Fedora 42 Update: kernel-6.19.14-104.fc42
Fedora 42 Update: nginx-mod-modsecurity-1.0.4-10.fc42
Fedora 42 Update: nginx-mod-naxsi-1.6-17.fc42
Fedora 42 Update: nginx-mod-vts-0.2.4-9.fc42
Fedora 42 Update: nginx-1.30.1-1.fc42
Fedora 42 Update: nginx-mod-brotli-1.0.0~rc-9.fc42
Fedora 42 Update: nginx-mod-fancyindex-0.6.0-4.fc42
Fedora 42 Update: nginx-mod-headers-more-0.39-9.fc42
Fedora 42 Update: chromium-148.0.7778.96-1.fc42
Fedora 42 Update: uriparser-1.0.1-1.fc42
Fedora 42 Update: firefox-150.0.3-1.fc42
Fedora 43 Update: kernel-7.0.8-100.fc43
Fedora 43 Update: nginx-mod-vts-0.2.4-9.fc43
Fedora 43 Update: nginx-1.30.1-1.fc43
Fedora 43 Update: nginx-mod-modsecurity-1.0.4-10.fc43
Fedora 43 Update: nginx-mod-fancyindex-0.6.0-4.fc43
Fedora 43 Update: nginx-mod-naxsi-1.6-17.fc43
Fedora 43 Update: nginx-mod-brotli-1.0.0~rc-9.fc43
Fedora 43 Update: nginx-mod-headers-more-0.39-9.fc43
Fedora 44 Update: nginx-mod-js-challenge-0^20230517.gitda6852d-7.fc44
Fedora 44 Update: kernel-7.0.8-200.fc44
Fedora 44 Update: nginx-mod-vts-0.2.4-9.fc44
Fedora 44 Update: nginx-mod-headers-more-0.39-9.fc44
Fedora 44 Update: nginx-mod-naxsi-1.6-17.fc44
Fedora 44 Update: nginx-1.30.1-1.fc44
Fedora 44 Update: nginx-mod-modsecurity-1.0.4-10.fc44
Fedora 44 Update: nginx-mod-fancyindex-0.6.0-4.fc44
Fedora 44 Update: nginx-mod-brotli-1.0.0~rc-9.fc44
Fedora 44 Update: rsync-3.4.1-7.fc44
Fedora 44 Update: dnsmasq-2.92rel2-9.fc44
Fedora 44 Update: perl-Net-CIDR-Lite-0.24-1.fc44
[SECURITY] Fedora 42 Update: kernel-6.19.14-104.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-8b4a8d18d2
2026-05-15 22:44:59.632858+00:00
--------------------------------------------------------------------------------
Name : kernel
Product : Fedora 42
Version : 6.19.14
Release : 104.fc42
URL : https://www.kernel.org/
Summary : The Linux kernel
Description :
The kernel meta package
--------------------------------------------------------------------------------
Update Information:
The 6.19.14-104 kernel update contains a fix for the keysign-pwn vulnerability
CVE-2026-46333 as well as a mitigation for one more code path of fragnesia.
The 6.19.14-103 build contains an additional fix for the GRO path with
fragnesia.
--------------------------------------------------------------------------------
ChangeLog:
* Fri May 15 2026 Justin M. Forbes [jforbes@fedoraproject.org] [6.19.14-104]
- Revert "redhat/kernel.spec.template: Fix indentation of uki-virt generation code" (Justin M. Forbes)
- Revert "redhat/kernel.spec.template: Simplify uki-virt signing" (Justin M. Forbes)
- Revert "redhat/kernel.spec.template: Add kernel-uki-dtbloader sub-package" (Justin M. Forbes)
- Revert "redhat/kernel.spec.template: Make -uki-dtbloader provide kernel-core-uname-r" (Justin M. Forbes)
* Fri May 15 2026 Justin M. Forbes [jforbes@fedoraproject.org] [6.19.14-0]
- net: skbuff: propagate shared-frag marker through frag-transfer helpers (Hyunwoo Kim)
- Revert v3 of the fragnesia fix. V4 covers an additional path (Justin M. Forbes)
- ptrace: slightly saner 'get_dumpable()' logic (Linus Torvalds)
- net: skbuff: propagate shared-frag marker through frag-transfer helpers (Hyunwoo Kim)
- Revert old fragnesia fixes in favor of more complete solution (Justin M. Forbes)
- Revert old fragnesia fixes in favor of more complete solution (Justin M. Forbes)
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-8b4a8d18d2' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 42 Update: nginx-mod-modsecurity-1.0.4-10.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-38623b4fed
2026-05-15 22:44:59.632855+00:00
--------------------------------------------------------------------------------
Name : nginx-mod-modsecurity
Product : Fedora 42
Version : 1.0.4
Release : 10.fc42
URL : https://github.com/SpiderLabs/ModSecurity-nginx
Summary : ModSecurity v3 nginx connector
Description :
The ModSecurity-nginx connector is the connection point between nginx and
libmodsecurity (ModSecurity v3). Said another way, this project provides a
communication channel between nginx and libmodsecurity. This connector is
required to use LibModSecurity with nginx.
The ModSecurity-nginx connector takes the form of an nginx module. The module
simply serves as a layer of communication between nginx and ModSecurity
--------------------------------------------------------------------------------
Update Information:
nginx-mod-vts:
Rebuild for 1.30.1
nginx-mod-fancyindex:
Rebuild for 1.30.1
nginx-mod-naxsi:
Rebuild for 1.30.1
nginx-mod-headers-more:
Rebuild for 1.30.1
nginx-mod-brotli:
Rebuild for 1.30.1
nginx-mod-modsecurity:
Rebuild for 1.30.1
nginx:
update to 1.30.1
fixes CVE-2026-42926, CVE-2026-42945, CVE-2026-42946, CVE-2026-42934,
CVE-2026-40460 and CVE-2026-40701
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 13 2026 Felix Kaechele [felix@kaechele.ca] - 1.0.4-10
- Rebuild for 1.30.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2477413 - CVE-2026-42945 nginx: NGINX: Arbitrary Code Execution Vulnerability [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2477413
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-38623b4fed' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 42 Update: nginx-mod-naxsi-1.6-17.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-38623b4fed
2026-05-15 22:44:59.632855+00:00
--------------------------------------------------------------------------------
Name : nginx-mod-naxsi
Product : Fedora 42
Version : 1.6
Release : 17.fc42
URL : https://github.com/wargio/naxsi
Summary : nginx web application firewall module
Description :
naxsi is an nginx module that provides score based Web Application Firewall
(WAF) abilities in a highly granular fashion.
--------------------------------------------------------------------------------
Update Information:
nginx-mod-vts:
Rebuild for 1.30.1
nginx-mod-fancyindex:
Rebuild for 1.30.1
nginx-mod-naxsi:
Rebuild for 1.30.1
nginx-mod-headers-more:
Rebuild for 1.30.1
nginx-mod-brotli:
Rebuild for 1.30.1
nginx-mod-modsecurity:
Rebuild for 1.30.1
nginx:
update to 1.30.1
fixes CVE-2026-42926, CVE-2026-42945, CVE-2026-42946, CVE-2026-42934,
CVE-2026-40460 and CVE-2026-40701
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 13 2026 Felix Kaechele [felix@kaechele.ca] - 1.6-17
- Rebuild for 1.30.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2477413 - CVE-2026-42945 nginx: NGINX: Arbitrary Code Execution Vulnerability [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2477413
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-38623b4fed' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 42 Update: nginx-mod-vts-0.2.4-9.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-38623b4fed
2026-05-15 22:44:59.632855+00:00
--------------------------------------------------------------------------------
Name : nginx-mod-vts
Product : Fedora 42
Version : 0.2.4
Release : 9.fc42
URL : https://github.com/vozlt/nginx-module-vts
Summary : Nginx virtual host traffic status module
Description :
Nginx virtual host traffic status module.
--------------------------------------------------------------------------------
Update Information:
nginx-mod-vts:
Rebuild for 1.30.1
nginx-mod-fancyindex:
Rebuild for 1.30.1
nginx-mod-naxsi:
Rebuild for 1.30.1
nginx-mod-headers-more:
Rebuild for 1.30.1
nginx-mod-brotli:
Rebuild for 1.30.1
nginx-mod-modsecurity:
Rebuild for 1.30.1
nginx:
update to 1.30.1
fixes CVE-2026-42926, CVE-2026-42945, CVE-2026-42946, CVE-2026-42934,
CVE-2026-40460 and CVE-2026-40701
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 13 2026 Felix Kaechele [felix@kaechele.ca] - 0.2.4-9
- Rebuild for 1.30.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2477413 - CVE-2026-42945 nginx: NGINX: Arbitrary Code Execution Vulnerability [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2477413
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-38623b4fed' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 42 Update: nginx-1.30.1-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-38623b4fed
2026-05-15 22:44:59.632855+00:00
--------------------------------------------------------------------------------
Name : nginx
Product : Fedora 42
Version : 1.30.1
Release : 1.fc42
URL : https://nginx.org
Summary : A high performance web server and reverse proxy server
Description :
Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and
IMAP protocols, with a strong focus on high concurrency, performance and low
memory usage.
--------------------------------------------------------------------------------
Update Information:
nginx-mod-vts:
Rebuild for 1.30.1
nginx-mod-fancyindex:
Rebuild for 1.30.1
nginx-mod-naxsi:
Rebuild for 1.30.1
nginx-mod-headers-more:
Rebuild for 1.30.1
nginx-mod-brotli:
Rebuild for 1.30.1
nginx-mod-modsecurity:
Rebuild for 1.30.1
nginx:
update to 1.30.1
fixes CVE-2026-42926, CVE-2026-42945, CVE-2026-42946, CVE-2026-42934,
CVE-2026-40460 and CVE-2026-40701
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 13 2026 Felix Kaechele [felix@kaechele.ca] - 2:1.30.1-1
- update to 1.30.1
- fixes CVE-2026-42926, CVE-2026-42945, CVE-2026-42946, CVE-2026-42934,
CVE-2026-40460 and CVE-2026-40701
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2477413 - CVE-2026-42945 nginx: NGINX: Arbitrary Code Execution Vulnerability [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2477413
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-38623b4fed' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 42 Update: nginx-mod-brotli-1.0.0~rc-9.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-38623b4fed
2026-05-15 22:44:59.632855+00:00
--------------------------------------------------------------------------------
Name : nginx-mod-brotli
Product : Fedora 42
Version : 1.0.0~rc
Release : 9.fc42
URL : https://github.com/google/ngx_brotli
Summary : NGINX module for Brotli compression
Description :
NGINX module for Brotli compression.
--------------------------------------------------------------------------------
Update Information:
nginx-mod-vts:
Rebuild for 1.30.1
nginx-mod-fancyindex:
Rebuild for 1.30.1
nginx-mod-naxsi:
Rebuild for 1.30.1
nginx-mod-headers-more:
Rebuild for 1.30.1
nginx-mod-brotli:
Rebuild for 1.30.1
nginx-mod-modsecurity:
Rebuild for 1.30.1
nginx:
update to 1.30.1
fixes CVE-2026-42926, CVE-2026-42945, CVE-2026-42946, CVE-2026-42934,
CVE-2026-40460 and CVE-2026-40701
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 13 2026 Felix Kaechele [felix@kaechele.ca] - 1.0.0~rc-9
- Rebuild for 1.30.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2477413 - CVE-2026-42945 nginx: NGINX: Arbitrary Code Execution Vulnerability [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2477413
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-38623b4fed' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 42 Update: nginx-mod-fancyindex-0.6.0-4.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-38623b4fed
2026-05-15 22:44:59.632855+00:00
--------------------------------------------------------------------------------
Name : nginx-mod-fancyindex
Product : Fedora 42
Version : 0.6.0
Release : 4.fc42
URL : https://github.com/aperezdc/ngx-fancyindex
Summary : Nginx FancyIndex module
Description :
The Fancy Index module makes possible the generation of file listings,
like the built-in autoindex module does, but adding a touch of style.
This is possible because the module allows a certain degree of
customization of the generated content:
* Custom headers. Either local or stored remotely.
* Custom footers. Either local or stored remotely.
* Add you own CSS style rules.
* Allow choosing to sort elements by name (default),
modification time, or size; both ascending (default),
or descending.
--------------------------------------------------------------------------------
Update Information:
nginx-mod-vts:
Rebuild for 1.30.1
nginx-mod-fancyindex:
Rebuild for 1.30.1
nginx-mod-naxsi:
Rebuild for 1.30.1
nginx-mod-headers-more:
Rebuild for 1.30.1
nginx-mod-brotli:
Rebuild for 1.30.1
nginx-mod-modsecurity:
Rebuild for 1.30.1
nginx:
update to 1.30.1
fixes CVE-2026-42926, CVE-2026-42945, CVE-2026-42946, CVE-2026-42934,
CVE-2026-40460 and CVE-2026-40701
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 13 2026 Felix Kaechele [felix@kaechele.ca] - 0.6.0-4
- Rebuild for 1.30.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2477413 - CVE-2026-42945 nginx: NGINX: Arbitrary Code Execution Vulnerability [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2477413
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-38623b4fed' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 42 Update: nginx-mod-headers-more-0.39-9.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-38623b4fed
2026-05-15 22:44:59.632855+00:00
--------------------------------------------------------------------------------
Name : nginx-mod-headers-more
Product : Fedora 42
Version : 0.39
Release : 9.fc42
URL : https://github.com/openresty/headers-more-nginx-module
Summary : This module allows adding, setting, or clearing specified input/output headers
Description :
This module allows adding, setting, or clearing specified input/output headers.
This is an enhanced version of the standard headers module because it provides
more utilities like resetting or clearing "builtin headers" like Content-Type,
Content-Length, and Server.
--------------------------------------------------------------------------------
Update Information:
nginx-mod-vts:
Rebuild for 1.30.1
nginx-mod-fancyindex:
Rebuild for 1.30.1
nginx-mod-naxsi:
Rebuild for 1.30.1
nginx-mod-headers-more:
Rebuild for 1.30.1
nginx-mod-brotli:
Rebuild for 1.30.1
nginx-mod-modsecurity:
Rebuild for 1.30.1
nginx:
update to 1.30.1
fixes CVE-2026-42926, CVE-2026-42945, CVE-2026-42946, CVE-2026-42934,
CVE-2026-40460 and CVE-2026-40701
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 13 2026 Felix Kaechele [felix@kaechele.ca] - 0.39-9
- Rebuild for 1.30.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2477413 - CVE-2026-42945 nginx: NGINX: Arbitrary Code Execution Vulnerability [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2477413
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-38623b4fed' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 42 Update: chromium-148.0.7778.96-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-67a2a7275d
2026-05-15 22:44:59.632850+00:00
--------------------------------------------------------------------------------
Name : chromium
Product : Fedora 42
Version : 148.0.7778.96
Release : 1.fc42
URL : http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).
--------------------------------------------------------------------------------
Update Information:
Update to 148.0.7778.96
CVE-2026-7896: Integer overflow in Blink
CVE-2026-7897: Use after free in Mobile
CVE-2026-7898: Use after free in Chromoting
CVE-2026-7899: Out of bounds read and write in V8
CVE-2026-7900: Heap buffer overflow in ANGLE
CVE-2026-7901: Use after free in ANGLE
CVE-2026-7902: Out of bounds memory access in V8
CVE-2026-7903: Integer overflow in ANGLE
CVE-2026-7904: Out of bounds read in Fonts
CVE-2026-7905: Insufficient validation of untrusted input in Media
CVE-2026-7906: Use after free in SVG
CVE-2026-7907: Use after free in DOM
CVE-2026-7908: Use after free in Fullscreen
CVE-2026-7909: Inappropriate implementation in ServiceWorker
CVE-2026-7910: Use after free in Views
CVE-2026-7911: Use after free in Aura
CVE-2026-7912: Integer overflow in GPU
CVE-2026-7913: Insufficient policy enforcement in DevTools
CVE-2026-7914: Type Confusion in Accessibility
CVE-2026-7915: Insufficient data validation in DevTools
CVE-2026-7916: Insufficient data validation in InterestGroups
CVE-2026-7917: Use after free in Fullscreen
CVE-2026-7918: Use after free in GPU
CVE-2026-7919: Use after free in Aura
CVE-2026-7920: Use after free in Skia
CVE-2026-7921: Use after free in Passwords
CVE-2026-7922: Use after free in ServiceWorker
CVE-2026-7923: Out of bounds write in Skia
CVE-2026-7924: Uninitialized Use in Dawn
CVE-2026-7925: Use after free in Chromoting
CVE-2026-7926: Use after free in PresentationAPI
CVE-2026-7927: Type Confusion in Runtime
CVE-2026-7928: Use after free in WebRTC
CVE-2026-7929: Use after free in MediaRecording
CVE-2026-7930: Insufficient validation of untrusted input in Cookies
CVE-2026-7931: Insufficient validation of untrusted input in iOS
CVE-2026-7932: Insufficient policy enforcement in Downloads
CVE-2026-7933: Out of bounds read in WebCodecs
CVE-2026-7934: Insufficient validation of untrusted input in Popup Blocker
CVE-2026-7935: Inappropriate implementation in Speech
CVE-2026-7936: Object lifecycle issue in V8
CVE-2026-7937: Insufficient policy enforcement in DevTools
CVE-2026-7938: Use after free in CSS
CVE-2026-7939: Inappropriate implementation in SanitizerAPI
CVE-2026-7940: Use after free in V8
CVE-2026-7941: Insufficient validation of untrusted input in Mobile
CVE-2026-7942: Integer overflow in ANGLE
CVE-2026-7943: Insufficient validation of untrusted input in ANGLE
CVE-2026-7944: Insufficient validation of untrusted input in Persistent Cache
CVE-2026-7945: Insufficient validation of untrusted input in COOP
CVE-2026-7946: Insufficient policy enforcement in WebUI
CVE-2026-7947: Insufficient validation of untrusted input in Network
CVE-2026-7948: Race in Chromoting
CVE-2026-7949: Out of bounds read in Skia
CVE-2026-7950: Out of bounds read and write in GFX
CVE-2026-7951: Out of bounds write in WebRTC
CVE-2026-7952: Insufficient policy enforcement in Extensions
CVE-2026-7953: Insufficient validation of untrusted input in Omnibox
CVE-2026-7954: Race in Shared Storage
CVE-2026-7955: Uninitialized Use in GPU
CVE-2026-7956: Use after free in Navigation
CVE-2026-7957: Out of bounds write in Media
CVE-2026-7958: Inappropriate implementation in ServiceWorker
CVE-2026-7959: Inappropriate implementation in Navigation
CVE-2026-7960: Race in Speech
CVE-2026-7961: Insufficient validation of untrusted input in Permissions
CVE-2026-7962: Insufficient policy enforcement in DirectSockets
CVE-2026-7963: Inappropriate implementation in ServiceWorker
CVE-2026-7964: Insufficient validation of untrusted input in FileSystem
CVE-2026-7965: Insufficient validation of untrusted input in DevTools
CVE-2026-7966: Insufficient validation of untrusted input in SiteIsolation
CVE-2026-7967: Insufficient validation of untrusted input in Navigation
CVE-2026-7968: Insufficient validation of untrusted input in CORS
CVE-2026-7969: Integer overflow in Network
CVE-2026-7970: Use after free in TopChrome
CVE-2026-7971: Inappropriate implementation in ORB
CVE-2026-7972: Uninitialized Use in GPU
CVE-2026-7973: Integer overflow in Dawn
CVE-2026-7974: Use after free in Blink
CVE-2026-7975: Use after free in DevTools
CVE-2026-7976: Use after free in Views
CVE-2026-7977: Inappropriate implementation in Canvas
CVE-2026-7978: Inappropriate implementation in Companion
CVE-2026-7979: Inappropriate implementation in Media
CVE-2026-7980: Use after free in WebAudio
CVE-2026-7981: Out of bounds read in Codecs
CVE-2026-7982: Uninitialized Use in WebCodecs
CVE-2026-7983: Out of bounds read in Dawn
CVE-2026-7984: Use after free in ReadingMode
CVE-2026-7985: Use after free in GPU
CVE-2026-7986: Insufficient policy enforcement in Autofill
CVE-2026-7987: Use after free in WebRTC
CVE-2026-7988: Type Confusion in WebRTC
CVE-2026-7989: Insufficient data validation in DataTransfer
CVE-2026-7990: Insufficient validation of untrusted input in Updater
CVE-2026-7991: Use after free in UI
CVE-2026-7992: Insufficient validation of untrusted input in UI
CVE-2026-7993: Insufficient validation of untrusted input in Payments
CVE-2026-7994: Inappropriate implementation in Chromoting
CVE-2026-7995: Out of bounds read in AdFilter
CVE-2026-7996: Insufficient validation of untrusted input in SSL
CVE-2026-7997: Insufficient validation of untrusted input in Updater
CVE-2026-7998: Insufficient validation of untrusted input in Dialog
CVE-2026-7999: Inappropriate implementation in V8
CVE-2026-8000: Insufficient validation of untrusted input in ChromeDriver
CVE-2026-8001: Use after free in Printing
CVE-2026-8002: Use after free in Audio
CVE-2026-8003: Insufficient validation of untrusted input in TabGroups
CVE-2026-8004: Insufficient policy enforcement in DevTools
CVE-2026-8005: Insufficient validation of untrusted input in Cast
CVE-2026-8006: Insufficient policy enforcement in DevTools
CVE-2026-8007: Insufficient validation of untrusted input in Cast
CVE-2026-8008: Inappropriate implementation in DevTools
CVE-2026-8009: Inappropriate implementation in Cast
CVE-2026-8010: Insufficient validation of untrusted input in SiteIsolation
CVE-2026-8011: Insufficient policy enforcement in Search
CVE-2026-8012: Inappropriate implementation in MHTML
CVE-2026-8013: Insufficient validation of untrusted input in FedCM
CVE-2026-8014: Inappropriate implementation in Preload
CVE-2026-8015: Inappropriate implementation in Media
CVE-2026-8016: Use after free in WebRTC
CVE-2026-8017: Side-channel information leakage in Media
CVE-2026-8018: Insufficient policy enforcement in DevTools
CVE-2026-8019: Insufficient policy enforcement in WebApp
CVE-2026-8020: Uninitialized Use in GPU
CVE-2026-8021: Script injection in UI
CVE-2026-8022: Inappropriate implementation in MHTML
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 6 2026 Than Ngo [than@redhat.com] - 148.0.7778.96-1
- Update to 148.0.7778.96
* CVE-2026-7896: Integer overflow in Blink
* CVE-2026-7897: Use after free in Mobile
* CVE-2026-7898: Use after free in Chromoting
* CVE-2026-7899: Out of bounds read and write in V8
* CVE-2026-7900: Heap buffer overflow in ANGLE
* CVE-2026-7901: Use after free in ANGLE
* CVE-2026-7902: Out of bounds memory access in V8
* CVE-2026-7903: Integer overflow in ANGLE
* CVE-2026-7904: Out of bounds read in Fonts
* CVE-2026-7905: Insufficient validation of untrusted input in Media
* CVE-2026-7906: Use after free in SVG
* CVE-2026-7907: Use after free in DOM
* CVE-2026-7908: Use after free in Fullscreen
* CVE-2026-7909: Inappropriate implementation in ServiceWorker
* CVE-2026-7910: Use after free in Views
* CVE-2026-7911: Use after free in Aura
* CVE-2026-7912: Integer overflow in GPU
* CVE-2026-7913: Insufficient policy enforcement in DevTools
* CVE-2026-7914: Type Confusion in Accessibility
* CVE-2026-7915: Insufficient data validation in DevTools
* CVE-2026-7916: Insufficient data validation in InterestGroups
* CVE-2026-7917: Use after free in Fullscreen
* CVE-2026-7918: Use after free in GPU
* CVE-2026-7919: Use after free in Aura
* CVE-2026-7920: Use after free in Skia
* CVE-2026-7921: Use after free in Passwords
* CVE-2026-7922: Use after free in ServiceWorker
* CVE-2026-7923: Out of bounds write in Skia
* CVE-2026-7924: Uninitialized Use in Dawn
* CVE-2026-7925: Use after free in Chromoting
* CVE-2026-7926: Use after free in PresentationAPI
* CVE-2026-7927: Type Confusion in Runtime
* CVE-2026-7928: Use after free in WebRTC
* CVE-2026-7929: Use after free in MediaRecording
* CVE-2026-7930: Insufficient validation of untrusted input in Cookies
* CVE-2026-7931: Insufficient validation of untrusted input in iOS
* CVE-2026-7932: Insufficient policy enforcement in Downloads
* CVE-2026-7933: Out of bounds read in WebCodecs
* CVE-2026-7934: Insufficient validation of untrusted input in Popup Blocker
* CVE-2026-7935: Inappropriate implementation in Speech
* CVE-2026-7936: Object lifecycle issue in V8
* CVE-2026-7937: Insufficient policy enforcement in DevTools
* CVE-2026-7938: Use after free in CSS
* CVE-2026-7939: Inappropriate implementation in SanitizerAPI
* CVE-2026-7940: Use after free in V8
* CVE-2026-7941: Insufficient validation of untrusted input in Mobile
* CVE-2026-7942: Integer overflow in ANGLE
* CVE-2026-7943: Insufficient validation of untrusted input in ANGLE
* CVE-2026-7944: Insufficient validation of untrusted input in Persistent Cache
* CVE-2026-7945: Insufficient validation of untrusted input in COOP
* CVE-2026-7946: Insufficient policy enforcement in WebUI
* CVE-2026-7947: Insufficient validation of untrusted input in Network
* CVE-2026-7948: Race in Chromoting
* CVE-2026-7949: Out of bounds read in Skia
* CVE-2026-7950: Out of bounds read and write in GFX
* CVE-2026-7951: Out of bounds write in WebRTC
* CVE-2026-7952: Insufficient policy enforcement in Extensions
* CVE-2026-7953: Insufficient validation of untrusted input in Omnibox
* CVE-2026-7954: Race in Shared Storage
* CVE-2026-7955: Uninitialized Use in GPU
* CVE-2026-7956: Use after free in Navigation
* CVE-2026-7957: Out of bounds write in Media
* CVE-2026-7958: Inappropriate implementation in ServiceWorker
* CVE-2026-7959: Inappropriate implementation in Navigation
* CVE-2026-7960: Race in Speech
* CVE-2026-7961: Insufficient validation of untrusted input in Permissions
* CVE-2026-7962: Insufficient policy enforcement in DirectSockets
* CVE-2026-7963: Inappropriate implementation in ServiceWorker
* CVE-2026-7964: Insufficient validation of untrusted input in FileSystem
* CVE-2026-7965: Insufficient validation of untrusted input in DevTools
* CVE-2026-7966: Insufficient validation of untrusted input in SiteIsolation
* CVE-2026-7967: Insufficient validation of untrusted input in Navigation
* CVE-2026-7968: Insufficient validation of untrusted input in CORS
* CVE-2026-7969: Integer overflow in Network
* CVE-2026-7970: Use after free in TopChrome
* CVE-2026-7971: Inappropriate implementation in ORB
* CVE-2026-7972: Uninitialized Use in GPU
* CVE-2026-7973: Integer overflow in Dawn
* CVE-2026-7974: Use after free in Blink
* CVE-2026-7975: Use after free in DevTools
* CVE-2026-7976: Use after free in Views
* CVE-2026-7977: Inappropriate implementation in Canvas
* CVE-2026-7978: Inappropriate implementation in Companion
* CVE-2026-7979: Inappropriate implementation in Media
* CVE-2026-7980: Use after free in WebAudio
* CVE-2026-7981: Out of bounds read in Codecs
* CVE-2026-7982: Uninitialized Use in WebCodecs
* CVE-2026-7983: Out of bounds read in Dawn
* CVE-2026-7984: Use after free in ReadingMode
* CVE-2026-7985: Use after free in GPU
* CVE-2026-7986: Insufficient policy enforcement in Autofill
* CVE-2026-7987: Use after free in WebRTC
* CVE-2026-7988: Type Confusion in WebRTC
* CVE-2026-7989: Insufficient data validation in DataTransfer
* CVE-2026-7990: Insufficient validation of untrusted input in Updater
* CVE-2026-7991: Use after free in UI
* CVE-2026-7992: Insufficient validation of untrusted input in UI
* CVE-2026-7993: Insufficient validation of untrusted input in Payments
* CVE-2026-7994: Inappropriate implementation in Chromoting
* CVE-2026-7995: Out of bounds read in AdFilter
* CVE-2026-7996: Insufficient validation of untrusted input in SSL
* CVE-2026-7997: Insufficient validation of untrusted input in Updater
* CVE-2026-7998: Insufficient validation of untrusted input in Dialog
* CVE-2026-7999: Inappropriate implementation in V8
* CVE-2026-8000: Insufficient validation of untrusted input in ChromeDriver
* CVE-2026-8001: Use after free in Printing
* CVE-2026-8002: Use after free in Audio
* CVE-2026-8003: Insufficient validation of untrusted input in TabGroups
* CVE-2026-8004: Insufficient policy enforcement in DevTools
* CVE-2026-8005: Insufficient validation of untrusted input in Cast
* CVE-2026-8006: Insufficient policy enforcement in DevTools
* CVE-2026-8007: Insufficient validation of untrusted input in Cast
* CVE-2026-8008: Inappropriate implementation in DevTools
* CVE-2026-8009: Inappropriate implementation in Cast
* CVE-2026-8010: Insufficient validation of untrusted input in SiteIsolation
* CVE-2026-8011: Insufficient policy enforcement in Search
* CVE-2026-8012: Inappropriate implementation in MHTML
* CVE-2026-8013: Insufficient validation of untrusted input in FedCM
* CVE-2026-8014: Inappropriate implementation in Preload
* CVE-2026-8015: Inappropriate implementation in Media
* CVE-2026-8016: Use after free in WebRTC
* CVE-2026-8017: Side-channel information leakage in Media
* CVE-2026-8018: Insufficient policy enforcement in DevTools
* CVE-2026-8019: Insufficient policy enforcement in WebApp
* CVE-2026-8020: Uninitialized Use in GPU
* CVE-2026-8021: Script injection in UI
* CVE-2026-8022: Inappropriate implementation in MHTML
- Remove old remoting-no-tests patch
- Remove fix_GL_native_pixmap_import_support_reset_in_GpuInit patch
- Fix build error causing by sanitizer defines in GN
- Refresh rust-enable-unstable_feature patch
- Fix build error with system rust compiler
- Fix build error causing by new clang++ options which are not supported yet
- Fix build error causing by harfbuzz library rename
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2468370 - CVE-2026-7896 CVE-2026-7897 CVE-2026-7898 CVE-2026-7899 CVE-2026-7900 CVE-2026-7901 CVE-2026-7902 CVE-2026-7903 CVE-2026-7904 CVE-2026-7905 CVE-2026-7906 CVE-2026-7907 CVE-2026-7908 CVE-2026-7909 CVE-2026-7910 ... chromium: various flaws [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2468370
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-67a2a7275d' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 42 Update: uriparser-1.0.1-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-593d463bbf
2026-05-15 22:44:59.632843+00:00
--------------------------------------------------------------------------------
Name : uriparser
Product : Fedora 42
Version : 1.0.1
Release : 1.fc42
URL : https://uriparser.github.io/
Summary : URI parsing library - RFC 3986
Description :
Uriparser is a strictly RFC 3986 compliant URI parsing library written
in C. uriparser is cross-platform, fast, supports Unicode and is
licensed under the New BSD license.
--------------------------------------------------------------------------------
Update Information:
Update to uriparser-1.0.1.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 30 2026 Sandro Mani [manisandro@gmail.com] - 1.0.1-1
- Update to 1.0.1
* Sat Jan 17 2026 Fedora Release Engineering [releng@fedoraproject.org] - 1.0.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2463210 - CVE-2026-42371 uriparser: uriparser: Denial of Service via numeric truncation with oversized URIs [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2463210
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-593d463bbf' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 42 Update: firefox-150.0.3-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-c62259888c
2026-05-15 22:44:59.632853+00:00
--------------------------------------------------------------------------------
Name : firefox
Product : Fedora 42
Version : 150.0.3
Release : 1.fc42
URL : https://www.mozilla.org/firefox/
Summary : Mozilla Firefox Web browser
Description :
Mozilla Firefox is an open-source web browser, designed for standards
compliance, performance and portability.
--------------------------------------------------------------------------------
Update Information:
New upstream release (150.0.3)
--------------------------------------------------------------------------------
ChangeLog:
* Tue May 12 2026 Martin Stransky [stransky@redhat.com] - 150.0.3-1
- Update to latest upstream (150.0.3)
* Mon May 11 2026 Martin Stransky [stransky@redhat.com] - 150.0.2-1
- Update to latest upstream (150.0.2)
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-c62259888c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: kernel-7.0.8-100.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-03be3dc34b
2026-05-15 21:09:28.748531+00:00
--------------------------------------------------------------------------------
Name : kernel
Product : Fedora 43
Version : 7.0.8
Release : 100.fc43
URL : https://www.kernel.org/
Summary : The Linux kernel
Description :
The kernel meta package
--------------------------------------------------------------------------------
Update Information:
The 7.0.8 stable kernel update contains a fix for the keysign-pwn vulnerability
CVE-2026-46333 as well as a mitigation for one more code path of fragnesia.
--------------------------------------------------------------------------------
ChangeLog:
* Fri May 15 2026 Justin M. Forbes [jforbes@fedoraproject.org] [7.0.8-0]
- net: skbuff: propagate shared-frag marker through frag-transfer helpers (Hyunwoo Kim)
- Revert v3 of the fragnesia fixes as v4 covers an additional case (Justin M. Forbes)
- Bluetooth: btmtk: accept too short WMT FUNC_CTRL events (Pauli Virtanen)
- Linux v7.0.8
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-03be3dc34b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: nginx-mod-vts-0.2.4-9.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-fb53cb4d67
2026-05-15 21:09:28.748523+00:00
--------------------------------------------------------------------------------
Name : nginx-mod-vts
Product : Fedora 43
Version : 0.2.4
Release : 9.fc43
URL : https://github.com/vozlt/nginx-module-vts
Summary : Nginx virtual host traffic status module
Description :
Nginx virtual host traffic status module.
--------------------------------------------------------------------------------
Update Information:
nginx-mod-brotli:
Rebuild for 1.30.1
nginx-mod-vts:
Rebuild for 1.30.1
nginx-mod-modsecurity:
Rebuild for 1.30.1
nginx-mod-fancyindex:
Rebuild for 1.30.1
nginx-mod-headers-more:
Rebuild for 1.30.1
nginx-mod-naxsi:
Rebuild for 1.30.1
nginx:
update to 1.30.1
fixes CVE-2026-42926, CVE-2026-42945, CVE-2026-42946, CVE-2026-42934,
CVE-2026-40460 and CVE-2026-40701
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 13 2026 Felix Kaechele [felix@kaechele.ca] - 0.2.4-9
- Rebuild for 1.30.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2477413 - CVE-2026-42945 nginx: NGINX: Arbitrary Code Execution Vulnerability [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2477413
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-fb53cb4d67' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: nginx-1.30.1-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-fb53cb4d67
2026-05-15 21:09:28.748523+00:00
--------------------------------------------------------------------------------
Name : nginx
Product : Fedora 43
Version : 1.30.1
Release : 1.fc43
URL : https://nginx.org
Summary : A high performance web server and reverse proxy server
Description :
Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and
IMAP protocols, with a strong focus on high concurrency, performance and low
memory usage.
--------------------------------------------------------------------------------
Update Information:
nginx-mod-brotli:
Rebuild for 1.30.1
nginx-mod-vts:
Rebuild for 1.30.1
nginx-mod-modsecurity:
Rebuild for 1.30.1
nginx-mod-fancyindex:
Rebuild for 1.30.1
nginx-mod-headers-more:
Rebuild for 1.30.1
nginx-mod-naxsi:
Rebuild for 1.30.1
nginx:
update to 1.30.1
fixes CVE-2026-42926, CVE-2026-42945, CVE-2026-42946, CVE-2026-42934,
CVE-2026-40460 and CVE-2026-40701
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 13 2026 Felix Kaechele [felix@kaechele.ca] - 2:1.30.1-1
- update to 1.30.1
- fixes CVE-2026-42926, CVE-2026-42945, CVE-2026-42946, CVE-2026-42934,
CVE-2026-40460 and CVE-2026-40701
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2477413 - CVE-2026-42945 nginx: NGINX: Arbitrary Code Execution Vulnerability [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2477413
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-fb53cb4d67' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: nginx-mod-modsecurity-1.0.4-10.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-fb53cb4d67
2026-05-15 21:09:28.748523+00:00
--------------------------------------------------------------------------------
Name : nginx-mod-modsecurity
Product : Fedora 43
Version : 1.0.4
Release : 10.fc43
URL : https://github.com/SpiderLabs/ModSecurity-nginx
Summary : ModSecurity v3 nginx connector
Description :
The ModSecurity-nginx connector is the connection point between nginx and
libmodsecurity (ModSecurity v3). Said another way, this project provides a
communication channel between nginx and libmodsecurity. This connector is
required to use LibModSecurity with nginx.
The ModSecurity-nginx connector takes the form of an nginx module. The module
simply serves as a layer of communication between nginx and ModSecurity
--------------------------------------------------------------------------------
Update Information:
nginx-mod-brotli:
Rebuild for 1.30.1
nginx-mod-vts:
Rebuild for 1.30.1
nginx-mod-modsecurity:
Rebuild for 1.30.1
nginx-mod-fancyindex:
Rebuild for 1.30.1
nginx-mod-headers-more:
Rebuild for 1.30.1
nginx-mod-naxsi:
Rebuild for 1.30.1
nginx:
update to 1.30.1
fixes CVE-2026-42926, CVE-2026-42945, CVE-2026-42946, CVE-2026-42934,
CVE-2026-40460 and CVE-2026-40701
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 13 2026 Felix Kaechele [felix@kaechele.ca] - 1.0.4-10
- Rebuild for 1.30.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2477413 - CVE-2026-42945 nginx: NGINX: Arbitrary Code Execution Vulnerability [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2477413
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-fb53cb4d67' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: nginx-mod-fancyindex-0.6.0-4.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-fb53cb4d67
2026-05-15 21:09:28.748523+00:00
--------------------------------------------------------------------------------
Name : nginx-mod-fancyindex
Product : Fedora 43
Version : 0.6.0
Release : 4.fc43
URL : https://github.com/aperezdc/ngx-fancyindex
Summary : Nginx FancyIndex module
Description :
The Fancy Index module makes possible the generation of file listings,
like the built-in autoindex module does, but adding a touch of style.
This is possible because the module allows a certain degree of
customization of the generated content:
* Custom headers. Either local or stored remotely.
* Custom footers. Either local or stored remotely.
* Add you own CSS style rules.
* Allow choosing to sort elements by name (default),
modification time, or size; both ascending (default),
or descending.
--------------------------------------------------------------------------------
Update Information:
nginx-mod-brotli:
Rebuild for 1.30.1
nginx-mod-vts:
Rebuild for 1.30.1
nginx-mod-modsecurity:
Rebuild for 1.30.1
nginx-mod-fancyindex:
Rebuild for 1.30.1
nginx-mod-headers-more:
Rebuild for 1.30.1
nginx-mod-naxsi:
Rebuild for 1.30.1
nginx:
update to 1.30.1
fixes CVE-2026-42926, CVE-2026-42945, CVE-2026-42946, CVE-2026-42934,
CVE-2026-40460 and CVE-2026-40701
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 13 2026 Felix Kaechele [felix@kaechele.ca] - 0.6.0-4
- Rebuild for 1.30.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2477413 - CVE-2026-42945 nginx: NGINX: Arbitrary Code Execution Vulnerability [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2477413
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-fb53cb4d67' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: nginx-mod-naxsi-1.6-17.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-fb53cb4d67
2026-05-15 21:09:28.748523+00:00
--------------------------------------------------------------------------------
Name : nginx-mod-naxsi
Product : Fedora 43
Version : 1.6
Release : 17.fc43
URL : https://github.com/wargio/naxsi
Summary : nginx web application firewall module
Description :
naxsi is an nginx module that provides score based Web Application Firewall
(WAF) abilities in a highly granular fashion.
--------------------------------------------------------------------------------
Update Information:
nginx-mod-brotli:
Rebuild for 1.30.1
nginx-mod-vts:
Rebuild for 1.30.1
nginx-mod-modsecurity:
Rebuild for 1.30.1
nginx-mod-fancyindex:
Rebuild for 1.30.1
nginx-mod-headers-more:
Rebuild for 1.30.1
nginx-mod-naxsi:
Rebuild for 1.30.1
nginx:
update to 1.30.1
fixes CVE-2026-42926, CVE-2026-42945, CVE-2026-42946, CVE-2026-42934,
CVE-2026-40460 and CVE-2026-40701
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 13 2026 Felix Kaechele [felix@kaechele.ca] - 1.6-17
- Rebuild for 1.30.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2477413 - CVE-2026-42945 nginx: NGINX: Arbitrary Code Execution Vulnerability [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2477413
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-fb53cb4d67' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: nginx-mod-brotli-1.0.0~rc-9.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-fb53cb4d67
2026-05-15 21:09:28.748523+00:00
--------------------------------------------------------------------------------
Name : nginx-mod-brotli
Product : Fedora 43
Version : 1.0.0~rc
Release : 9.fc43
URL : https://github.com/google/ngx_brotli
Summary : NGINX module for Brotli compression
Description :
NGINX module for Brotli compression.
--------------------------------------------------------------------------------
Update Information:
nginx-mod-brotli:
Rebuild for 1.30.1
nginx-mod-vts:
Rebuild for 1.30.1
nginx-mod-modsecurity:
Rebuild for 1.30.1
nginx-mod-fancyindex:
Rebuild for 1.30.1
nginx-mod-headers-more:
Rebuild for 1.30.1
nginx-mod-naxsi:
Rebuild for 1.30.1
nginx:
update to 1.30.1
fixes CVE-2026-42926, CVE-2026-42945, CVE-2026-42946, CVE-2026-42934,
CVE-2026-40460 and CVE-2026-40701
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 13 2026 Felix Kaechele [felix@kaechele.ca] - 1.0.0~rc-9
- Rebuild for 1.30.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2477413 - CVE-2026-42945 nginx: NGINX: Arbitrary Code Execution Vulnerability [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2477413
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-fb53cb4d67' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: nginx-mod-headers-more-0.39-9.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-fb53cb4d67
2026-05-15 21:09:28.748523+00:00
--------------------------------------------------------------------------------
Name : nginx-mod-headers-more
Product : Fedora 43
Version : 0.39
Release : 9.fc43
URL : https://github.com/openresty/headers-more-nginx-module
Summary : This module allows adding, setting, or clearing specified input/output headers
Description :
This module allows adding, setting, or clearing specified input/output headers.
This is an enhanced version of the standard headers module because it provides
more utilities like resetting or clearing "builtin headers" like Content-Type,
Content-Length, and Server.
--------------------------------------------------------------------------------
Update Information:
nginx-mod-brotli:
Rebuild for 1.30.1
nginx-mod-vts:
Rebuild for 1.30.1
nginx-mod-modsecurity:
Rebuild for 1.30.1
nginx-mod-fancyindex:
Rebuild for 1.30.1
nginx-mod-headers-more:
Rebuild for 1.30.1
nginx-mod-naxsi:
Rebuild for 1.30.1
nginx:
update to 1.30.1
fixes CVE-2026-42926, CVE-2026-42945, CVE-2026-42946, CVE-2026-42934,
CVE-2026-40460 and CVE-2026-40701
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 13 2026 Felix Kaechele [felix@kaechele.ca] - 0.39-9
- Rebuild for 1.30.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2477413 - CVE-2026-42945 nginx: NGINX: Arbitrary Code Execution Vulnerability [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2477413
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-fb53cb4d67' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 44 Update: nginx-mod-js-challenge-0^20230517.gitda6852d-7.fc44
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-094eb13bb1
2026-05-15 20:57:10.102601+00:00
--------------------------------------------------------------------------------
Name : nginx-mod-js-challenge
Product : Fedora 44
Version : 0^20230517.gitda6852d
Release : 7.fc44
URL : https://github.com/simon987/ngx_http_js_challenge_module
Summary : Simple JavaScript proof-of-work based access for Nginx with virtually no overhead
Description :
Simple JavaScript proof-of-work based access for Nginx with virtually no overhead.
--------------------------------------------------------------------------------
Update Information:
nginx-mod-fancyindex:
Rebuild for 1.30.1
nginx-mod-headers-more:
Rebuild for 1.30.1
nginx-mod-naxsi:
Rebuild for 1.30.1
nginx-mod-js-challenge:
Rebuild for 1.30.1
nginx-mod-brotli:
Rebuild for 1.30.1
nginx-mod-vts:
Rebuild for 1.30.1
nginx-mod-modsecurity:
Rebuild for 1.30.1
nginx:
update to 1.30.1
fixes CVE-2026-42926, CVE-2026-42945, CVE-2026-42946, CVE-2026-42934,
CVE-2026-40460 and CVE-2026-40701
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 13 2026 Felix Kaechele [felix@kaechele.ca] - 0^20230517.gitda6852d-7
- Rebuild for 1.30.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2477413 - CVE-2026-42945 nginx: NGINX: Arbitrary Code Execution Vulnerability [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2477413
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-094eb13bb1' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 44 Update: kernel-7.0.8-200.fc44
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-2aeb7d033a
2026-05-15 20:57:10.102609+00:00
--------------------------------------------------------------------------------
Name : kernel
Product : Fedora 44
Version : 7.0.8
Release : 200.fc44
URL : https://www.kernel.org/
Summary : The Linux kernel
Description :
The kernel meta package
--------------------------------------------------------------------------------
Update Information:
The 7.0.8 stable kernel update contains a fix for the keysign-pwn vulnerability
CVE-2026-46333 as well as a mitigation for one more code path of fragnesia.
--------------------------------------------------------------------------------
ChangeLog:
* Fri May 15 2026 Justin M. Forbes [jforbes@fedoraproject.org] [7.0.8-0]
- net: skbuff: propagate shared-frag marker through frag-transfer helpers (Hyunwoo Kim)
- Revert v3 of the fragnesia fixes as v4 covers an additional case (Justin M. Forbes)
- Bluetooth: btmtk: accept too short WMT FUNC_CTRL events (Pauli Virtanen)
- Linux v7.0.8
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-2aeb7d033a' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 44 Update: nginx-mod-vts-0.2.4-9.fc44
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-094eb13bb1
2026-05-15 20:57:10.102601+00:00
--------------------------------------------------------------------------------
Name : nginx-mod-vts
Product : Fedora 44
Version : 0.2.4
Release : 9.fc44
URL : https://github.com/vozlt/nginx-module-vts
Summary : Nginx virtual host traffic status module
Description :
Nginx virtual host traffic status module.
--------------------------------------------------------------------------------
Update Information:
nginx-mod-fancyindex:
Rebuild for 1.30.1
nginx-mod-headers-more:
Rebuild for 1.30.1
nginx-mod-naxsi:
Rebuild for 1.30.1
nginx-mod-js-challenge:
Rebuild for 1.30.1
nginx-mod-brotli:
Rebuild for 1.30.1
nginx-mod-vts:
Rebuild for 1.30.1
nginx-mod-modsecurity:
Rebuild for 1.30.1
nginx:
update to 1.30.1
fixes CVE-2026-42926, CVE-2026-42945, CVE-2026-42946, CVE-2026-42934,
CVE-2026-40460 and CVE-2026-40701
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 13 2026 Felix Kaechele [felix@kaechele.ca] - 0.2.4-9
- Rebuild for 1.30.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2477413 - CVE-2026-42945 nginx: NGINX: Arbitrary Code Execution Vulnerability [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2477413
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-094eb13bb1' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 44 Update: nginx-mod-headers-more-0.39-9.fc44
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-094eb13bb1
2026-05-15 20:57:10.102601+00:00
--------------------------------------------------------------------------------
Name : nginx-mod-headers-more
Product : Fedora 44
Version : 0.39
Release : 9.fc44
URL : https://github.com/openresty/headers-more-nginx-module
Summary : This module allows adding, setting, or clearing specified input/output headers
Description :
This module allows adding, setting, or clearing specified input/output headers.
This is an enhanced version of the standard headers module because it provides
more utilities like resetting or clearing "builtin headers" like Content-Type,
Content-Length, and Server.
--------------------------------------------------------------------------------
Update Information:
nginx-mod-fancyindex:
Rebuild for 1.30.1
nginx-mod-headers-more:
Rebuild for 1.30.1
nginx-mod-naxsi:
Rebuild for 1.30.1
nginx-mod-js-challenge:
Rebuild for 1.30.1
nginx-mod-brotli:
Rebuild for 1.30.1
nginx-mod-vts:
Rebuild for 1.30.1
nginx-mod-modsecurity:
Rebuild for 1.30.1
nginx:
update to 1.30.1
fixes CVE-2026-42926, CVE-2026-42945, CVE-2026-42946, CVE-2026-42934,
CVE-2026-40460 and CVE-2026-40701
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 13 2026 Felix Kaechele [felix@kaechele.ca] - 0.39-9
- Rebuild for 1.30.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2477413 - CVE-2026-42945 nginx: NGINX: Arbitrary Code Execution Vulnerability [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2477413
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-094eb13bb1' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 44 Update: nginx-mod-naxsi-1.6-17.fc44
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-094eb13bb1
2026-05-15 20:57:10.102601+00:00
--------------------------------------------------------------------------------
Name : nginx-mod-naxsi
Product : Fedora 44
Version : 1.6
Release : 17.fc44
URL : https://github.com/wargio/naxsi
Summary : nginx web application firewall module
Description :
naxsi is an nginx module that provides score based Web Application Firewall
(WAF) abilities in a highly granular fashion.
--------------------------------------------------------------------------------
Update Information:
nginx-mod-fancyindex:
Rebuild for 1.30.1
nginx-mod-headers-more:
Rebuild for 1.30.1
nginx-mod-naxsi:
Rebuild for 1.30.1
nginx-mod-js-challenge:
Rebuild for 1.30.1
nginx-mod-brotli:
Rebuild for 1.30.1
nginx-mod-vts:
Rebuild for 1.30.1
nginx-mod-modsecurity:
Rebuild for 1.30.1
nginx:
update to 1.30.1
fixes CVE-2026-42926, CVE-2026-42945, CVE-2026-42946, CVE-2026-42934,
CVE-2026-40460 and CVE-2026-40701
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 13 2026 Felix Kaechele [felix@kaechele.ca] - 1.6-17
- Rebuild for 1.30.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2477413 - CVE-2026-42945 nginx: NGINX: Arbitrary Code Execution Vulnerability [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2477413
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-094eb13bb1' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 44 Update: nginx-1.30.1-1.fc44
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-094eb13bb1
2026-05-15 20:57:10.102601+00:00
--------------------------------------------------------------------------------
Name : nginx
Product : Fedora 44
Version : 1.30.1
Release : 1.fc44
URL : https://nginx.org
Summary : A high performance web server and reverse proxy server
Description :
Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and
IMAP protocols, with a strong focus on high concurrency, performance and low
memory usage.
--------------------------------------------------------------------------------
Update Information:
nginx-mod-fancyindex:
Rebuild for 1.30.1
nginx-mod-headers-more:
Rebuild for 1.30.1
nginx-mod-naxsi:
Rebuild for 1.30.1
nginx-mod-js-challenge:
Rebuild for 1.30.1
nginx-mod-brotli:
Rebuild for 1.30.1
nginx-mod-vts:
Rebuild for 1.30.1
nginx-mod-modsecurity:
Rebuild for 1.30.1
nginx:
update to 1.30.1
fixes CVE-2026-42926, CVE-2026-42945, CVE-2026-42946, CVE-2026-42934,
CVE-2026-40460 and CVE-2026-40701
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 13 2026 Felix Kaechele [felix@kaechele.ca] - 2:1.30.1-1
- update to 1.30.1
- fixes CVE-2026-42926, CVE-2026-42945, CVE-2026-42946, CVE-2026-42934,
CVE-2026-40460 and CVE-2026-40701
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2477413 - CVE-2026-42945 nginx: NGINX: Arbitrary Code Execution Vulnerability [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2477413
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-094eb13bb1' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 44 Update: nginx-mod-modsecurity-1.0.4-10.fc44
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-094eb13bb1
2026-05-15 20:57:10.102601+00:00
--------------------------------------------------------------------------------
Name : nginx-mod-modsecurity
Product : Fedora 44
Version : 1.0.4
Release : 10.fc44
URL : https://github.com/SpiderLabs/ModSecurity-nginx
Summary : ModSecurity v3 nginx connector
Description :
The ModSecurity-nginx connector is the connection point between nginx and
libmodsecurity (ModSecurity v3). Said another way, this project provides a
communication channel between nginx and libmodsecurity. This connector is
required to use LibModSecurity with nginx.
The ModSecurity-nginx connector takes the form of an nginx module. The module
simply serves as a layer of communication between nginx and ModSecurity
--------------------------------------------------------------------------------
Update Information:
nginx-mod-fancyindex:
Rebuild for 1.30.1
nginx-mod-headers-more:
Rebuild for 1.30.1
nginx-mod-naxsi:
Rebuild for 1.30.1
nginx-mod-js-challenge:
Rebuild for 1.30.1
nginx-mod-brotli:
Rebuild for 1.30.1
nginx-mod-vts:
Rebuild for 1.30.1
nginx-mod-modsecurity:
Rebuild for 1.30.1
nginx:
update to 1.30.1
fixes CVE-2026-42926, CVE-2026-42945, CVE-2026-42946, CVE-2026-42934,
CVE-2026-40460 and CVE-2026-40701
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 13 2026 Felix Kaechele [felix@kaechele.ca] - 1.0.4-10
- Rebuild for 1.30.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2477413 - CVE-2026-42945 nginx: NGINX: Arbitrary Code Execution Vulnerability [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2477413
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-094eb13bb1' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 44 Update: nginx-mod-fancyindex-0.6.0-4.fc44
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-094eb13bb1
2026-05-15 20:57:10.102601+00:00
--------------------------------------------------------------------------------
Name : nginx-mod-fancyindex
Product : Fedora 44
Version : 0.6.0
Release : 4.fc44
URL : https://github.com/aperezdc/ngx-fancyindex
Summary : Nginx FancyIndex module
Description :
The Fancy Index module makes possible the generation of file listings,
like the built-in autoindex module does, but adding a touch of style.
This is possible because the module allows a certain degree of
customization of the generated content:
* Custom headers. Either local or stored remotely.
* Custom footers. Either local or stored remotely.
* Add you own CSS style rules.
* Allow choosing to sort elements by name (default),
modification time, or size; both ascending (default),
or descending.
--------------------------------------------------------------------------------
Update Information:
nginx-mod-fancyindex:
Rebuild for 1.30.1
nginx-mod-headers-more:
Rebuild for 1.30.1
nginx-mod-naxsi:
Rebuild for 1.30.1
nginx-mod-js-challenge:
Rebuild for 1.30.1
nginx-mod-brotli:
Rebuild for 1.30.1
nginx-mod-vts:
Rebuild for 1.30.1
nginx-mod-modsecurity:
Rebuild for 1.30.1
nginx:
update to 1.30.1
fixes CVE-2026-42926, CVE-2026-42945, CVE-2026-42946, CVE-2026-42934,
CVE-2026-40460 and CVE-2026-40701
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 13 2026 Felix Kaechele [felix@kaechele.ca] - 0.6.0-4
- Rebuild for 1.30.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2477413 - CVE-2026-42945 nginx: NGINX: Arbitrary Code Execution Vulnerability [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2477413
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-094eb13bb1' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 44 Update: nginx-mod-brotli-1.0.0~rc-9.fc44
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-094eb13bb1
2026-05-15 20:57:10.102601+00:00
--------------------------------------------------------------------------------
Name : nginx-mod-brotli
Product : Fedora 44
Version : 1.0.0~rc
Release : 9.fc44
URL : https://github.com/google/ngx_brotli
Summary : NGINX module for Brotli compression
Description :
NGINX module for Brotli compression.
--------------------------------------------------------------------------------
Update Information:
nginx-mod-fancyindex:
Rebuild for 1.30.1
nginx-mod-headers-more:
Rebuild for 1.30.1
nginx-mod-naxsi:
Rebuild for 1.30.1
nginx-mod-js-challenge:
Rebuild for 1.30.1
nginx-mod-brotli:
Rebuild for 1.30.1
nginx-mod-vts:
Rebuild for 1.30.1
nginx-mod-modsecurity:
Rebuild for 1.30.1
nginx:
update to 1.30.1
fixes CVE-2026-42926, CVE-2026-42945, CVE-2026-42946, CVE-2026-42934,
CVE-2026-40460 and CVE-2026-40701
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 13 2026 Felix Kaechele [felix@kaechele.ca] - 1.0.0~rc-9
- Rebuild for 1.30.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2477413 - CVE-2026-42945 nginx: NGINX: Arbitrary Code Execution Vulnerability [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2477413
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-094eb13bb1' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 44 Update: rsync-3.4.1-7.fc44
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-75599531db
2026-05-15 20:57:10.102593+00:00
--------------------------------------------------------------------------------
Name : rsync
Product : Fedora 44
Version : 3.4.1
Release : 7.fc44
URL : https://rsync.samba.org/
Summary : A program for synchronizing files over a network
Description :
Rsync uses a reliable algorithm to bring remote and host files into
sync very quickly. Rsync is fast because it just sends the differences
in the files over the network instead of sending the complete
files. Rsync is often used as a very powerful mirroring process or
just as a more capable replacement for the rcp command. A technical
report which describes the rsync algorithm is included in this
package.
--------------------------------------------------------------------------------
Update Information:
Fixing various bugs from Upstream.
I did not do a rebase since the Upstream stopped supporting the rsync-patches
repo. I accepted this change in Rawhide but it changes the usage of one option
that is no longer available in rsync. This is why I avoided the rebase in older
stable branches.
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 6 2026 Michal Ruprich [mruprich@redhat.com] - 3.4.1-7
- Fix for CVE-2026-41035
- Fixing bad time in rsync logs
- Fixing regression from CVE-2024-12086 fix
- Fixing improper clearing of DISPLAY env variable
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2339145 - failed verification -- update discarded - regression from CVE fixes
https://bugzilla.redhat.com/show_bug.cgi?id=2339145
[ 2 ] Bug #2417003 - Bad time in rsync daemon log
https://bugzilla.redhat.com/show_bug.cgi?id=2417003
[ 3 ] Bug #2459115 - CVE-2026-41035 rsync: Rsync: Use-after-free vulnerability in extended attribute handling [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2459115
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-75599531db' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 44 Update: dnsmasq-2.92rel2-9.fc44
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-ac5cceec13
2026-05-15 20:57:10.102588+00:00
--------------------------------------------------------------------------------
Name : dnsmasq
Product : Fedora 44
Version : 2.92rel2
Release : 9.fc44
URL : http://www.thekelleys.org.uk/dnsmasq/
Summary : A lightweight DHCP/caching DNS server
Description :
Dnsmasq is lightweight, easy to configure DNS forwarder and DHCP server.
It is designed to provide DNS and, optionally, DHCP, to a small network.
It can serve the names of local machines which are not in the global
DNS. The DHCP server integrates with the DNS server and allows machines
with DHCP-allocated addresses to appear in the DNS with names configured
either in each host or in a central configuration file. Dnsmasq supports
static and dynamic DHCP leases and BOOTP for network booting of disk-less
machines.
--------------------------------------------------------------------------------
Update Information:
Update to 2.92rel2
2.92 point release incorporating fixes for:
CVE-2026-2291
CVE-2026-4890
CVE-2026-4891
CVE-2026-4892
CVE-2026-4893
CVE-2026-5172
https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2026q2/018471.html
--------------------------------------------------------------------------------
ChangeLog:
* Tue May 12 2026 Petr Men????k [pemensik@redhat.com] - 2.92rel2-9
- Update to 2.92rel2 (rhbz#2469245)
* Mon Apr 20 2026 Petr Men????k [pemensik@redhat.com] - 2.92-8
- Fix 1 byte extra write byte in DHCP reply (rhbz#2459196)
* Mon Feb 16 2026 Petr Men????k [pemensik@redhat.com] - 2.92-7
- Add optional build support for libasan
* Wed Feb 11 2026 Petr Men????k [] - 2.92-6
- Do not fail hard on inotify socket or watch failure
* Thu Jan 22 2026 Petr Men????k [] - 2.92-5
- Do not fail validation if signature owner name does not match (rbhz#2421820)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2459196 - CVE-2026-6507 dnsmasq: dnsmasq: Denial of Service due to out-of-bounds write in DHCP BOOTREPLY processing [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2459196
[ 2 ] Bug #2469245 - dnsmasq-2.92rel2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2469245
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-ac5cceec13' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 44 Update: perl-Net-CIDR-Lite-0.24-1.fc44
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-6f3d2d0d82
2026-05-15 20:57:10.102582+00:00
--------------------------------------------------------------------------------
Name : perl-Net-CIDR-Lite
Product : Fedora 44
Version : 0.24
Release : 1.fc44
URL : https://metacpan.org/release/Net-CIDR-Lite
Summary : Perl extension for merging IPv4 or IPv6 CIDR addresses
Description :
Faster alternative to Net::CIDR when merging a large number of CIDR address
ranges. Works for IPv4 and IPv6 addresses.
--------------------------------------------------------------------------------
Update Information:
This update addresses some input validation issues:
Reject Unicode digits and trailing newlines in parser inputs (CVE-2026-45190)
Reject zero-padded CIDR masks (CVE-2026-45191)
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 11 2026 Paul Howarth - 0.24-1
- Update to 0.24
- Reject Unicode digits and trailing newlines in parser inputs
(CVE-2026-45190)
- Reject zero-padded CIDR masks (CVE-2026-45191)
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-6f3d2d0d82' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
