Chromium, Varnish, Composer, and more updates for Fedora

Fedora Linux 9385 Published by

Fedora 44 just pushed out a major wave of security patches that touch several essential system tools and development frameworks. Chromium dominates this release with fixes for over seventy memory management vulnerabilities and input validation weaknesses scattered across its rendering engine and extensions. You will also find important hardening measures for Apptainer, Composer, WeasyPrint, and the entire Varnish Cache ecosystem to prevent remote code execution risks. Run your regular system update commands right away so your machines stay protected against these newly disclosed threats.

Fedora 44 Update: chromium-149.0.7827.102-1.fc44
Fedora 44 Update: apptainer-1.5.1-1.fc44
Fedora 44 Update: composer-2.10.1-1.fc44
Fedora 44 Update: chezmoi-2.70.5-1.fc44
Fedora 44 Update: weasyprint-69.0-1.fc44
Fedora 44 Update: vmod-uuid-1.10-31.fc44
Fedora 44 Update: vmod-querystring-2.0.3-13.fc44
Fedora 44 Update: collectd-5.12.0-64.fc44
Fedora 44 Update: varnish-modules-0.27.0-4.fc44
Fedora 44 Update: varnish-8.0.2-1.fc44




[SECURITY] Fedora 44 Update: chromium-149.0.7827.102-1.fc44


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-2debc85b3c
2026-06-13 01:09:32.029747+00:00
--------------------------------------------------------------------------------

Name : chromium
Product : Fedora 44
Version : 149.0.7827.102
Release : 1.fc44
URL : http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).

--------------------------------------------------------------------------------
Update Information:

Update to 149.0.7827.102
CVE-2026-11628: Use after free in Ozone
CVE-2026-11629: Use after free in Ozone
CVE-2026-11630: Use after free in File Input
CVE-2026-11631: Use after free in Aura
CVE-2026-11632: Use after free in TabStrip
CVE-2026-11633: Use after free in Bluetooth
CVE-2026-11634: Use after free in Gamepad
CVE-2026-11635: Use after free in Bluetooth
CVE-2026-11636: Use after free in Autofill
CVE-2026-11637: Use after free in Views
CVE-2026-11638: Use after free in Printing
CVE-2026-11639: Use after free in Compositing
CVE-2026-11640: Integer overflow in libyuv
CVE-2026-11641: Use after free in Bluetooth
CVE-2026-11642: Use after free in Web Apps
CVE-2026-11643: Use after free in Proxy
CVE-2026-11644: Use after free in Views
CVE-2026-11645: Out of bounds memory access in V8
CVE-2026-11646: Use after free in ViewTransitions
CVE-2026-11647: Use after free in Printing
CVE-2026-11648: Use after free in FullScreen
CVE-2026-11649: Use after free in V8
CVE-2026-11650: Use after free in V8
CVE-2026-11651: Use after free in Network
CVE-2026-11652: Use after free in Extensions
CVE-2026-11653: Insufficient validation of untrusted input in Extensions
CVE-2026-11654: Use after free in CameraCapture
CVE-2026-11655: Integer overflow in Media
CVE-2026-11656: Use after free in ServiceWorker
CVE-2026-11657: Use after free in Payments
CVE-2026-11658: Insufficient validation of untrusted input in Extensions
CVE-2026-11659: Insufficient validation of untrusted input in UI
CVE-2026-11660: Insufficient validation of untrusted input in New Tab Page
CVE-2026-11661: Use after free in Views
CVE-2026-11662: Type Confusion in Bindings
CVE-2026-11663: Use after free in Skia
CVE-2026-11664: Use after free in Payments
CVE-2026-11665: Out of bounds read in Dawn
CVE-2026-11666: Insufficient validation of untrusted input in Input
CVE-2026-11667: Out of bounds read in WebRTC
CVE-2026-11668: Uninitialized Use in Codecs
CVE-2026-11669: Integer overflow in Media
CVE-2026-11670: Use after free in PDF
CVE-2026-11671: Use after free in Navigation
CVE-2026-11672: Out of bounds write in GPU
CVE-2026-11673: Use after free in InterestGroups
CVE-2026-11674: Use after free in Guest View
CVE-2026-11675: Insufficient validation of untrusted input in Skia
CVE-2026-11676: Insufficient validation of untrusted input in Dawn
CVE-2026-11677: Race in Network
CVE-2026-11678: Integer overflow in libyuv
CVE-2026-11679: Use after free in Codecs
CVE-2026-11680: Use after free in Media
CVE-2026-11681: Use after free in Ozone
CVE-2026-11682: Insufficient validation of untrusted input in Views
CVE-2026-11683: Use after free in WebCodecs
CVE-2026-11684: Insufficient policy enforcement in Network
CVE-2026-11685: Insufficient data validation in MediaCapture
CVE-2026-11686: Insufficient validation of untrusted input in Dawn
CVE-2026-11687: Use after free in Dawn
CVE-2026-11688: Object lifecycle issue in SVG
CVE-2026-11689: Insufficient validation of untrusted input in Passwords
CVE-2026-11690: Out of bounds read and write in Media
CVE-2026-11691: Insufficient validation of untrusted input in New Tab Page
CVE-2026-11692: Use after free in Read Anything
CVE-2026-11693: Inappropriate implementation in Plugins
CVE-2026-11694: Use after free in ServiceWorker
CVE-2026-11695: Inappropriate implementation in Passwords
CVE-2026-11696: Uninitialized Use in Video
CVE-2026-11697: Insufficient validation of untrusted input in UI
CVE-2026-11698: Use after free in Bluetooth
CVE-2026-11699: Use after free in Bluetooth
CVE-2026-11700: Use after free in Tracing
CVE-2026-11701: Insufficient validation of untrusted input in Guest View
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jun 9 2026 Than Ngo [than@redhat.com] - 149.0.7827.102-1
- Update to 149.0.7827.102
* CVE-2026-11628: Use after free in Ozone
* CVE-2026-11629: Use after free in Ozone
* CVE-2026-11630: Use after free in File Input
* CVE-2026-11631: Use after free in Aura
* CVE-2026-11632: Use after free in TabStrip
* CVE-2026-11633: Use after free in Bluetooth
* CVE-2026-11634: Use after free in Gamepad
* CVE-2026-11635: Use after free in Bluetooth
* CVE-2026-11636: Use after free in Autofill
* CVE-2026-11637: Use after free in Views
* CVE-2026-11638: Use after free in Printing
* CVE-2026-11639: Use after free in Compositing
* CVE-2026-11640: Integer overflow in libyuv
* CVE-2026-11641: Use after free in Bluetooth
* CVE-2026-11642: Use after free in Web Apps
* CVE-2026-11643: Use after free in Proxy
* CVE-2026-11644: Use after free in Views
* CVE-2026-11645: Out of bounds memory access in V8
* CVE-2026-11646: Use after free in ViewTransitions
* CVE-2026-11647: Use after free in Printing
* CVE-2026-11648: Use after free in FullScreen
* CVE-2026-11649: Use after free in V8
* CVE-2026-11650: Use after free in V8
* CVE-2026-11651: Use after free in Network
* CVE-2026-11652: Use after free in Extensions
* CVE-2026-11653: Insufficient validation of untrusted input in Extensions
* CVE-2026-11654: Use after free in CameraCapture
* CVE-2026-11655: Integer overflow in Media
* CVE-2026-11656: Use after free in ServiceWorker
* CVE-2026-11657: Use after free in Payments
* CVE-2026-11658: Insufficient validation of untrusted input in Extensions
* CVE-2026-11659: Insufficient validation of untrusted input in UI
* CVE-2026-11660: Insufficient validation of untrusted input in New Tab Page
* CVE-2026-11661: Use after free in Views
* CVE-2026-11662: Type Confusion in Bindings
* CVE-2026-11663: Use after free in Skia
* CVE-2026-11664: Use after free in Payments
* CVE-2026-11665: Out of bounds read in Dawn
* CVE-2026-11666: Insufficient validation of untrusted input in Input
* CVE-2026-11667: Out of bounds read in WebRTC
* CVE-2026-11668: Uninitialized Use in Codecs
* CVE-2026-11669: Integer overflow in Media
* CVE-2026-11670: Use after free in PDF
* CVE-2026-11671: Use after free in Navigation
* CVE-2026-11672: Out of bounds write in GPU
* CVE-2026-11673: Use after free in InterestGroups
* CVE-2026-11674: Use after free in Guest View
* CVE-2026-11675: Insufficient validation of untrusted input in Skia
* CVE-2026-11676: Insufficient validation of untrusted input in Dawn
* CVE-2026-11677: Race in Network
* CVE-2026-11678: Integer overflow in libyuv
* CVE-2026-11679: Use after free in Codecs
* CVE-2026-11680: Use after free in Media
* CVE-2026-11681: Use after free in Ozone
* CVE-2026-11682: Insufficient validation of untrusted input in Views
* CVE-2026-11683: Use after free in WebCodecs
* CVE-2026-11684: Insufficient policy enforcement in Network
* CVE-2026-11685: Insufficient data validation in MediaCapture
* CVE-2026-11686: Insufficient validation of untrusted input in Dawn
* CVE-2026-11687: Use after free in Dawn
* CVE-2026-11688: Object lifecycle issue in SVG
* CVE-2026-11689: Insufficient validation of untrusted input in Passwords
* CVE-2026-11690: Out of bounds read and write in Media
* CVE-2026-11691: Insufficient validation of untrusted input in New Tab Page
* CVE-2026-11692: Use after free in Read Anything
* CVE-2026-11693: Inappropriate implementation in Plugins
* CVE-2026-11694: Use after free in ServiceWorker
* CVE-2026-11695: Inappropriate implementation in Passwords
* CVE-2026-11696: Uninitialized Use in Video
* CVE-2026-11697: Insufficient validation of untrusted input in UI
* CVE-2026-11698: Use after free in Bluetooth
* CVE-2026-11699: Use after free in Bluetooth
* CVE-2026-11700: Use after free in Tracing
* CVE-2026-11701: Insufficient validation of untrusted input in Guest View
- Refresh ppc64le patches
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2483935 - Remove setuid bit from chromium-browser's chrome-sandbox (now relies on namespaces)
https://bugzilla.redhat.com/show_bug.cgi?id=2483935
[ 2 ] Bug #2486052 - CVE-2026-10881 CVE-2026-10882 CVE-2026-10883 CVE-2026-10884 CVE-2026-10885 CVE-2026-10886 CVE-2026-10887 CVE-2026-10888 CVE-2026-10889 CVE-2026-10890 CVE-2026-10891 CVE-2026-10892 CVE-2026-10893 CVE-2026-10894 ... chromium: various flaws [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2486052
[ 3 ] Bug #2487620 - CVE-2026-11628 CVE-2026-11629 CVE-2026-11630 CVE-2026-11631 CVE-2026-11632 CVE-2026-11633 CVE-2026-11634 CVE-2026-11635 CVE-2026-11636 CVE-2026-11637 CVE-2026-11638 CVE-2026-11639 CVE-2026-11640 CVE-2026-11641 ... chromium: various flaws [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2487620
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-2debc85b3c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 44 Update: apptainer-1.5.1-1.fc44


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-ff5370cd61
2026-06-13 01:09:32.029732+00:00
--------------------------------------------------------------------------------

Name : apptainer
Product : Fedora 44
Version : 1.5.1
Release : 1.fc44
URL : https://apptainer.org
Summary : Application and environment virtualization formerly known as Singularity
Description :
Apptainer provides functionality to make portable
containers that can be used across host environments.

--------------------------------------------------------------------------------
Update Information:

Update to upstream 1.5.1. Fixes CVE-2026-48785
--------------------------------------------------------------------------------
ChangeLog:

* Thu Jun 4 2026 Dave Dykstra [dwd@cern.ch] - 1.5.1
- Update to upstream 1.5.1
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2484859 - apptainer-1.5.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2484859
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-ff5370cd61' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 44 Update: composer-2.10.1-1.fc44


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-9b34a78e81
2026-06-13 01:09:32.029641+00:00
--------------------------------------------------------------------------------

Name : composer
Product : Fedora 44
Version : 2.10.1
Release : 1.fc44
URL : https://getcomposer.org/
Summary : Dependency Manager for PHP
Description :
Composer helps you declare, manage and install dependencies of PHP projects,
ensuring you have the right stack everywhere.

Documentation: https://getcomposer.org/doc/

--------------------------------------------------------------------------------
Update Information:

Version 2.10.1 - 2026-06-04
Security: Fixed shell escaping when opening an editor (#12903)
Security: Verify backup phar signature before restoring it when using self-
update --rollback (#12918)
Fixed source-fallback also disabling fallbacks to dist install when source is
the preferred install method (#12888)
Fixed source -> dist package updates wiping the .git dir without checking for
local changes first (#12912)
Fixed GitHub token prompt happening multiple times on parallel auth failures
(#12913)
Fixed warnings from Composer repositories being printed twice in some cases
(#12907)
Version 2.10.0
Read the Composer 2.10 Release Announcement for more details on the release
highlights.
Full Changelog
BC Break / Security: Disabled automatic fallback to source checkout if dist/zip
install fails, we have introduced a new source-fallback config option as a
temporary way to restore the old behavior, but if you need this talk to us as we
plan to remove it entirely in 2.11 (#12885)
BC Break: Minor break for audit consumers, the exit code is now always 0
(success) or 1 if anything failed the audit (#12881)
Security: Added dependency policies to block package versions where malware was
detected on update/install or report it with audit (#12786)
Security: Hardened output filtering of URLs to reduce chances of token leaks
(#12882, #12886)
Security: Fixed handling of uppercase schemes in URL validation that might have
allowed https requirement bypass (#12884)
Security: Fixed git credentials remaining in git mirror .git/config after clone
or update failed (2bcbfc3)
Security: Fixed usage of insecure 3DES ciphers when ext-curl is missing
(5e71d77)
Security: Enforce allow-plugins even in non-interactive mode for very old
pre-2.2 lock files (#12764)
Added support for temporary --with constraints with wildcards in the package
name for the update command (#12658)
Added --strict-psr-autoloader flag to install and update commands (#12647)
Added source-fallback config option to disable or enable source fallback on
download failure (#12698)
Added --require parameter to create-project to add new packages to the project
as it gets installed (#12738)
Optimized plugin autoloading by avoiding regenerating classmaps for every
package per plugin (#12696)
Optimized PoolOptimizer memory usage (#12783)
Optimized classmap dumping performance
Deprecated most of the audit config in favor of the new policy one (#12804, see
#12786 for the RFC and upgrade docs)
Fixed update --bump-after-update to only bump packages that actually were
updated (#12733)
Fixed GitHub API authentication errors not being visible to the user (#12737)
Fixed error reporting for clarity when a constraint cannot be parsed (#12743)
Fixed warning being shown when lock file is disabled (#12760)
Fixed inconsistent treatment of SingleCommandApplication script commands wrt
autoloading (#12758)
Fixed some platform package parsing failing when Composer runs in web SAPIs
(#12735)
Fixed audit command returning a success code when the vendor dir was not present
(#12880)
--------------------------------------------------------------------------------
ChangeLog:

* Thu Jun 4 2026 Remi Collet [remi@remirepo.net] - 2.10.1-1
- update to 2.10.1
* Thu May 28 2026 Remi Collet [remi@remirepo.net] - 2.10.0-1
- update to 2.10.0
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-9b34a78e81' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 44 Update: chezmoi-2.70.5-1.fc44


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-905e9afc79
2026-06-13 01:09:32.029636+00:00
--------------------------------------------------------------------------------

Name : chezmoi
Product : Fedora 44
Version : 2.70.5
Release : 1.fc44
URL : https://github.com/twpayne/chezmoi
Summary : Manage your dotfiles across multiple diverse machines
Description :
Manage your dotfiles across multiple diverse machines, securely.

--------------------------------------------------------------------------------
Update Information:

Update to 2.70.5
--------------------------------------------------------------------------------
ChangeLog:

* Thu Jun 4 2026 Mikel Olasagasti Uranga [mikel@olasagasti.info] - 2.70.5-1
- Update to 2.70.5 - Closes rhbz#2459102
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2454534 - CVE-2026-34165 chezmoi: go-git: Denial of Service via crafted .idx file [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2454534
[ 2 ] Bug #2454535 - CVE-2026-33762 chezmoi: go-git: Denial of Service via crafted Git index file [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2454535
[ 3 ] Bug #2456013 - CVE-2026-33817 chezmoi: go.etcd.io/bbolt: Denial of Service via index out-of-range error [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2456013
[ 4 ] Bug #2458980 - CVE-2026-5160 chezmoi: github.com/yuin/goldmark/renderer/html: Cross-site Scripting due to improper URL validation [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2458980
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-905e9afc79' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 44 Update: weasyprint-69.0-1.fc44


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-6525541bb8
2026-06-13 01:09:32.029619+00:00
--------------------------------------------------------------------------------

Name : weasyprint
Product : Fedora 44
Version : 69.0
Release : 1.fc44
URL : https://weasyprint.org
Summary : Utility to render HTML and CSS to PDF
Description :
WeasyPrint can render HTML and CSS to PDF. It aims to support web standards
for printing.

--------------------------------------------------------------------------------
Update Information:

New upstream version which also includes a security update (CVE-2026-49452).
--------------------------------------------------------------------------------
ChangeLog:

* Thu Jun 4 2026 Felix Schwarz [fschwarz@fedoraproject.org] - 69.0-1
- update to 69.0
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2483992 - weasyprint-69.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2483992
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-6525541bb8' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 44 Update: vmod-uuid-1.10-31.fc44


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-2148c0e80b
2026-06-13 01:09:32.029605+00:00
--------------------------------------------------------------------------------

Name : vmod-uuid
Product : Fedora 44
Version : 1.10
Release : 31.fc44
URL : https://github.com/otto-de/libvmod-uuid
Summary : UUID module for Varnish Cache
Description :
UUID Varnish vmod used to generate a uuid, including versions 1, 3, 4 and 5
as specified in RFC 4122. See the RFC for details about the various versions.

--------------------------------------------------------------------------------
Update Information:

New upstream release varnish-8.0.2, a security release. Includes fix for
VSV00019. Dependent packages are included in this update.
--------------------------------------------------------------------------------
ChangeLog:

* Tue May 26 2026 Ingvar Hagelund - 1.10-31
- Rebuilt for varnish-8.0.2-1
* Sun May 17 2026 Ingvar Hagelund - 1.10-30
- Rebuilt for varnish-8.0.1-1
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-2148c0e80b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 44 Update: vmod-querystring-2.0.3-13.fc44


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-2148c0e80b
2026-06-13 01:09:32.029605+00:00
--------------------------------------------------------------------------------

Name : vmod-querystring
Product : Fedora 44
Version : 2.0.3
Release : 13.fc44
URL : https://github.com/dridi/libvmod-querystring
Summary : QueryString module for Varnish Cache
Description :
The purpose of this module is to give you a fine-grained control over a URL's
query-string in Varnish Cache. It's possible to remove the query-string, clean
it, sort its parameters or filter it to only keep a subset of them.

This can greatly improve your hit ratio and efficiency with Varnish, because
by default two URLs with the same path but different query-strings are also
different. This is what the RFCs mandate but probably not what you usually
want for your web site or application.

A query-string is just a character string starting after a question mark in a
URL. But in a web context, it is usually a structured key/values store encoded
with the `application/x-www-form-urlencoded' media type. This module deals
with this kind of query-strings.

--------------------------------------------------------------------------------
Update Information:

New upstream release varnish-8.0.2, a security release. Includes fix for
VSV00019. Dependent packages are included in this update.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jun 2 2026 Dridi Boukelmoune [dridi@fedoraproject.org] - 2.0.3-13
- Rebuilt for varnish-8.0.2.1
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-2148c0e80b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 44 Update: collectd-5.12.0-64.fc44


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-2148c0e80b
2026-06-13 01:09:32.029605+00:00
--------------------------------------------------------------------------------

Name : collectd
Product : Fedora 44
Version : 5.12.0
Release : 64.fc44
URL : https://collectd.org/
Summary : Statistics collection daemon for filling RRD files
Description :
collectd is a daemon which collects system performance statistics periodically
and provides mechanisms to store the values in a variety of ways,
for example in RRD files.

--------------------------------------------------------------------------------
Update Information:

New upstream release varnish-8.0.2, a security release. Includes fix for
VSV00019. Dependent packages are included in this update.
--------------------------------------------------------------------------------
ChangeLog:

* Mon Jun 1 2026 Kevin Fenzi [kevin@scrye.com] - 5.12.0-64
- Rebuild for varnish-8.0.2-1
* Thu Feb 26 2026 Remi Collet [remi@fedoraproject.org] - 5.12.0-63
- disable write_mongodb FTBFS #2440914
- disable mqtt FTBFS #2440548
* Mon Feb 2 2026 Jonathan Wright [jonathan@almalinux.org] - 5.12.0-62
- More (final) spec file updates for EPEL10
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-2148c0e80b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 44 Update: varnish-modules-0.27.0-4.fc44


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-2148c0e80b
2026-06-13 01:09:32.029605+00:00
--------------------------------------------------------------------------------

Name : varnish-modules
Product : Fedora 44
Version : 0.27.0
Release : 4.fc44
URL : https://github.com/varnish/varnish-modules
Summary : A collection of modules ("vmods") extending Varnish VCL
Description :
This is a collection of modules ("vmods") extending Varnish VCL used
for describing HTTP request/response policies with additional
capabilities. This collection contains the following vmods:
bodyaccess, header, saintmode, tcp, var, vsthrottle, xkey

--------------------------------------------------------------------------------
Update Information:

New upstream release varnish-8.0.2, a security release. Includes fix for
VSV00019. Dependent packages are included in this update.
--------------------------------------------------------------------------------
ChangeLog:

* Tue May 26 2026 Ingvar Hagelund - 0.27.0-4
- Rebuilt for varnish-8.0.2
* Sun May 17 2026 Ingvar Hagelund - 0.27.0-3
- Rebuilt for varnish-8.0.1
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-2148c0e80b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 44 Update: varnish-8.0.2-1.fc44


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-2148c0e80b
2026-06-13 01:09:32.029605+00:00
--------------------------------------------------------------------------------

Name : varnish
Product : Fedora 44
Version : 8.0.2
Release : 1.fc44
URL : https://www.varnish-cache.org/
Summary : High-performance HTTP accelerator
Description :
This is Varnish Cache, a high-performance HTTP accelerator.

Varnish Cache stores web pages in memory so web servers don???t have to
create the same web page over and over again. Varnish Cache serves
pages much faster than any application server; giving the website a
significant speed up.

Documentation wiki and additional information about Varnish Cache is
available on: https://www.varnish-cache.org/

--------------------------------------------------------------------------------
Update Information:

New upstream release varnish-8.0.2, a security release. Includes fix for
VSV00019. Dependent packages are included in this update.
--------------------------------------------------------------------------------
ChangeLog:

* Tue May 26 2026 Ingvar Hagelund - 8.0.2-1
- New upstream release: A security release
- Includes fix for VSV00019
* Sun May 17 2026 Ingvar Hagelund - 8.0.1-1
- New upstream release: A security relase
- Includes fix for VSV00018, CVE-2026-34475
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-2148c0e80b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Apache2, Kernel Base, and Image Libraries updates for Debian

.NET 8, 9, and 10 Patches Alongside Firefox ESR and krb5 updates for Oracle Linux

Windows

Linux

macOS

Community

  • Lexonight
    Hey everyone,Wanted to share a project I've been b ...
  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...