Fedora 42 Update: mingw-expat-2.7.4-1.fc42
Fedora 42 Update: nginx-mod-naxsi-1.6-14.fc42
Fedora 42 Update: nginx-mod-headers-more-0.39-6.fc42
Fedora 42 Update: nginx-mod-vts-0.2.4-6.fc42
Fedora 42 Update: nginx-mod-brotli-1.0.0~rc-6.fc42
Fedora 42 Update: nginx-mod-modsecurity-1.0.4-7.fc42
Fedora 42 Update: nginx-mod-fancyindex-0.5.2-15.fc42
Fedora 42 Update: nginx-1.28.2-1.fc42
Fedora 42 Update: xen-4.19.4-2.fc42
Fedora 43 Update: mingw-expat-2.7.4-1.fc43
Fedora 43 Update: nginx-mod-naxsi-1.6-14.fc43
Fedora 43 Update: nginx-mod-vts-0.2.4-6.fc43
Fedora 43 Update: nginx-1.28.2-1.fc43
Fedora 43 Update: nginx-mod-headers-more-0.39-6.fc43
Fedora 43 Update: nginx-mod-modsecurity-1.0.4-7.fc43
Fedora 43 Update: nginx-mod-fancyindex-0.5.2-15.fc43
Fedora 43 Update: nginx-mod-brotli-1.0.0~rc-6.fc43
[SECURITY] Fedora 42 Update: mingw-expat-2.7.4-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-298986b2a3
2026-02-15 01:28:07.972968+00:00
--------------------------------------------------------------------------------
Name : mingw-expat
Product : Fedora 42
Version : 2.7.4
Release : 1.fc42
URL : http://www.libexpat.org/
Summary : MinGW Windows port of expat XML parser library
Description :
This is expat, the C library for parsing XML, written by James Clark. Expat
is a stream oriented XML parser. This means that you register handlers with
the parser prior to starting the parse. These handlers are called when the
parser discovers the associated structures in the document being parsed. A
start tag is an example of the kind of structures for which you may
register handlers.
--------------------------------------------------------------------------------
Update Information:
Update to expat-2.7.4.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Feb 6 2026 Sandro Mani [manisandro@gmail.com] - 2.7.4-1
- Update to 2.7.4
* Fri Jan 16 2026 Fedora Release Engineering [releng@fedoraproject.org] - 2.7.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2433616 - CVE-2026-24515 mingw-expat: libexpat null pointer dereference [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2433616
[ 2 ] Bug #2433618 - CVE-2026-24515 mingw-expat: libexpat null pointer dereference [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2433618
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-298986b2a3' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 42 Update: nginx-mod-naxsi-1.6-14.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-0b8cc86e5b
2026-02-15 01:28:07.972874+00:00
--------------------------------------------------------------------------------
Name : nginx-mod-naxsi
Product : Fedora 42
Version : 1.6
Release : 14.fc42
URL : https://github.com/wargio/naxsi
Summary : nginx web application firewall module
Description :
naxsi is an nginx module that provides score based Web Application Firewall
(WAF) abilities in a highly granular fashion.
--------------------------------------------------------------------------------
Update Information:
nginx-mod-fancyindex:
Rebuild for 1.28.2
nginx-mod-headers-more:
Rebuild for 1.28.2
nginx-mod-brotli:
Rebuild for 1.28.2
nginx-mod-modsecurity:
Rebuild for 1.28.2
nginx-mod-vts:
Rebuild for 1.28.2
nginx-mod-naxsi:
Rebuild for 1.28.2
nginx:
Update to 1.28.2
fixes CVE-2026-1642
move log directory to nginx-filesystem subpackage (PR#20)
delete Maxim Dounin's key, it's no longer listed on the nginx website
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 4 2026 Felix Kaechele [felix@kaechele.ca] - 1.6-14
- Rebuild for 1.28.2
* Fri Jan 16 2026 Fedora Release Engineering [releng@fedoraproject.org] - 1.6-13
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2436870 - CVE-2026-1642 nginx: NGINX: Data injection via man-in-the-middle attack on TLS proxied connections [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2436870
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-0b8cc86e5b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 42 Update: nginx-mod-headers-more-0.39-6.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-0b8cc86e5b
2026-02-15 01:28:07.972874+00:00
--------------------------------------------------------------------------------
Name : nginx-mod-headers-more
Product : Fedora 42
Version : 0.39
Release : 6.fc42
URL : https://github.com/openresty/headers-more-nginx-module
Summary : This module allows adding, setting, or clearing specified input/output headers
Description :
This module allows adding, setting, or clearing specified input/output headers.
This is an enhanced version of the standard headers module because it provides
more utilities like resetting or clearing "builtin headers" like Content-Type,
Content-Length, and Server.
--------------------------------------------------------------------------------
Update Information:
nginx-mod-fancyindex:
Rebuild for 1.28.2
nginx-mod-headers-more:
Rebuild for 1.28.2
nginx-mod-brotli:
Rebuild for 1.28.2
nginx-mod-modsecurity:
Rebuild for 1.28.2
nginx-mod-vts:
Rebuild for 1.28.2
nginx-mod-naxsi:
Rebuild for 1.28.2
nginx:
Update to 1.28.2
fixes CVE-2026-1642
move log directory to nginx-filesystem subpackage (PR#20)
delete Maxim Dounin's key, it's no longer listed on the nginx website
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 4 2026 Felix Kaechele [felix@kaechele.ca] - 0.39-6
- Rebuild for 1.28.2
* Fri Jan 16 2026 Fedora Release Engineering [releng@fedoraproject.org] - 0.39-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2436870 - CVE-2026-1642 nginx: NGINX: Data injection via man-in-the-middle attack on TLS proxied connections [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2436870
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-0b8cc86e5b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 42 Update: nginx-mod-vts-0.2.4-6.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-0b8cc86e5b
2026-02-15 01:28:07.972874+00:00
--------------------------------------------------------------------------------
Name : nginx-mod-vts
Product : Fedora 42
Version : 0.2.4
Release : 6.fc42
URL : https://github.com/vozlt/nginx-module-vts
Summary : Nginx virtual host traffic status module
Description :
Nginx virtual host traffic status module.
--------------------------------------------------------------------------------
Update Information:
nginx-mod-fancyindex:
Rebuild for 1.28.2
nginx-mod-headers-more:
Rebuild for 1.28.2
nginx-mod-brotli:
Rebuild for 1.28.2
nginx-mod-modsecurity:
Rebuild for 1.28.2
nginx-mod-vts:
Rebuild for 1.28.2
nginx-mod-naxsi:
Rebuild for 1.28.2
nginx:
Update to 1.28.2
fixes CVE-2026-1642
move log directory to nginx-filesystem subpackage (PR#20)
delete Maxim Dounin's key, it's no longer listed on the nginx website
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 4 2026 Felix Kaechele [felix@kaechele.ca] - 0.2.4-6
- Rebuild for 1.28.2
* Fri Jan 16 2026 Fedora Release Engineering [releng@fedoraproject.org] - 0.2.4-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2436870 - CVE-2026-1642 nginx: NGINX: Data injection via man-in-the-middle attack on TLS proxied connections [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2436870
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-0b8cc86e5b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 42 Update: nginx-mod-brotli-1.0.0~rc-6.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-0b8cc86e5b
2026-02-15 01:28:07.972874+00:00
--------------------------------------------------------------------------------
Name : nginx-mod-brotli
Product : Fedora 42
Version : 1.0.0~rc
Release : 6.fc42
URL : https://github.com/google/ngx_brotli
Summary : NGINX module for Brotli compression
Description :
NGINX module for Brotli compression.
--------------------------------------------------------------------------------
Update Information:
nginx-mod-fancyindex:
Rebuild for 1.28.2
nginx-mod-headers-more:
Rebuild for 1.28.2
nginx-mod-brotli:
Rebuild for 1.28.2
nginx-mod-modsecurity:
Rebuild for 1.28.2
nginx-mod-vts:
Rebuild for 1.28.2
nginx-mod-naxsi:
Rebuild for 1.28.2
nginx:
Update to 1.28.2
fixes CVE-2026-1642
move log directory to nginx-filesystem subpackage (PR#20)
delete Maxim Dounin's key, it's no longer listed on the nginx website
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 4 2026 Felix Kaechele [felix@kaechele.ca] - 1.0.0~rc-6
- Rebuild for 1.28.2
* Fri Jan 16 2026 Fedora Release Engineering [releng@fedoraproject.org] - 1.0.0~rc-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2436870 - CVE-2026-1642 nginx: NGINX: Data injection via man-in-the-middle attack on TLS proxied connections [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2436870
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-0b8cc86e5b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 42 Update: nginx-mod-modsecurity-1.0.4-7.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-0b8cc86e5b
2026-02-15 01:28:07.972874+00:00
--------------------------------------------------------------------------------
Name : nginx-mod-modsecurity
Product : Fedora 42
Version : 1.0.4
Release : 7.fc42
URL : https://github.com/SpiderLabs/ModSecurity-nginx
Summary : ModSecurity v3 nginx connector
Description :
The ModSecurity-nginx connector is the connection point between nginx and
libmodsecurity (ModSecurity v3). Said another way, this project provides a
communication channel between nginx and libmodsecurity. This connector is
required to use LibModSecurity with nginx.
The ModSecurity-nginx connector takes the form of an nginx module. The module
simply serves as a layer of communication between nginx and ModSecurity
--------------------------------------------------------------------------------
Update Information:
nginx-mod-fancyindex:
Rebuild for 1.28.2
nginx-mod-headers-more:
Rebuild for 1.28.2
nginx-mod-brotli:
Rebuild for 1.28.2
nginx-mod-modsecurity:
Rebuild for 1.28.2
nginx-mod-vts:
Rebuild for 1.28.2
nginx-mod-naxsi:
Rebuild for 1.28.2
nginx:
Update to 1.28.2
fixes CVE-2026-1642
move log directory to nginx-filesystem subpackage (PR#20)
delete Maxim Dounin's key, it's no longer listed on the nginx website
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 4 2026 Felix Kaechele [felix@kaechele.ca] - 1.0.4-7
- Rebuild for 1.28.2
* Fri Jan 16 2026 Fedora Release Engineering [releng@fedoraproject.org] - 1.0.4-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2436870 - CVE-2026-1642 nginx: NGINX: Data injection via man-in-the-middle attack on TLS proxied connections [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2436870
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-0b8cc86e5b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 42 Update: nginx-mod-fancyindex-0.5.2-15.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-0b8cc86e5b
2026-02-15 01:28:07.972874+00:00
--------------------------------------------------------------------------------
Name : nginx-mod-fancyindex
Product : Fedora 42
Version : 0.5.2
Release : 15.fc42
URL : https://github.com/aperezdc/ngx-fancyindex
Summary : Nginx FancyIndex module
Description :
The Fancy Index module makes possible the generation of file listings,
like the built-in autoindex module does, but adding a touch of style.
This is possible because the module allows a certain degree of
customization of the generated content:
* Custom headers. Either local or stored remotely.
* Custom footers. Either local or stored remotely.
* Add you own CSS style rules.
* Allow choosing to sort elements by name (default),
modification time, or size; both ascending (default),
or descending.
--------------------------------------------------------------------------------
Update Information:
nginx-mod-fancyindex:
Rebuild for 1.28.2
nginx-mod-headers-more:
Rebuild for 1.28.2
nginx-mod-brotli:
Rebuild for 1.28.2
nginx-mod-modsecurity:
Rebuild for 1.28.2
nginx-mod-vts:
Rebuild for 1.28.2
nginx-mod-naxsi:
Rebuild for 1.28.2
nginx:
Update to 1.28.2
fixes CVE-2026-1642
move log directory to nginx-filesystem subpackage (PR#20)
delete Maxim Dounin's key, it's no longer listed on the nginx website
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 4 2026 Felix Kaechele [felix@kaechele.ca] - 0.5.2-15
- Rebuild for 1.28.2
* Fri Jan 16 2026 Fedora Release Engineering [releng@fedoraproject.org] - 0.5.2-14
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2436870 - CVE-2026-1642 nginx: NGINX: Data injection via man-in-the-middle attack on TLS proxied connections [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2436870
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-0b8cc86e5b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 42 Update: nginx-1.28.2-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-0b8cc86e5b
2026-02-15 01:28:07.972874+00:00
--------------------------------------------------------------------------------
Name : nginx
Product : Fedora 42
Version : 1.28.2
Release : 1.fc42
URL : https://nginx.org
Summary : A high performance web server and reverse proxy server
Description :
Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and
IMAP protocols, with a strong focus on high concurrency, performance and low
memory usage.
--------------------------------------------------------------------------------
Update Information:
nginx-mod-fancyindex:
Rebuild for 1.28.2
nginx-mod-headers-more:
Rebuild for 1.28.2
nginx-mod-brotli:
Rebuild for 1.28.2
nginx-mod-modsecurity:
Rebuild for 1.28.2
nginx-mod-vts:
Rebuild for 1.28.2
nginx-mod-naxsi:
Rebuild for 1.28.2
nginx:
Update to 1.28.2
fixes CVE-2026-1642
move log directory to nginx-filesystem subpackage (PR#20)
delete Maxim Dounin's key, it's no longer listed on the nginx website
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 4 2026 Felix Kaechele [felix@kaechele.ca] - 2:1.28.2-1
- Update to 1.28.2
- fixes CVE-2026-1642
- move log directory to nginx-filesystem subpackage (PR#20)
- delete Maxim Dounin's key, it's no longer listed on the nginx website
* Wed Feb 4 2026 Nicolas Chauvet [kwizart@gmail.com] - 2:1.28.1-6
- Move log/nginx in filesystem sub-package
* Tue Jan 27 2026 Lubo?? Uhliarik [luhliari@redhat.com] - 2:1.28.1-5
- Clarify binding behavior of -t option.
* Fri Jan 16 2026 Fedora Release Engineering [releng@fedoraproject.org] - 2:1.28.1-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2436870 - CVE-2026-1642 nginx: NGINX: Data injection via man-in-the-middle attack on TLS proxied connections [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2436870
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-0b8cc86e5b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 42 Update: xen-4.19.4-2.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-e39149a8a0
2026-02-15 01:28:07.972869+00:00
--------------------------------------------------------------------------------
Name : xen
Product : Fedora 42
Version : 4.19.4
Release : 2.fc42
URL : http://xen.org/
Summary : Xen is a virtual machine monitor
Description :
This package contains the XenD daemon and xm command line
tools, needed to manage virtual machines running under the
Xen hypervisor
--------------------------------------------------------------------------------
Update Information:
x86: buffer overrun with shadow paging + tracing [XSA-477, CVE-2025-58150]
x86: incomplete IBPB for vCPU isolation [XSA-479, CVE-2026-23553]
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jan 29 2026 Michael Young [m.a.young@durham.ac.uk] - 4.19.4-2
x86: buffer overrun with shadow paging + tracing [XSA-477, CVE-2025-58150]
(#2434045)
x86: incomplete IBPB for vCPU isolation [XSA-479, CVE-2026-23553]
(#2434047)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2434045 - CVE-2025-58150 xen: x86: buffer overrun with shadow paging + tracing [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2434045
[ 2 ] Bug #2434047 - CVE-2026-23553 xen: x86: incomplete IBPB for vCPU isolation [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2434047
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-e39149a8a0' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: mingw-expat-2.7.4-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-37324381f3
2026-02-15 01:10:21.966845+00:00
--------------------------------------------------------------------------------
Name : mingw-expat
Product : Fedora 43
Version : 2.7.4
Release : 1.fc43
URL : http://www.libexpat.org/
Summary : MinGW Windows port of expat XML parser library
Description :
This is expat, the C library for parsing XML, written by James Clark. Expat
is a stream oriented XML parser. This means that you register handlers with
the parser prior to starting the parse. These handlers are called when the
parser discovers the associated structures in the document being parsed. A
start tag is an example of the kind of structures for which you may
register handlers.
--------------------------------------------------------------------------------
Update Information:
Update to expat-2.7.4.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Feb 6 2026 Sandro Mani [manisandro@gmail.com] - 2.7.4-1
- Update to 2.7.4
* Fri Jan 16 2026 Fedora Release Engineering [releng@fedoraproject.org] - 2.7.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2433616 - CVE-2026-24515 mingw-expat: libexpat null pointer dereference [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2433616
[ 2 ] Bug #2433618 - CVE-2026-24515 mingw-expat: libexpat null pointer dereference [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2433618
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-37324381f3' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: nginx-mod-naxsi-1.6-14.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-cd0705c6a7
2026-02-15 01:10:21.966685+00:00
--------------------------------------------------------------------------------
Name : nginx-mod-naxsi
Product : Fedora 43
Version : 1.6
Release : 14.fc43
URL : https://github.com/wargio/naxsi
Summary : nginx web application firewall module
Description :
naxsi is an nginx module that provides score based Web Application Firewall
(WAF) abilities in a highly granular fashion.
--------------------------------------------------------------------------------
Update Information:
nginx-mod-naxsi:
Rebuild for 1.28.2
nginx-mod-brotli:
Rebuild for 1.28.2
nginx-mod-fancyindex:
Rebuild for 1.28.2
nginx-mod-modsecurity:
Rebuild for 1.28.2
nginx-mod-headers-more:
Rebuild for 1.28.2
nginx-mod-vts:
Rebuild for 1.28.2
nginx:
Update to 1.28.2
fixes CVE-2026-1642
move log directory to nginx-filesystem subpackage (PR#20)
delete Maxim Dounin's key, it's no longer listed on the nginx website
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 4 2026 Felix Kaechele [felix@kaechele.ca] - 1.6-14
- Rebuild for 1.28.2
* Fri Jan 16 2026 Fedora Release Engineering [releng@fedoraproject.org] - 1.6-13
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2436871 - CVE-2026-1642 nginx: NGINX: Data injection via man-in-the-middle attack on TLS proxied connections [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2436871
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-cd0705c6a7' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: nginx-mod-vts-0.2.4-6.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-cd0705c6a7
2026-02-15 01:10:21.966685+00:00
--------------------------------------------------------------------------------
Name : nginx-mod-vts
Product : Fedora 43
Version : 0.2.4
Release : 6.fc43
URL : https://github.com/vozlt/nginx-module-vts
Summary : Nginx virtual host traffic status module
Description :
Nginx virtual host traffic status module.
--------------------------------------------------------------------------------
Update Information:
nginx-mod-naxsi:
Rebuild for 1.28.2
nginx-mod-brotli:
Rebuild for 1.28.2
nginx-mod-fancyindex:
Rebuild for 1.28.2
nginx-mod-modsecurity:
Rebuild for 1.28.2
nginx-mod-headers-more:
Rebuild for 1.28.2
nginx-mod-vts:
Rebuild for 1.28.2
nginx:
Update to 1.28.2
fixes CVE-2026-1642
move log directory to nginx-filesystem subpackage (PR#20)
delete Maxim Dounin's key, it's no longer listed on the nginx website
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 4 2026 Felix Kaechele [felix@kaechele.ca] - 0.2.4-6
- Rebuild for 1.28.2
* Fri Jan 16 2026 Fedora Release Engineering [releng@fedoraproject.org] - 0.2.4-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2436871 - CVE-2026-1642 nginx: NGINX: Data injection via man-in-the-middle attack on TLS proxied connections [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2436871
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-cd0705c6a7' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: nginx-1.28.2-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-cd0705c6a7
2026-02-15 01:10:21.966685+00:00
--------------------------------------------------------------------------------
Name : nginx
Product : Fedora 43
Version : 1.28.2
Release : 1.fc43
URL : https://nginx.org
Summary : A high performance web server and reverse proxy server
Description :
Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and
IMAP protocols, with a strong focus on high concurrency, performance and low
memory usage.
--------------------------------------------------------------------------------
Update Information:
nginx-mod-naxsi:
Rebuild for 1.28.2
nginx-mod-brotli:
Rebuild for 1.28.2
nginx-mod-fancyindex:
Rebuild for 1.28.2
nginx-mod-modsecurity:
Rebuild for 1.28.2
nginx-mod-headers-more:
Rebuild for 1.28.2
nginx-mod-vts:
Rebuild for 1.28.2
nginx:
Update to 1.28.2
fixes CVE-2026-1642
move log directory to nginx-filesystem subpackage (PR#20)
delete Maxim Dounin's key, it's no longer listed on the nginx website
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 4 2026 Felix Kaechele [felix@kaechele.ca] - 2:1.28.2-1
- Update to 1.28.2
- fixes CVE-2026-1642
- move log directory to nginx-filesystem subpackage (PR#20)
- delete Maxim Dounin's key, it's no longer listed on the nginx website
* Wed Feb 4 2026 Nicolas Chauvet [kwizart@gmail.com] - 2:1.28.1-6
- Move log/nginx in filesystem sub-package
* Tue Jan 27 2026 Lubo?? Uhliarik [luhliari@redhat.com] - 2:1.28.1-5
- Clarify binding behavior of -t option.
* Fri Jan 16 2026 Fedora Release Engineering [releng@fedoraproject.org] - 2:1.28.1-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2436871 - CVE-2026-1642 nginx: NGINX: Data injection via man-in-the-middle attack on TLS proxied connections [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2436871
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-cd0705c6a7' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 43 Update: nginx-mod-headers-more-0.39-6.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-cd0705c6a7
2026-02-15 01:10:21.966685+00:00
--------------------------------------------------------------------------------
Name : nginx-mod-headers-more
Product : Fedora 43
Version : 0.39
Release : 6.fc43
URL : https://github.com/openresty/headers-more-nginx-module
Summary : This module allows adding, setting, or clearing specified input/output headers
Description :
This module allows adding, setting, or clearing specified input/output headers.
This is an enhanced version of the standard headers module because it provides
more utilities like resetting or clearing "builtin headers" like Content-Type,
Content-Length, and Server.
--------------------------------------------------------------------------------
Update Information:
nginx-mod-naxsi:
Rebuild for 1.28.2
nginx-mod-brotli:
Rebuild for 1.28.2
nginx-mod-fancyindex:
Rebuild for 1.28.2
nginx-mod-modsecurity:
Rebuild for 1.28.2
nginx-mod-headers-more:
Rebuild for 1.28.2
nginx-mod-vts:
Rebuild for 1.28.2
nginx:
Update to 1.28.2
fixes CVE-2026-1642
move log directory to nginx-filesystem subpackage (PR#20)
delete Maxim Dounin's key, it's no longer listed on the nginx website
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 4 2026 Felix Kaechele [felix@kaechele.ca] - 0.39-6
- Rebuild for 1.28.2
* Fri Jan 16 2026 Fedora Release Engineering [releng@fedoraproject.org] - 0.39-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2436871 - CVE-2026-1642 nginx: NGINX: Data injection via man-in-the-middle attack on TLS proxied connections [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2436871
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-cd0705c6a7' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: nginx-mod-modsecurity-1.0.4-7.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-cd0705c6a7
2026-02-15 01:10:21.966685+00:00
--------------------------------------------------------------------------------
Name : nginx-mod-modsecurity
Product : Fedora 43
Version : 1.0.4
Release : 7.fc43
URL : https://github.com/SpiderLabs/ModSecurity-nginx
Summary : ModSecurity v3 nginx connector
Description :
The ModSecurity-nginx connector is the connection point between nginx and
libmodsecurity (ModSecurity v3). Said another way, this project provides a
communication channel between nginx and libmodsecurity. This connector is
required to use LibModSecurity with nginx.
The ModSecurity-nginx connector takes the form of an nginx module. The module
simply serves as a layer of communication between nginx and ModSecurity
--------------------------------------------------------------------------------
Update Information:
nginx-mod-naxsi:
Rebuild for 1.28.2
nginx-mod-brotli:
Rebuild for 1.28.2
nginx-mod-fancyindex:
Rebuild for 1.28.2
nginx-mod-modsecurity:
Rebuild for 1.28.2
nginx-mod-headers-more:
Rebuild for 1.28.2
nginx-mod-vts:
Rebuild for 1.28.2
nginx:
Update to 1.28.2
fixes CVE-2026-1642
move log directory to nginx-filesystem subpackage (PR#20)
delete Maxim Dounin's key, it's no longer listed on the nginx website
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 4 2026 Felix Kaechele [felix@kaechele.ca] - 1.0.4-7
- Rebuild for 1.28.2
* Fri Jan 16 2026 Fedora Release Engineering [releng@fedoraproject.org] - 1.0.4-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2436871 - CVE-2026-1642 nginx: NGINX: Data injection via man-in-the-middle attack on TLS proxied connections [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2436871
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-cd0705c6a7' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: nginx-mod-fancyindex-0.5.2-15.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-cd0705c6a7
2026-02-15 01:10:21.966685+00:00
--------------------------------------------------------------------------------
Name : nginx-mod-fancyindex
Product : Fedora 43
Version : 0.5.2
Release : 15.fc43
URL : https://github.com/aperezdc/ngx-fancyindex
Summary : Nginx FancyIndex module
Description :
The Fancy Index module makes possible the generation of file listings,
like the built-in autoindex module does, but adding a touch of style.
This is possible because the module allows a certain degree of
customization of the generated content:
* Custom headers. Either local or stored remotely.
* Custom footers. Either local or stored remotely.
* Add you own CSS style rules.
* Allow choosing to sort elements by name (default),
modification time, or size; both ascending (default),
or descending.
--------------------------------------------------------------------------------
Update Information:
nginx-mod-naxsi:
Rebuild for 1.28.2
nginx-mod-brotli:
Rebuild for 1.28.2
nginx-mod-fancyindex:
Rebuild for 1.28.2
nginx-mod-modsecurity:
Rebuild for 1.28.2
nginx-mod-headers-more:
Rebuild for 1.28.2
nginx-mod-vts:
Rebuild for 1.28.2
nginx:
Update to 1.28.2
fixes CVE-2026-1642
move log directory to nginx-filesystem subpackage (PR#20)
delete Maxim Dounin's key, it's no longer listed on the nginx website
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 4 2026 Felix Kaechele [felix@kaechele.ca] - 0.5.2-15
- Rebuild for 1.28.2
* Fri Jan 16 2026 Fedora Release Engineering [releng@fedoraproject.org] - 0.5.2-14
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2436871 - CVE-2026-1642 nginx: NGINX: Data injection via man-in-the-middle attack on TLS proxied connections [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2436871
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-cd0705c6a7' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[SECURITY] Fedora 43 Update: nginx-mod-brotli-1.0.0~rc-6.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-cd0705c6a7
2026-02-15 01:10:21.966685+00:00
--------------------------------------------------------------------------------
Name : nginx-mod-brotli
Product : Fedora 43
Version : 1.0.0~rc
Release : 6.fc43
URL : https://github.com/google/ngx_brotli
Summary : NGINX module for Brotli compression
Description :
NGINX module for Brotli compression.
--------------------------------------------------------------------------------
Update Information:
nginx-mod-naxsi:
Rebuild for 1.28.2
nginx-mod-brotli:
Rebuild for 1.28.2
nginx-mod-fancyindex:
Rebuild for 1.28.2
nginx-mod-modsecurity:
Rebuild for 1.28.2
nginx-mod-headers-more:
Rebuild for 1.28.2
nginx-mod-vts:
Rebuild for 1.28.2
nginx:
Update to 1.28.2
fixes CVE-2026-1642
move log directory to nginx-filesystem subpackage (PR#20)
delete Maxim Dounin's key, it's no longer listed on the nginx website
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 4 2026 Felix Kaechele [felix@kaechele.ca] - 1.0.0~rc-6
- Rebuild for 1.28.2
* Fri Jan 16 2026 Fedora Release Engineering [releng@fedoraproject.org] - 1.0.0~rc-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2436871 - CVE-2026-1642 nginx: NGINX: Data injection via man-in-the-middle attack on TLS proxied connections [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2436871
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-cd0705c6a7' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
