary : A small, efficient HTTP/SSL proxy daemon
Description :
tinyproxy is a small, efficient HTTP/SSL proxy daemon that is very useful in a
small network setting, where a larger proxy like Squid would either be too
resource intensive, or a security risk.
--------------------------------------------------------------------------------
Update Information:
Backport upstream fixes for CVE-2026-54387 and CVE-2026-54388.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jun 18 2026 Carl George [carlwgeorge@gmail.com] - 1.11.2-8
- Backport upstream CVE fixes
- Fixes CVE-2026-54387
- Fixes CVE-2026-54388
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2490299 - CVE-2026-54387 tinyproxy: HTTP Request Smuggling via CL/TE desynchronization [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2490299
[ 2 ] Bug #2490301 - CVE-2026-54388 tinyproxy: HTTP Request Smuggling via duplicate Content-Length headers [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2490301
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-77f1ca9c8f' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: docker-buildx-0.35.0-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-3cca6f41d4
2026-06-27 00:54:50.049759+00:00
--------------------------------------------------------------------------------
Name : docker-buildx
Product : Fedora 43
Version : 0.35.0
Release : 1.fc43
URL : https://github.com/docker/buildx
Summary : Docker CLI plugin for extended build capabilities with BuildKit
Description :
Docker CLI plugin for extended build capabilities with BuildKit.
--------------------------------------------------------------------------------
Update Information:
Update to release v0.35.0
Resolves: rhbz#2487819
Resolves CVE-2026-39828: rhbz#2489918, rhbz#2490102
Upstream enhancements, new features, and fixes
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jun 18 2026 Bradley G Smith [bradley.g.smith@gmail.com] - 0.35.0-1
- Update to release v0.35.0
- Resolves: rhbz#2487819
- Resolves CVE-2026-39828: rhbz#2489918, rhbz#2490102
- Upstream enhancements, new features, and fixes
* Tue May 19 2026 Bradley G Smith [bradley.g.smith@gmail.com] - 0.34.1-1
- Update to release v0.34.1
- Resolves: rhbz#2479976
- Upstream fixes
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2487819 - docker-buildx-0.35.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2487819
[ 2 ] Bug #2489918 - CVE-2026-39828 docker-buildx: golang.org/x/crypto/ssh: Unauthorized command execution via discarded SSH permissions [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2489918
[ 3 ] Bug #2490102 - CVE-2026-39829 docker-buildx: golang.org/x/crypto/ssh: Denial of Service via crafted public key with excessive parameters [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2490102
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-3cca6f41d4' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: docker-buildkit-0.31.0-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-1a714d39b0
2026-06-27 00:54:50.049752+00:00
--------------------------------------------------------------------------------
Name : docker-buildkit
Product : Fedora 43
Version : 0.31.0
Release : 1.fc43
URL : https://github.com/moby/buildkit
Summary : Concurrent, cache-efficient, and Dockerfile-agnostic builder toolkit
Description :
Concurrent, cache-efficient, and Dockerfile-agnostic builder toolkit.
--------------------------------------------------------------------------------
Update Information:
Update to release v0.31.0
Resolve CVE-2026-39829: rhbz#2489939, rhbz#2490056
Upstream new features and fixes
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 17 2026 Bradley G Smith [bradley.g.smith@gmail.com] - 0.31.0-1
- Update to release v0.31.0
- Resolve CVE-2026-39829: rhbz#2489939, rhbz#2490056
- Upstream new features and fixes
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2489939 - CVE-2026-39828 docker-buildkit: golang.org/x/crypto/ssh: Unauthorized command execution via discarded SSH permissions [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2489939
[ 2 ] Bug #2490056 - CVE-2026-39829 docker-buildkit: golang.org/x/crypto/ssh: Denial of Service via crafted public key with excessive parameters [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2490056
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-1a714d39b0' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: tigervnc-1.16.2-4.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-ad10afa9cd
2026-06-27 00:54:50.049697+00:00
--------------------------------------------------------------------------------
Name : tigervnc
Product : Fedora 43
Version : 1.16.2
Release : 4.fc43
URL : https://www.tigervnc.com
Summary : A TigerVNC remote display system
Description :
Virtual Network Computing (VNC) is a remote display system which
allows you to view a computing 'desktop' environment not only on the
machine where it is running, but from anywhere on the Internet and
from a wide variety of machine architectures. This package contains a
client which will allow you to connect to other desktops running a VNC
server.
--------------------------------------------------------------------------------
Update Information:
Fixes CVE-2026-50256 CVE-2026-50257 CVE-2026-50258 CVE-2026-50259 CVE-2026-50260
CVE-2026-50261 CVE-2026-50262 CVE-2026-50263 CVE-2026-50264.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jun 18 2026 Jan Grulich [jgrulich@redhat.com] - 1.16.2-4
- Rebuild (xorg-x11-server)
Fixes CVE-2026-50256 CVE-2026-50257 CVE-2026-50258 CVE-2026-50259
CVE-2026-50260 CVE-2026-50261 CVE-2026-50262 CVE-2026-50263
CVE-2026-50264
* Fri Jun 12 2026 Yaakov Selkowitz [yselkowi@redhat.com] - 1.16.2-3
- Rebuilt for openssl 4.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2476414 - CVE-2026-34002 tigervnc: X.Org X server: Information disclosure or Denial of Service via out-of-bounds read in XKB modifier map handling [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2476414
[ 2 ] Bug #2476956 - CVE-2026-33999 tigervnc: X.Org X server: Denial of Service via integer underflow in XKB compatibility map handling [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2476956
[ 3 ] Bug #2476958 - CVE-2026-34001 tigervnc: X.Org X server: Use-after-free vulnerability leads to server crash and potential memory corruption [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2476958
[ 4 ] Bug #2476965 - CVE-2026-34003 tigervnc: X.Org X server: Information exposure and denial of service via out-of-bounds memory access [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2476965
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-ad10afa9cd' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: lighttpd-1.4.84-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-d7d472853a
2026-06-27 00:54:50.049700+00:00
--------------------------------------------------------------------------------
Name : lighttpd
Product : Fedora 43
Version : 1.4.84
Release : 1.fc43
URL : http://www.lighttpd.net/
Summary : Lightning fast webserver with light system requirements
Description :
lighttpd (pronounced /lighty/) is a secure, fast, compliant, and very flexible
web server that has been optimized for high-performance environments. lighttpd
uses memory and CPU efficiently and has lower resource use than other popular
web servers. Its advanced feature-set (FastCGI, CGI, Auth, Output-Compression,
URL-Rewriting and much more) make lighttpd the perfect web server for all
systems, small and large.
--------------------------------------------------------------------------------
Update Information:
1.4.84
1.4.83
https://wiki.lighttpd.net/Release-1_4_83
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jun 18 2026 Gwyn Ciesla [gwync@protonmail.com] - 1.4.84-1
- 1.4.84
* Mon Jun 15 2026 Gwyn Ciesla [gwync@protonmail.com] - 1.4.83-1
- 1.4.83
* Fri Jun 12 2026 Yaakov Selkowitz [yselkowi@redhat.com] - 1.4.82-5
- Rebuilt for openssl 4.0
* Thu Apr 16 2026 Tom Callaway [spot@fedoraproject.org] - 1.4.82-4
- rebuild
* Tue Mar 3 2026 Tom Callaway [spot@fedoraproject.org] - 1.4.82-3
- rebuild for lua 5.5
* Fri Jan 16 2026 Fedora Release Engineering [releng@fedoraproject.org] - 1.4.82-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2488792 - lighttpd-1.4.83 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2488792
[ 2 ] Bug #2490240 - lighttpd-1.4.84 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2490240
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-d7d472853a' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: pacemaker-3.0.2-3.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-6a4bfb1309
2026-06-27 00:54:50.049690+00:00
--------------------------------------------------------------------------------
Name : pacemaker
Product : Fedora 43
Version : 3.0.2
Release : 3.fc43
URL : https://www.clusterlabs.org/
Summary : Scalable High-Availability cluster resource manager
Description :
Pacemaker is an advanced, scalable High-Availability cluster resource
manager.
It supports more than 16 node clusters with significant capabilities
for managing resources and dependencies.
It will run scripts at initialization, when machines go up or down,
when related resources fail and can be configured to periodically check
resource health.
Available rpmbuild rebuild options:
--with(out) : cibsecrets hardening linuxha nls pre_release profiling
--------------------------------------------------------------------------------
Update Information:
* Wed Jun 17 2026 Klaus Wenninger [klaus.wenninger@aon.at] - 3.0.2-3
- fix CVE-2026-10649: Fix integer overflows in remote message code
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 17 2026 Klaus Wenninger [klaus.wenninger@aon.at] - 3.0.2-3
- fix CVE-2026-10649: Fix integer overflows in remote message code
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2489310 - CVE-2026-10649 pacemaker: Pacemaker: Denial of Service via integer overflow in remote message decompression [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2489310
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-6a4bfb1309' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: nginx-mod-headers-more-0.39-11.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-9d7328702e
2026-06-27 00:54:50.049683+00:00
--------------------------------------------------------------------------------
Name : nginx-mod-headers-more
Product : Fedora 43
Version : 0.39
Release : 11.fc43
URL : https://github.com/openresty/headers-more-nginx-module
Summary : This module allows adding, setting, or clearing specified input/output headers
Description :
This module allows adding, setting, or clearing specified input/output headers.
This is an enhanced version of the standard headers module because it provides
more utilities like resetting or clearing "builtin headers" like Content-Type,
Content-Length, and Server.
--------------------------------------------------------------------------------
Update Information:
nginx-mod-headers-more:
Rebuild for 1.30.3
nginx-mod-brotli:
Rebuild for 1.30.3
nginx-mod-vts:
Rebuild for 1.30.3
nginx-mod-modsecurity:
Rebuild for 1.30.3
nginx-mod-fancyindex:
Rebuild for 1.30.3
nginx-mod-naxsi:
Rebuild for 1.30.3
nginx:
update to 1.30.3
fixes CVE-2026-42055, CVE-2026-42530 and CVE-2026-48142
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 17 2026 Felix Kaechele [felix@kaechele.ca] - 0.39-11
- Rebuild for 1.30.3
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-9d7328702e' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: nginx-mod-vts-0.2.4-11.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-9d7328702e
2026-06-27 00:54:50.049683+00:00
--------------------------------------------------------------------------------
Name : nginx-mod-vts
Product : Fedora 43
Version : 0.2.4
Release : 11.fc43
URL : https://github.com/vozlt/nginx-module-vts
Summary : Nginx virtual host traffic status module
Description :
Nginx virtual host traffic status module.
--------------------------------------------------------------------------------
Update Information:
nginx-mod-headers-more:
Rebuild for 1.30.3
nginx-mod-brotli:
Rebuild for 1.30.3
nginx-mod-vts:
Rebuild for 1.30.3
nginx-mod-modsecurity:
Rebuild for 1.30.3
nginx-mod-fancyindex:
Rebuild for 1.30.3
nginx-mod-naxsi:
Rebuild for 1.30.3
nginx:
update to 1.30.3
fixes CVE-2026-42055, CVE-2026-42530 and CVE-2026-48142
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 17 2026 Felix Kaechele [felix@kaechele.ca] - 0.2.4-11
- Rebuild for 1.30.3
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-9d7328702e' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: nginx-mod-fancyindex-0.6.0-6.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-9d7328702e
2026-06-27 00:54:50.049683+00:00
--------------------------------------------------------------------------------
Name : nginx-mod-fancyindex
Product : Fedora 43
Version : 0.6.0
Release : 6.fc43
URL : https://github.com/aperezdc/ngx-fancyindex
Summary : Nginx FancyIndex module
Description :
The Fancy Index module makes possible the generation of file listings,
like the built-in autoindex module does, but adding a touch of style.
This is possible because the module allows a certain degree of
customization of the generated content:
* Custom headers. Either local or stored remotely.
* Custom footers. Either local or stored remotely.
* Add you own CSS style rules.
* Allow choosing to sort elements by name (default),
modification time, or size; both ascending (default),
or descending.
--------------------------------------------------------------------------------
Update Information:
nginx-mod-headers-more:
Rebuild for 1.30.3
nginx-mod-brotli:
Rebuild for 1.30.3
nginx-mod-vts:
Rebuild for 1.30.3
nginx-mod-modsecurity:
Rebuild for 1.30.3
nginx-mod-fancyindex:
Rebuild for 1.30.3
nginx-mod-naxsi:
Rebuild for 1.30.3
nginx:
update to 1.30.3
fixes CVE-2026-42055, CVE-2026-42530 and CVE-2026-48142
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 17 2026 Felix Kaechele [felix@kaechele.ca] - 0.6.0-6
- Rebuild for 1.30.3
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-9d7328702e' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: nginx-mod-brotli-1.0.0~rc-11.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-9d7328702e
2026-06-27 00:54:50.049683+00:00
--------------------------------------------------------------------------------
Name : nginx-mod-brotli
Product : Fedora 43
Version : 1.0.0~rc
Release : 11.fc43
URL : https://github.com/google/ngx_brotli
Summary : NGINX module for Brotli compression
Description :
NGINX module for Brotli compression.
--------------------------------------------------------------------------------
Update Information:
nginx-mod-headers-more:
Rebuild for 1.30.3
nginx-mod-brotli:
Rebuild for 1.30.3
nginx-mod-vts:
Rebuild for 1.30.3
nginx-mod-modsecurity:
Rebuild for 1.30.3
nginx-mod-fancyindex:
Rebuild for 1.30.3
nginx-mod-naxsi:
Rebuild for 1.30.3
nginx:
update to 1.30.3
fixes CVE-2026-42055, CVE-2026-42530 and CVE-2026-48142
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 17 2026 Felix Kaechele [felix@kaechele.ca] - 1.0.0~rc-11
- Rebuild for 1.30.3
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-9d7328702e' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: nginx-1.30.3-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-9d7328702e
2026-06-27 00:54:50.049683+00:00
--------------------------------------------------------------------------------
Name : nginx
Product : Fedora 43
Version : 1.30.3
Release : 1.fc43
URL : https://nginx.org
Summary : A high performance web server and reverse proxy server
Description :
Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and
IMAP protocols, with a strong focus on high concurrency, performance and low
memory usage.
--------------------------------------------------------------------------------
Update Information:
nginx-mod-headers-more:
Rebuild for 1.30.3
nginx-mod-brotli:
Rebuild for 1.30.3
nginx-mod-vts:
Rebuild for 1.30.3
nginx-mod-modsecurity:
Rebuild for 1.30.3
nginx-mod-fancyindex:
Rebuild for 1.30.3
nginx-mod-naxsi:
Rebuild for 1.30.3
nginx:
update to 1.30.3
fixes CVE-2026-42055, CVE-2026-42530 and CVE-2026-48142
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 17 2026 Felix Kaechele [felix@kaechele.ca] - 2:1.30.3-1
- update to 1.30.3
- fixes CVE-2026-42055, CVE-2026-42530 and CVE-2026-48142
* Fri Jun 12 2026 Yaakov Selkowitz [yselkowi@redhat.com] - 2:1.30.2-2
- Rebuilt for openssl 4.0
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-9d7328702e' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: nginx-mod-naxsi-1.6-19.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-9d7328702e
2026-06-27 00:54:50.049683+00:00
--------------------------------------------------------------------------------
Name : nginx-mod-naxsi
Product : Fedora 43
Version : 1.6
Release : 19.fc43
URL : https://github.com/wargio/naxsi
Summary : nginx web application firewall module
Description :
naxsi is an nginx module that provides score based Web Application Firewall
(WAF) abilities in a highly granular fashion.
--------------------------------------------------------------------------------
Update Information:
nginx-mod-headers-more:
Rebuild for 1.30.3
nginx-mod-brotli:
Rebuild for 1.30.3
nginx-mod-vts:
Rebuild for 1.30.3
nginx-mod-modsecurity:
Rebuild for 1.30.3
nginx-mod-fancyindex:
Rebuild for 1.30.3
nginx-mod-naxsi:
Rebuild for 1.30.3
nginx:
update to 1.30.3
fixes CVE-2026-42055, CVE-2026-42530 and CVE-2026-48142
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 17 2026 Felix Kaechele [felix@kaechele.ca] - 1.6-19
- Rebuild for 1.30.3
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-9d7328702e' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: nginx-mod-modsecurity-1.0.4-12.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-9d7328702e
2026-06-27 00:54:50.049683+00:00
--------------------------------------------------------------------------------
Name : nginx-mod-modsecurity
Product : Fedora 43
Version : 1.0.4
Release : 12.fc43
URL : https://github.com/SpiderLabs/ModSecurity-nginx
Summary : ModSecurity v3 nginx connector
Description :
The ModSecurity-nginx connector is the connection point between nginx and
libmodsecurity (ModSecurity v3). Said another way, this project provides a
communication channel between nginx and libmodsecurity. This connector is
required to use LibModSecurity with nginx.
The ModSecurity-nginx connector takes the form of an nginx module. The module
simply serves as a layer of communication between nginx and ModSecurity
--------------------------------------------------------------------------------
Update Information:
nginx-mod-headers-more:
Rebuild for 1.30.3
nginx-mod-brotli:
Rebuild for 1.30.3
nginx-mod-vts:
Rebuild for 1.30.3
nginx-mod-modsecurity:
Rebuild for 1.30.3
nginx-mod-fancyindex:
Rebuild for 1.30.3
nginx-mod-naxsi:
Rebuild for 1.30.3
nginx:
update to 1.30.3
fixes CVE-2026-42055, CVE-2026-42530 and CVE-2026-48142
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 17 2026 Felix Kaechele [felix@kaechele.ca] - 1.0.4-12
- Rebuild for 1.30.3
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-9d7328702e' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: openbao-2.5.5-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-da7e499416
2026-06-27 00:54:50.049675+00:00
--------------------------------------------------------------------------------
Name : openbao
Product : Fedora 43
Version : 2.5.5
Release : 1.fc43
URL : https://openbao.org
Summary : A tool for securely accessing secrets
Description :
Openbao secures, stores, and tightly controls access to tokens, passwords,
certificates, API keys, and other secrets in modern computing. Openbao handles
leasing, key revocation, key rolling, and auditing. Through a unified API, users
can access an encrypted Key/Value store and network encryption-as-a-service, or
generate AWS IAM/STS credentials, SQL/NoSQL databases, X.509 certificates, SSH
credentials, and more.
--------------------------------------------------------------------------------
Update Information:
Update to upstream 2.5.5. Also fixes CVE-2026-55770, CVE-2026-55774,
CVE-2026-55775, and CVE-2026-55776.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 17 2026 Dave Dykstra - 2.5.5-1
- update to upstream 2.5.5
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2489817 - openbao-2.5.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2489817
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-da7e499416' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: python-postorius-1.3.13-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-c2b475c5f1
2026-06-27 00:54:50.049673+00:00
--------------------------------------------------------------------------------
Name : python-postorius
Product : Fedora 43
Version : 1.3.13
Release : 1.fc43
URL : https://gitlab.com/mailman/postorius
Summary : Web UI for GNU Mailman
Description :
The Postorius Django app provides a web user interface to access GNU Mailman.
--------------------------------------------------------------------------------
Update Information:
Update to 1.3.13 (minor packaging changes); backport unreleased fix for cross-
side scripting via unescaped HTML
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 17 2026 Michel Lind [salimma@fedoraproject.org] - 1.3.13-1
- Backport unreleased fix for CVE-2026-44742
- With 1.3.13 we no longer need to exclude example_project
* Tue Jun 16 2026 Python Maint - 1.3.12-8
- Rebuilt for Python 3.15
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 1.3.12-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2476457 - CVE-2026-44742 python-postorius: Postorius: Cross-Site Scripting via unescaped HTML in message subject [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2476457
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-c2b475c5f1' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: python-jupyter-server-2.19.0-2.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-9536c7cb79
2026-06-27 00:54:50.049657+00:00
--------------------------------------------------------------------------------
Name : python-jupyter-server
Product : Fedora 43
Version : 2.19.0
Release : 2.fc43
URL : https://jupyter-server.readthedocs.io
Summary : The backend for Jupyter web applications
Description :
The Jupyter Server provides the backend (i.e. the core services,
APIs, and REST endpoints) for Jupyter web applications like
Jupyter notebook, JupyterLab, and Voila.
--------------------------------------------------------------------------------
Update Information:
New version of jupyter-server fixing various security vulnerabilities.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jun 4 2026 Python Maint - 2.19.0-2
- Rebuilt for Python 3.15
* Mon Jun 1 2026 Lumir Balhar [lbalhar@redhat.com] - 2.19.0-1
- Update to 2.19.0 (rhbz#2483209)
* Mon May 11 2026 Lumir Balhar [lbalhar@redhat.com] - 2.18.2-1
- Update to 2.18.2 (rhbz#2466683)
* Tue May 5 2026 Lumir Balhar [lbalhar@redhat.com] - 2.18.0-1
- Update to 2.18.0 (rhbz#2465646)
* Tue Apr 14 2026 Tom???? Hrn??iar [thrnciar@redhat.com] - 2.17.0-5
- Raise pytest upper bound to allow pytest 9
* Fri Mar 20 2026 Lumir Balhar [lbalhar@redhat.com] - 2.17.0-4
- Ignore deprecation warnings from ptyprocess:pty to fix build with Python
3.15 alpha 7
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 2.17.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2484708 - CVE-2026-35397 python-jupyter-server: Jupyter Server: Unauthorized File Access via Path Traversal Vulnerability [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2484708
[ 2 ] Bug #2484713 - CVE-2026-40934 python-jupyter-server: Jupyter Server: Authentication bypass due to unrotated cookie secret [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2484713
[ 3 ] Bug #2485374 - CVE-2026-6657 python-jupyter-server: jupyter-server: Arbitrary code execution due to CORS origin validation bypass [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2485374
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-9536c7cb79' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 43 Update: util-linux-2.41.5-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-a7ff7017ee
2026-06-27 00:54:50.049635+00:00
--------------------------------------------------------------------------------
Name : util-linux
Product : Fedora 43
Version : 2.41.5
Release : 1.fc43
URL : https://en.wikipedia.org/wiki/Util-linux
Summary : Collection of basic system utilities
Description :
The util-linux package contains a large variety of low-level system
utilities that are necessary for a Linux system to function. Among
others, util-linux contains the fdisk configuration tool and the login
program.
--------------------------------------------------------------------------------
Update Information:
upstream upgrade with security fixes:
CVE-2026-53612 - libmount: TOCTOU attack via ancestor directory swap during
mount
CVE-2026-53613 - libmount: SUID bypass via LIBMOUNT_FORCE_MOUNT2 and legacy
mount path
CVE-2026-53614 - libmount: fd_target TOCTOU prevention
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jun 16 2026 Karel Zak [kzak@redhat.com] - 2.41.5-1
- upgrade to upstream release v2.41.5
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-a7ff7017ee' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: ldns-1.9.2-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-b33ba1aa06
2026-06-27 00:54:50.049628+00:00
--------------------------------------------------------------------------------
Name : ldns
Product : Fedora 43
Version : 1.9.2
Release : 1.fc43
URL : https://www.nlnetlabs.nl/ldns/
Summary : Low-level DNS(SEC) library with API
Description :
ldns is a library with the aim to simplify DNS programming in C. All
low-level DNS/DNSSEC operations are supported. We also define a higher
level API which allows a programmer to (for instance) create or sign
packets.
--------------------------------------------------------------------------------
Update Information:
Update to 1.9.2 for CVE-2026-10846
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jun 11 2026 Paul Wouters [paul.wouters@aiven.io] - 1.9.2-1
- Update to 1.9.2 for CVE-2026-10846 (re-release upstream)
* Wed Jun 10 2026 Paul Wouters [paul.wouters@aiven.io] - 1.9.0-8
- Fix for CVE-2026-10846
* Wed Jun 3 2026 Python Maint - 1.9.0-3
- Rebuilt for Python 3.15
* Fri Jan 16 2026 Fedora Release Engineering [releng@fedoraproject.org] - 1.9.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-b33ba1aa06' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
