Nextcloud and Calibre updates for Fedora

Fedora Linux 9304 Published by

Two security advisories were published by Fedora for different operating system versions. The first update addresses multiple vulnerabilities within Nextcloud version 33.0.1 on the Fedora 42 platform. Meanwhile, users on Fedora 43 need to upgrade Calibre to version 9.6.0 to patch path traversal flaws. Installation requires using the dnf command line program since all packages carry valid GPG signatures for verification.

Fedora 42 Update: nextcloud-33.0.1-1.fc42
Fedora 43 Update: calibre-9.6.0-1.fc43




[SECURITY] Fedora 42 Update: nextcloud-33.0.1-1.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-ca43aa006f
2026-04-07 01:10:18.296597+00:00
--------------------------------------------------------------------------------

Name : nextcloud
Product : Fedora 42
Version : 33.0.1
Release : 1.fc42
URL : http://nextcloud.com
Summary : Private file sync and share server
Description :
NextCloud gives you universal access to your files through a web interface or
WebDAV. It also provides a platform to easily view & sync your contacts,
calendars and bookmarks across all your devices and enables basic editing right
on the web. NextCloud is extendable via a simple but powerful API for
applications and plugins.

--------------------------------------------------------------------------------
Update Information:

33.0.1 release
--------------------------------------------------------------------------------
ChangeLog:

* Sun Mar 29 2026 Andrew Bauer [zonexpertconsulting@outlook.com] - 33.0.1-1
- 33.0.1 release RHBZ#2451773
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2439538 - CVE-2026-2391 nextcloud: qs's arrayLimit bypass in comma parsing allows denial of service [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2439538
[ 2 ] Bug #2439563 - CVE-2026-2391 nextcloud: qs's arrayLimit bypass in comma parsing allows denial of service [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2439563
[ 3 ] Bug #2439579 - CVE-2026-2391 nextcloud: qs's arrayLimit bypass in comma parsing allows denial of service [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2439579
[ 4 ] Bug #2446240 - CVE-2026-30964 nextcloud: web-auth/webauthn-lib: Origin validation bypass due to host component reduction [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2446240
[ 5 ] Bug #2446242 - CVE-2026-30964 nextcloud: web-auth/webauthn-lib: Origin validation bypass due to host component reduction [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2446242
[ 6 ] Bug #2449631 - CVE-2026-32935 nextcloud: phpseclib: Information disclosure via padding oracle timing attack when using AES in CBC mode [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2449631
[ 7 ] Bug #2449632 - CVE-2026-32935 nextcloud: phpseclib: Information disclosure via padding oracle timing attack when using AES in CBC mode [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2449632
[ 8 ] Bug #2449635 - CVE-2026-32935 nextcloud: phpseclib: Information disclosure via padding oracle timing attack when using AES in CBC mode [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2449635
[ 9 ] Bug #2451773 - nextcloud-33.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2451773
[ 10 ] Bug #2452573 - CVE-2026-33916 nextcloud: Handlebars: Cross-Site Scripting (XSS) via prototype pollution in partial resolution [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2452573
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-ca43aa006f' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new



[SECURITY] Fedora 43 Update: calibre-9.6.0-1.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-9cc418c23e
2026-04-07 00:49:46.037802+00:00
--------------------------------------------------------------------------------

Name : calibre
Product : Fedora 43
Version : 9.6.0
Release : 1.fc43
URL : https://calibre-ebook.com/
Summary : E-book converter and library manager
Description :
Calibre is meant to be a complete e-library solution. It includes library
management, format conversion, news feeds to ebook conversion as well as
e-book reader sync features.

Calibre is primarily a ebook cataloging program. It manages your ebook
collection for you. It is designed around the concept of the logical book,
i.e. a single entry in the database that may correspond to ebooks in several
formats. It also supports conversion to and from a dozen different ebook
formats.

Supported input formats are: MOBI, LIT, PRC, EPUB, CHM, ODT, HTML, CBR, CBZ,
RTF, TXT, PDF and LRS.

--------------------------------------------------------------------------------
Update Information:

Update to 9.6.0. Fixes rhbz#2452087
--------------------------------------------------------------------------------
ChangeLog:

* Sun Mar 29 2026 Kevin Fenzi [kevin@scrye.com] - 9.6.0-1
- Update to 9.6.0. Fixes rhbz#2452087
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2452087 - calibre-9.6.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2452087
[ 2 ] Bug #2452379 - CVE-2026-33205 calibre: server-side request forgery in ebook viewer backend [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2452379
[ 3 ] Bug #2452380 - CVE-2026-33206 calibre: path traversal allows reading arbitrary files when converting a text-based file [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2452380
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-9cc418c23e' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new


Dovecot regression update for Debian

Fontforge, GnuTLS, Libarchive, and more updates for RHEL

Windows

Linux

macOS

Community

  • Lexonight
    Hey everyone,Wanted to share a project I've been b ...
  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...