NAS, Chromium, Firefox, and more updates for Fedora

Fedora Linux 9348 Published 2026-05-12 08:10 by Philipp Esselbach

News

Fedora users on versions 42, 43, and 44 should apply several critical security patches to keep their systems protected. The updates bring Network Security Services and Firefox up to version 150.0.1 alongside NSS 3.122.2 across all affected releases. Chromium receives a massive security overhaul that addresses dozens of memory corruption flaws and use-after-free vulnerabilities in its core components. Meanwhile, Fedora 44 also gets Apache HTTP Server updated to 2.4.67, which fixes serious issues like arbitrary code execution through the mod_proxy_ajp module.

Fedora 43 Update: nss-3.122.2-1.fc43
Fedora 43 Update: chromium-148.0.7778.96-1.fc43
Fedora 43 Update: firefox-150.0.1-1.fc43
Fedora 42 Update: nss-3.122.2-1.fc42
Fedora 42 Update: firefox-150.0.1-1.fc42
Fedora 44 Update: firefox-150.0.1-1.fc44
Fedora 44 Update: nss-3.122.2-1.fc44
Fedora 44 Update: httpd-2.4.67-1.fc44

[SECURITY] Fedora 43 Update: nss-3.122.2-1.fc43

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-8978a60b68
2026-05-12 01:30:53.418982+00:00
--------------------------------------------------------------------------------

Name : nss
Product : Fedora 43
Version : 3.122.2
Release : 1.fc43
URL : http://www.mozilla.org/projects/security/pki/nss/
Summary : Network Security Services
Description :
Network Security Services (NSS) is a set of libraries designed to
support cross-platform development of security-enabled client and
server applications. Applications built with NSS can support SSL v2
and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509
v3 certificates, and other security standards.

--------------------------------------------------------------------------------
Update Information:

Update NSS to 3.122.2
Updated to Firefox 150.0.1
--------------------------------------------------------------------------------
ChangeLog:

* Mon May 4 2026 Frantisek Krenzelok [fkrenzel@redhat.com] - 3.122.2-1
- Update NSS to 3.122.2
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-8978a60b68' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 43 Update: chromium-148.0.7778.96-1.fc43

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-f4e92d8d66
2026-05-12 01:30:53.418984+00:00
--------------------------------------------------------------------------------

Name : chromium
Product : Fedora 43
Version : 148.0.7778.96
Release : 1.fc43
URL : http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).

--------------------------------------------------------------------------------
Update Information:

Update to 148.0.7778.96
CVE-2026-7896: Integer overflow in Blink
CVE-2026-7897: Use after free in Mobile
CVE-2026-7898: Use after free in Chromoting
CVE-2026-7899: Out of bounds read and write in V8
CVE-2026-7900: Heap buffer overflow in ANGLE
CVE-2026-7901: Use after free in ANGLE
CVE-2026-7902: Out of bounds memory access in V8
CVE-2026-7903: Integer overflow in ANGLE
CVE-2026-7904: Out of bounds read in Fonts
CVE-2026-7905: Insufficient validation of untrusted input in Media
CVE-2026-7906: Use after free in SVG
CVE-2026-7907: Use after free in DOM
CVE-2026-7908: Use after free in Fullscreen
CVE-2026-7909: Inappropriate implementation in ServiceWorker
CVE-2026-7910: Use after free in Views
CVE-2026-7911: Use after free in Aura
CVE-2026-7912: Integer overflow in GPU
CVE-2026-7913: Insufficient policy enforcement in DevTools
CVE-2026-7914: Type Confusion in Accessibility
CVE-2026-7915: Insufficient data validation in DevTools
CVE-2026-7916: Insufficient data validation in InterestGroups
CVE-2026-7917: Use after free in Fullscreen
CVE-2026-7918: Use after free in GPU
CVE-2026-7919: Use after free in Aura
CVE-2026-7920: Use after free in Skia
CVE-2026-7921: Use after free in Passwords
CVE-2026-7922: Use after free in ServiceWorker
CVE-2026-7923: Out of bounds write in Skia
CVE-2026-7924: Uninitialized Use in Dawn
CVE-2026-7925: Use after free in Chromoting
CVE-2026-7926: Use after free in PresentationAPI
CVE-2026-7927: Type Confusion in Runtime
CVE-2026-7928: Use after free in WebRTC
CVE-2026-7929: Use after free in MediaRecording
CVE-2026-7930: Insufficient validation of untrusted input in Cookies
CVE-2026-7931: Insufficient validation of untrusted input in iOS
CVE-2026-7932: Insufficient policy enforcement in Downloads
CVE-2026-7933: Out of bounds read in WebCodecs
CVE-2026-7934: Insufficient validation of untrusted input in Popup Blocker
CVE-2026-7935: Inappropriate implementation in Speech
CVE-2026-7936: Object lifecycle issue in V8
CVE-2026-7937: Insufficient policy enforcement in DevTools
CVE-2026-7938: Use after free in CSS
CVE-2026-7939: Inappropriate implementation in SanitizerAPI
CVE-2026-7940: Use after free in V8
CVE-2026-7941: Insufficient validation of untrusted input in Mobile
CVE-2026-7942: Integer overflow in ANGLE
CVE-2026-7943: Insufficient validation of untrusted input in ANGLE
CVE-2026-7944: Insufficient validation of untrusted input in Persistent Cache
CVE-2026-7945: Insufficient validation of untrusted input in COOP
CVE-2026-7946: Insufficient policy enforcement in WebUI
CVE-2026-7947: Insufficient validation of untrusted input in Network
CVE-2026-7948: Race in Chromoting
CVE-2026-7949: Out of bounds read in Skia
CVE-2026-7950: Out of bounds read and write in GFX
CVE-2026-7951: Out of bounds write in WebRTC
CVE-2026-7952: Insufficient policy enforcement in Extensions
CVE-2026-7953: Insufficient validation of untrusted input in Omnibox
CVE-2026-7954: Race in Shared Storage
CVE-2026-7955: Uninitialized Use in GPU
CVE-2026-7956: Use after free in Navigation
CVE-2026-7957: Out of bounds write in Media
CVE-2026-7958: Inappropriate implementation in ServiceWorker
CVE-2026-7959: Inappropriate implementation in Navigation
CVE-2026-7960: Race in Speech
CVE-2026-7961: Insufficient validation of untrusted input in Permissions
CVE-2026-7962: Insufficient policy enforcement in DirectSockets
CVE-2026-7963: Inappropriate implementation in ServiceWorker
CVE-2026-7964: Insufficient validation of untrusted input in FileSystem
CVE-2026-7965: Insufficient validation of untrusted input in DevTools
CVE-2026-7966: Insufficient validation of untrusted input in SiteIsolation
CVE-2026-7967: Insufficient validation of untrusted input in Navigation
CVE-2026-7968: Insufficient validation of untrusted input in CORS
CVE-2026-7969: Integer overflow in Network
CVE-2026-7970: Use after free in TopChrome
CVE-2026-7971: Inappropriate implementation in ORB
CVE-2026-7972: Uninitialized Use in GPU
CVE-2026-7973: Integer overflow in Dawn
CVE-2026-7974: Use after free in Blink
CVE-2026-7975: Use after free in DevTools
CVE-2026-7976: Use after free in Views
CVE-2026-7977: Inappropriate implementation in Canvas
CVE-2026-7978: Inappropriate implementation in Companion
CVE-2026-7979: Inappropriate implementation in Media
CVE-2026-7980: Use after free in WebAudio
CVE-2026-7981: Out of bounds read in Codecs
CVE-2026-7982: Uninitialized Use in WebCodecs
CVE-2026-7983: Out of bounds read in Dawn
CVE-2026-7984: Use after free in ReadingMode
CVE-2026-7985: Use after free in GPU
CVE-2026-7986: Insufficient policy enforcement in Autofill
CVE-2026-7987: Use after free in WebRTC
CVE-2026-7988: Type Confusion in WebRTC
CVE-2026-7989: Insufficient data validation in DataTransfer
CVE-2026-7990: Insufficient validation of untrusted input in Updater
CVE-2026-7991: Use after free in UI
CVE-2026-7992: Insufficient validation of untrusted input in UI
CVE-2026-7993: Insufficient validation of untrusted input in Payments
CVE-2026-7994: Inappropriate implementation in Chromoting
CVE-2026-7995: Out of bounds read in AdFilter
CVE-2026-7996: Insufficient validation of untrusted input in SSL
CVE-2026-7997: Insufficient validation of untrusted input in Updater
CVE-2026-7998: Insufficient validation of untrusted input in Dialog
CVE-2026-7999: Inappropriate implementation in V8
CVE-2026-8000: Insufficient validation of untrusted input in ChromeDriver
CVE-2026-8001: Use after free in Printing
CVE-2026-8002: Use after free in Audio
CVE-2026-8003: Insufficient validation of untrusted input in TabGroups
CVE-2026-8004: Insufficient policy enforcement in DevTools
CVE-2026-8005: Insufficient validation of untrusted input in Cast
CVE-2026-8006: Insufficient policy enforcement in DevTools
CVE-2026-8007: Insufficient validation of untrusted input in Cast
CVE-2026-8008: Inappropriate implementation in DevTools
CVE-2026-8009: Inappropriate implementation in Cast
CVE-2026-8010: Insufficient validation of untrusted input in SiteIsolation
CVE-2026-8011: Insufficient policy enforcement in Search
CVE-2026-8012: Inappropriate implementation in MHTML
CVE-2026-8013: Insufficient validation of untrusted input in FedCM
CVE-2026-8014: Inappropriate implementation in Preload
CVE-2026-8015: Inappropriate implementation in Media
CVE-2026-8016: Use after free in WebRTC
CVE-2026-8017: Side-channel information leakage in Media
CVE-2026-8018: Insufficient policy enforcement in DevTools
CVE-2026-8019: Insufficient policy enforcement in WebApp
CVE-2026-8020: Uninitialized Use in GPU
CVE-2026-8021: Script injection in UI
CVE-2026-8022: Inappropriate implementation in MHTML
--------------------------------------------------------------------------------
ChangeLog:

* Wed May 6 2026 Than Ngo [than@redhat.com] - 148.0.7778.96-1
- Update to 148.0.7778.96
* CVE-2026-7896: Integer overflow in Blink
* CVE-2026-7897: Use after free in Mobile
* CVE-2026-7898: Use after free in Chromoting
* CVE-2026-7899: Out of bounds read and write in V8
* CVE-2026-7900: Heap buffer overflow in ANGLE
* CVE-2026-7901: Use after free in ANGLE
* CVE-2026-7902: Out of bounds memory access in V8
* CVE-2026-7903: Integer overflow in ANGLE
* CVE-2026-7904: Out of bounds read in Fonts
* CVE-2026-7905: Insufficient validation of untrusted input in Media
* CVE-2026-7906: Use after free in SVG
* CVE-2026-7907: Use after free in DOM
* CVE-2026-7908: Use after free in Fullscreen
* CVE-2026-7909: Inappropriate implementation in ServiceWorker
* CVE-2026-7910: Use after free in Views
* CVE-2026-7911: Use after free in Aura
* CVE-2026-7912: Integer overflow in GPU
* CVE-2026-7913: Insufficient policy enforcement in DevTools
* CVE-2026-7914: Type Confusion in Accessibility
* CVE-2026-7915: Insufficient data validation in DevTools
* CVE-2026-7916: Insufficient data validation in InterestGroups
* CVE-2026-7917: Use after free in Fullscreen
* CVE-2026-7918: Use after free in GPU
* CVE-2026-7919: Use after free in Aura
* CVE-2026-7920: Use after free in Skia
* CVE-2026-7921: Use after free in Passwords
* CVE-2026-7922: Use after free in ServiceWorker
* CVE-2026-7923: Out of bounds write in Skia
* CVE-2026-7924: Uninitialized Use in Dawn
* CVE-2026-7925: Use after free in Chromoting
* CVE-2026-7926: Use after free in PresentationAPI
* CVE-2026-7927: Type Confusion in Runtime
* CVE-2026-7928: Use after free in WebRTC
* CVE-2026-7929: Use after free in MediaRecording
* CVE-2026-7930: Insufficient validation of untrusted input in Cookies
* CVE-2026-7931: Insufficient validation of untrusted input in iOS
* CVE-2026-7932: Insufficient policy enforcement in Downloads
* CVE-2026-7933: Out of bounds read in WebCodecs
* CVE-2026-7934: Insufficient validation of untrusted input in Popup Blocker
* CVE-2026-7935: Inappropriate implementation in Speech
* CVE-2026-7936: Object lifecycle issue in V8
* CVE-2026-7937: Insufficient policy enforcement in DevTools
* CVE-2026-7938: Use after free in CSS
* CVE-2026-7939: Inappropriate implementation in SanitizerAPI
* CVE-2026-7940: Use after free in V8
* CVE-2026-7941: Insufficient validation of untrusted input in Mobile
* CVE-2026-7942: Integer overflow in ANGLE
* CVE-2026-7943: Insufficient validation of untrusted input in ANGLE
* CVE-2026-7944: Insufficient validation of untrusted input in Persistent Cache
* CVE-2026-7945: Insufficient validation of untrusted input in COOP
* CVE-2026-7946: Insufficient policy enforcement in WebUI
* CVE-2026-7947: Insufficient validation of untrusted input in Network
* CVE-2026-7948: Race in Chromoting
* CVE-2026-7949: Out of bounds read in Skia
* CVE-2026-7950: Out of bounds read and write in GFX
* CVE-2026-7951: Out of bounds write in WebRTC
* CVE-2026-7952: Insufficient policy enforcement in Extensions
* CVE-2026-7953: Insufficient validation of untrusted input in Omnibox
* CVE-2026-7954: Race in Shared Storage
* CVE-2026-7955: Uninitialized Use in GPU
* CVE-2026-7956: Use after free in Navigation
* CVE-2026-7957: Out of bounds write in Media
* CVE-2026-7958: Inappropriate implementation in ServiceWorker
* CVE-2026-7959: Inappropriate implementation in Navigation
* CVE-2026-7960: Race in Speech
* CVE-2026-7961: Insufficient validation of untrusted input in Permissions
* CVE-2026-7962: Insufficient policy enforcement in DirectSockets
* CVE-2026-7963: Inappropriate implementation in ServiceWorker
* CVE-2026-7964: Insufficient validation of untrusted input in FileSystem
* CVE-2026-7965: Insufficient validation of untrusted input in DevTools
* CVE-2026-7966: Insufficient validation of untrusted input in SiteIsolation
* CVE-2026-7967: Insufficient validation of untrusted input in Navigation
* CVE-2026-7968: Insufficient validation of untrusted input in CORS
* CVE-2026-7969: Integer overflow in Network
* CVE-2026-7970: Use after free in TopChrome
* CVE-2026-7971: Inappropriate implementation in ORB
* CVE-2026-7972: Uninitialized Use in GPU
* CVE-2026-7973: Integer overflow in Dawn
* CVE-2026-7974: Use after free in Blink
* CVE-2026-7975: Use after free in DevTools
* CVE-2026-7976: Use after free in Views
* CVE-2026-7977: Inappropriate implementation in Canvas
* CVE-2026-7978: Inappropriate implementation in Companion
* CVE-2026-7979: Inappropriate implementation in Media
* CVE-2026-7980: Use after free in WebAudio
* CVE-2026-7981: Out of bounds read in Codecs
* CVE-2026-7982: Uninitialized Use in WebCodecs
* CVE-2026-7983: Out of bounds read in Dawn
* CVE-2026-7984: Use after free in ReadingMode
* CVE-2026-7985: Use after free in GPU
* CVE-2026-7986: Insufficient policy enforcement in Autofill
* CVE-2026-7987: Use after free in WebRTC
* CVE-2026-7988: Type Confusion in WebRTC
* CVE-2026-7989: Insufficient data validation in DataTransfer
* CVE-2026-7990: Insufficient validation of untrusted input in Updater
* CVE-2026-7991: Use after free in UI
* CVE-2026-7992: Insufficient validation of untrusted input in UI
* CVE-2026-7993: Insufficient validation of untrusted input in Payments
* CVE-2026-7994: Inappropriate implementation in Chromoting
* CVE-2026-7995: Out of bounds read in AdFilter
* CVE-2026-7996: Insufficient validation of untrusted input in SSL
* CVE-2026-7997: Insufficient validation of untrusted input in Updater
* CVE-2026-7998: Insufficient validation of untrusted input in Dialog
* CVE-2026-7999: Inappropriate implementation in V8
* CVE-2026-8000: Insufficient validation of untrusted input in ChromeDriver
* CVE-2026-8001: Use after free in Printing
* CVE-2026-8002: Use after free in Audio
* CVE-2026-8003: Insufficient validation of untrusted input in TabGroups
* CVE-2026-8004: Insufficient policy enforcement in DevTools
* CVE-2026-8005: Insufficient validation of untrusted input in Cast
* CVE-2026-8006: Insufficient policy enforcement in DevTools
* CVE-2026-8007: Insufficient validation of untrusted input in Cast
* CVE-2026-8008: Inappropriate implementation in DevTools
* CVE-2026-8009: Inappropriate implementation in Cast
* CVE-2026-8010: Insufficient validation of untrusted input in SiteIsolation
* CVE-2026-8011: Insufficient policy enforcement in Search
* CVE-2026-8012: Inappropriate implementation in MHTML
* CVE-2026-8013: Insufficient validation of untrusted input in FedCM
* CVE-2026-8014: Inappropriate implementation in Preload
* CVE-2026-8015: Inappropriate implementation in Media
* CVE-2026-8016: Use after free in WebRTC
* CVE-2026-8017: Side-channel information leakage in Media
* CVE-2026-8018: Insufficient policy enforcement in DevTools
* CVE-2026-8019: Insufficient policy enforcement in WebApp
* CVE-2026-8020: Uninitialized Use in GPU
* CVE-2026-8021: Script injection in UI
* CVE-2026-8022: Inappropriate implementation in MHTML
- Remove old remoting-no-tests patch
- Remove fix_GL_native_pixmap_import_support_reset_in_GpuInit patch
- Fix build error causing by sanitizer defines in GN
- Refresh rust-enable-unstable_feature patch
- Fix build error with system rust compiler
- Fix build error causing by new clang++ options which are not supported yet
- Fix build error causing by harfbuzz library rename
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2468370 - CVE-2026-7896 CVE-2026-7897 CVE-2026-7898 CVE-2026-7899 CVE-2026-7900 CVE-2026-7901 CVE-2026-7902 CVE-2026-7903 CVE-2026-7904 CVE-2026-7905 CVE-2026-7906 CVE-2026-7907 CVE-2026-7908 CVE-2026-7909 CVE-2026-7910 ... chromium: various flaws [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2468370
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-f4e92d8d66' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 43 Update: firefox-150.0.1-1.fc43

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-8978a60b68
2026-05-12 01:30:53.418982+00:00
--------------------------------------------------------------------------------

Name : firefox
Product : Fedora 43
Version : 150.0.1
Release : 1.fc43
URL : https://www.mozilla.org/firefox/
Summary : Mozilla Firefox Web browser
Description :
Mozilla Firefox is an open-source web browser, designed for standards
compliance, performance and portability.

--------------------------------------------------------------------------------
Update Information:

Update NSS to 3.122.2
Updated to Firefox 150.0.1
--------------------------------------------------------------------------------
ChangeLog:

* Mon May 4 2026 Martin Stransky [stransky@redhat.com] - 150.0.1-1
- Update to latest upstream (150.0.1)
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-8978a60b68' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 42 Update: nss-3.122.2-1.fc42

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-6acccc3bff
2026-05-12 01:09:45.650598+00:00
--------------------------------------------------------------------------------

Name : nss
Product : Fedora 42
Version : 3.122.2
Release : 1.fc42
URL : http://www.mozilla.org/projects/security/pki/nss/
Summary : Network Security Services
Description :
Network Security Services (NSS) is a set of libraries designed to
support cross-platform development of security-enabled client and
server applications. Applications built with NSS can support SSL v2
and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509
v3 certificates, and other security standards.

--------------------------------------------------------------------------------
Update Information:

Update NSS to 3.122.2
Update to Firefox 150.0.1
--------------------------------------------------------------------------------
ChangeLog:

* Mon May 4 2026 Frantisek Krenzelok [fkrenzel@redhat.com] - 3.122.2-1
- Update NSS to 3.122.2
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-6acccc3bff' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 42 Update: firefox-150.0.1-1.fc42

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-6acccc3bff
2026-05-12 01:09:45.650598+00:00
--------------------------------------------------------------------------------

Name : firefox
Product : Fedora 42
Version : 150.0.1
Release : 1.fc42
URL : https://www.mozilla.org/firefox/
Summary : Mozilla Firefox Web browser
Description :
Mozilla Firefox is an open-source web browser, designed for standards
compliance, performance and portability.

--------------------------------------------------------------------------------
Update Information:

Update NSS to 3.122.2
Update to Firefox 150.0.1
--------------------------------------------------------------------------------
ChangeLog:

* Mon May 4 2026 Martin Stransky [stransky@redhat.com] - 150.0.1-1
- Update to latest upstream (150.0.1)
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-6acccc3bff' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 44 Update: firefox-150.0.1-1.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-6bdf499f6b
2026-05-12 00:48:49.533494+00:00
--------------------------------------------------------------------------------

Name : firefox
Product : Fedora 44
Version : 150.0.1
Release : 1.fc44
URL : https://www.mozilla.org/firefox/
Summary : Mozilla Firefox Web browser
Description :
Mozilla Firefox is an open-source web browser, designed for standards
compliance, performance and portability.

--------------------------------------------------------------------------------
Update Information:

Update NSS to 3.122.2
Update to Firefox 150.0.1
--------------------------------------------------------------------------------
ChangeLog:

* Mon May 4 2026 Martin Stransky [stransky@redhat.com] - 150.0.1-1
- Update to latest upstream (150.0.1)
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-6bdf499f6b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 44 Update: nss-3.122.2-1.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-6bdf499f6b
2026-05-12 00:48:49.533494+00:00
--------------------------------------------------------------------------------

Name : nss
Product : Fedora 44
Version : 3.122.2
Release : 1.fc44
URL : http://www.mozilla.org/projects/security/pki/nss/
Summary : Network Security Services
Description :
Network Security Services (NSS) is a set of libraries designed to
support cross-platform development of security-enabled client and
server applications. Applications built with NSS can support SSL v2
and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509
v3 certificates, and other security standards.

--------------------------------------------------------------------------------
Update Information:

Update NSS to 3.122.2
Update to Firefox 150.0.1
--------------------------------------------------------------------------------
ChangeLog:

* Mon May 4 2026 Frantisek Krenzelok [fkrenzel@redhat.com] - 3.122.2-1
- Update NSS to 3.122.2
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-6bdf499f6b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 44 Update: httpd-2.4.67-1.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-3e32c54eab
2026-05-12 00:48:49.533506+00:00
--------------------------------------------------------------------------------

Name : httpd
Product : Fedora 44
Version : 2.4.67
Release : 1.fc44
URL : https://httpd.apache.org/
Summary : Apache HTTP Server
Description :
The Apache HTTP Server is a powerful, efficient, and extensible
web server.

--------------------------------------------------------------------------------
Update Information:

new version 2.4.67
--------------------------------------------------------------------------------
ChangeLog:

* Wed May 6 2026 Lubo?? Uhliarik [luhliari@redhat.com] - 2.4.67-1
- new version 2.4.67
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2464943 - httpd-2.4.67 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2464943
[ 2 ] Bug #2466956 - CVE-2026-28780 httpd: Apache HTTP Server mod_proxy_ajp: Arbitrary code execution via heap-based buffer overflow [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2466956
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-3e32c54eab' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

Dnsmasq, Python-Authlib, Rails, P7Zip updates for Debian

Dirty Frag updates for Oracle Linux

NAS, Chromium, Firefox, and more updates for Fedora

[SECURITY] Fedora 43 Update: nss-3.122.2-1.fc43

[SECURITY] Fedora 43 Update: chromium-148.0.7778.96-1.fc43

[SECURITY] Fedora 43 Update: firefox-150.0.1-1.fc43

[SECURITY] Fedora 42 Update: nss-3.122.2-1.fc42

[SECURITY] Fedora 42 Update: firefox-150.0.1-1.fc42

[SECURITY] Fedora 44 Update: firefox-150.0.1-1.fc44

[SECURITY] Fedora 44 Update: nss-3.122.2-1.fc44

[SECURITY] Fedora 44 Update: httpd-2.4.67-1.fc44

Windows

Linux

macOS

Community