Firefox, Exim, PuTTY, Xorg Server, and pcs updates for Fedora

Fedora Linux 9380 Published by

Fedora 43 and Fedora 44 have both received a batch of critical security updates targeting essential system packages. The release includes version upgrades for the Xorg X11 server, Mozilla Firefox, Exim mail transfer agent, PuTTY client, and the Pacemaker configuration system. Developers addressed numerous vulnerabilities across these tools, including pre-authentication data leaks in Exim and several memory corruption flaws within PuTTY. System administrators can deploy these patches immediately by running the standard DNF upgrade command with the provided advisory identifiers.

Fedora 43 Update: xorg-x11-server-21.1.23-1.fc43
Fedora 43 Update: firefox-151.0.3-1.fc43
Fedora 43 Update: exim-4.99.4-1.fc43
Fedora 43 Update: putty-0.84-1.fc43
Fedora 43 Update: pcs-0.12.2-2.fc43
Fedora 44 Update: exim-4.99.4-1.fc44
Fedora 44 Update: putty-0.84-1.fc44
Fedora 44 Update: pcs-0.12.2-2.fc44




[SECURITY] Fedora 43 Update: xorg-x11-server-21.1.23-1.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-c3ea7d7b0e
2026-06-10 01:08:28.183015+00:00
--------------------------------------------------------------------------------

Name : xorg-x11-server
Product : Fedora 43
Version : 21.1.23
Release : 1.fc43
URL : http://www.x.org
Summary : X.Org X11 X server
Description :
X.Org X11 X server.

--------------------------------------------------------------------------------
Update Information:

Update to xserver 21.1.23, Security fixes for: ZDI-CAN-30136,
ZDI-CAN-30159, ZDI-CAN-30160, ZDI-CAN-30161, ZDI-CAN-30163, ZDI-CAN-30164,
ZDI-CAN-30165, ZDI-CAN-30168
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jun 2 2026 Peter Hutterer [peter.hutterer@redhat.com] - 21.1.23-1
- Update to xserver 21.1.23
Security fixes for: ZDI-CAN-30136, ZDI-CAN-30159, ZDI-CAN-30160,
ZDI-CAN-30161, ZDI-CAN-30163, ZDI-CAN-30164,
ZDI-CAN-30165, ZDI-CAN-30168
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-c3ea7d7b0e' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 43 Update: firefox-151.0.3-1.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-91bc662689
2026-06-10 01:08:28.183020+00:00
--------------------------------------------------------------------------------

Name : firefox
Product : Fedora 43
Version : 151.0.3
Release : 1.fc43
URL : https://www.mozilla.org/firefox/
Summary : Mozilla Firefox Web browser
Description :
Mozilla Firefox is an open-source web browser, designed for standards
compliance, performance and portability.

--------------------------------------------------------------------------------
Update Information:

New upstream release (151.0.3)
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jun 3 2026 Martin Stransky [stransky@redhat.com] - 151.0.3-1
- Update to latest upstream (151.0.3)
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-91bc662689' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 43 Update: exim-4.99.4-1.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-71b1e9b455
2026-06-10 01:08:28.182999+00:00
--------------------------------------------------------------------------------

Name : exim
Product : Fedora 43
Version : 4.99.4
Release : 1.fc43
URL : https://www.exim.org/
Summary : The exim mail transfer agent
Description :
Exim is a message transfer agent (MTA) developed at the University of
Cambridge for use on Unix systems connected to the Internet. It is
freely available under the terms of the GNU General Public Licence. In
style it is similar to Smail 3, but its facilities are more
general. There is a great deal of flexibility in the way mail can be
routed, and there are extensive facilities for checking incoming
mail. Exim can be installed in place of sendmail, although the
configuration of exim is quite different to that of sendmail.

--------------------------------------------------------------------------------
Update Information:

This is an update fixing a pre-authentication information disclosure
(CVE-2026-48840).
--------------------------------------------------------------------------------
ChangeLog:

* Mon Jun 1 2026 Jaroslav ??karvada [jskarvad@redhat.com] - 4.99.4-1
- New version
Resolves: rhbz#2483300
Resolves: CVE-2026-48840
* Mon May 18 2026 Jaroslav ??karvada [jskarvad@redhat.com] - 4.99.3-1
- New version
Resolves: rhbz#2476497
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2483300 - exim-4.99.4 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2483300
[ 2 ] Bug #2484718 - CVE-2026-48840 exim: Exim: Information disclosure via mishandled short payloads in proxy configurations [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2484718
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-71b1e9b455' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------



[SECURITY] Fedora 43 Update: putty-0.84-1.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-61f53cc218
2026-06-10 01:08:28.182994+00:00
--------------------------------------------------------------------------------

Name : putty
Product : Fedora 43
Version : 0.84
Release : 1.fc43
URL : http://www.chiark.greenend.org.uk/~sgtatham/putty/
Summary : SSH, Telnet and Rlogin client
Description :
Putty is a SSH, Telnet & Rlogin client - this time for Linux.

--------------------------------------------------------------------------------
Update Information:

This is an update fixing several security related problems in putty.
--------------------------------------------------------------------------------
ChangeLog:

* Mon May 25 2026 Jaroslav ??karvada [jskarvad@redhat.com] - 0.84-1
- New version
Resolves: rhbz#2480724
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2480724 - putty-0.84 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2480724
[ 2 ] Bug #2481658 - CVE-2026-48850 putty: double free vulnerability in RSA KEX code [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2481658
[ 3 ] Bug #2481659 - CVE-2026-48851 putty: TELNET session data is marked with trust sigils after authenticating to a proxy [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2481659
[ 4 ] Bug #2481662 - CVE-2026-48852 putty: assertion failure in ECDSA signature verification [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2481662
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-61f53cc218' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------



[SECURITY] Fedora 43 Update: pcs-0.12.2-2.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-c0f7d885ee
2026-06-10 01:08:28.182950+00:00
--------------------------------------------------------------------------------

Name : pcs
Product : Fedora 43
Version : 0.12.2
Release : 2.fc43
URL : https://github.com/ClusterLabs/pcs
Summary : Pacemaker/Corosync Configuration System
Description :
pcs is a configuration tool for Corosync and Pacemaker. It permits users to
easily view, modify and create high availability clusters based on Pacemaker.
This package contains the pcs command-line utility and its server pcsd.

--------------------------------------------------------------------------------
Update Information:

Updated standalone web UI and HA Cluster Management Cockpit application to pcs-
web-ui 0.1.24.3 (see CHANGELOG_WUI.md)
Fixed a crash when running pcs resource|stonith list
Fixed order of resources in sets when listing configuration of constraints
--------------------------------------------------------------------------------
ChangeLog:

* Fri May 15 2026 Michal Posp????il [mpospisi@redhat.com] - 0.12.2-2
- Updated standalone web UI and HA Cluster Management Cockpit application to pcs-web-ui 0.1.24.3 (see CHANGELOG_WUI.md)
Resolves: rhbz#2454042
- Fixed a crash when running pcs resource|stonith list
Resolves: rhbz#2458608
- Fixed order of resources in sets when listing configuration of constraints
Resolves: rhbz#2461143
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2454042 - CVE-2026-4800 pcs: lodash: Arbitrary code execution via untrusted input in template imports [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2454042
[ 2 ] Bug #2458608 - pcs resource list produces traceback
https://bugzilla.redhat.com/show_bug.cgi?id=2458608
[ 3 ] Bug #2461143 - pcs constraint in default text mode orders resources alphabetically
https://bugzilla.redhat.com/show_bug.cgi?id=2461143
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-c0f7d885ee' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------



[SECURITY] Fedora 44 Update: exim-4.99.4-1.fc44


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-78bf093219
2026-06-10 00:54:41.795265+00:00
--------------------------------------------------------------------------------

Name : exim
Product : Fedora 44
Version : 4.99.4
Release : 1.fc44
URL : https://www.exim.org/
Summary : The exim mail transfer agent
Description :
Exim is a message transfer agent (MTA) developed at the University of
Cambridge for use on Unix systems connected to the Internet. It is
freely available under the terms of the GNU General Public Licence. In
style it is similar to Smail 3, but its facilities are more
general. There is a great deal of flexibility in the way mail can be
routed, and there are extensive facilities for checking incoming
mail. Exim can be installed in place of sendmail, although the
configuration of exim is quite different to that of sendmail.

--------------------------------------------------------------------------------
Update Information:

This is an update fixing a pre-authentication information disclosure
(CVE-2026-48840).
--------------------------------------------------------------------------------
ChangeLog:

* Mon Jun 1 2026 Jaroslav ??karvada [jskarvad@redhat.com] - 4.99.4-1
- New version
Resolves: rhbz#2483300
Resolves: CVE-2026-48840
* Mon May 18 2026 Jaroslav ??karvada [jskarvad@redhat.com] - 4.99.3-1
- New version
Resolves: rhbz#2476497
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2483300 - exim-4.99.4 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2483300
[ 2 ] Bug #2484718 - CVE-2026-48840 exim: Exim: Information disclosure via mishandled short payloads in proxy configurations [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2484718
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-78bf093219' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------



[SECURITY] Fedora 44 Update: putty-0.84-1.fc44


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-1ab61e6e20
2026-06-10 00:54:41.795258+00:00
--------------------------------------------------------------------------------

Name : putty
Product : Fedora 44
Version : 0.84
Release : 1.fc44
URL : http://www.chiark.greenend.org.uk/~sgtatham/putty/
Summary : SSH, Telnet and Rlogin client
Description :
Putty is a SSH, Telnet & Rlogin client - this time for Linux.

--------------------------------------------------------------------------------
Update Information:

This is an update fixing several security related problems in putty.
--------------------------------------------------------------------------------
ChangeLog:

* Mon May 25 2026 Jaroslav ??karvada [jskarvad@redhat.com] - 0.84-1
- New version
Resolves: rhbz#2480724
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2480724 - putty-0.84 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2480724
[ 2 ] Bug #2481658 - CVE-2026-48850 putty: double free vulnerability in RSA KEX code [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2481658
[ 3 ] Bug #2481659 - CVE-2026-48851 putty: TELNET session data is marked with trust sigils after authenticating to a proxy [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2481659
[ 4 ] Bug #2481662 - CVE-2026-48852 putty: assertion failure in ECDSA signature verification [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2481662
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-1ab61e6e20' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------



[SECURITY] Fedora 44 Update: pcs-0.12.2-2.fc44


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-d420bebe72
2026-06-10 00:54:41.795203+00:00
--------------------------------------------------------------------------------

Name : pcs
Product : Fedora 44
Version : 0.12.2
Release : 2.fc44
URL : https://github.com/ClusterLabs/pcs
Summary : Pacemaker/Corosync Configuration System
Description :
pcs is a configuration tool for Corosync and Pacemaker. It permits users to
easily view, modify and create high availability clusters based on Pacemaker.
This package contains the pcs command-line utility and its server pcsd.

--------------------------------------------------------------------------------
Update Information:

Updated standalone web UI and HA Cluster Management Cockpit application to pcs-
web-ui 0.1.24.3 (see CHANGELOG_WUI.md)
Fixed a crash when running pcs resource|stonith list
Fixed order of resources in sets when listing configuration of constraints
--------------------------------------------------------------------------------
ChangeLog:

* Fri May 15 2026 Michal Posp????il [mpospisi@redhat.com] - 0.12.2-2
- Updated standalone web UI and HA Cluster Management Cockpit application to pcs-web-ui 0.1.24.3 (see CHANGELOG_WUI.md)
Resolves: rhbz#2454042
- Fixed a crash when running pcs resource|stonith list
Resolves: rhbz#2458608
- Fixed order of resources in sets when listing configuration of constraints
Resolves: rhbz#2461143
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2454042 - CVE-2026-4800 pcs: lodash: Arbitrary code execution via untrusted input in template imports [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2454042
[ 2 ] Bug #2458608 - pcs resource list produces traceback
https://bugzilla.redhat.com/show_bug.cgi?id=2458608
[ 3 ] Bug #2461143 - pcs constraint in default text mode orders resources alphabetically
https://bugzilla.redhat.com/show_bug.cgi?id=2461143
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-d420bebe72' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


OpenSSL, Poppler, Mistral, and Okular updates for Debian

Thunderbird, Firefox, Bind, Ansible Automation, and Core System Libraries updates for RHEL

Windows

Linux

macOS

Community

  • Lexonight
    Hey everyone,Wanted to share a project I've been b ...
  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...