Fedora 42 Update: usd-25.02a-5.fc42
Fedora 43 Update: nginx-mod-fancyindex-0.5.2-13.fc43
Fedora 43 Update: nginx-mod-modsecurity-1.0.4-5.fc43
Fedora 43 Update: nginx-mod-brotli-1.0.0~rc-4.fc43
Fedora 43 Update: nginx-1.28.1-1.fc43
Fedora 43 Update: nginx-mod-vts-0.2.4-4.fc43
Fedora 43 Update: nginx-mod-headers-more-0.39-4.fc43
Fedora 43 Update: nginx-mod-naxsi-1.6-12.fc43
[SECURITY] Fedora 42 Update: usd-25.02a-5.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-2e7d5d49f2
2026-01-03 01:15:48.095284+00:00
--------------------------------------------------------------------------------
Name : usd
Product : Fedora 42
Version : 25.02a
Release : 5.fc42
URL : http://www.openusd.org/
Summary : 3D VFX pipeline interchange file format
Description :
Universal Scene Description (USD) is a time-sampled scene
description for interchange between graphics applications.
--------------------------------------------------------------------------------
Update Information:
Backport fix for CVE-2025-14439/GHSA-grjp-54v3-c442
--------------------------------------------------------------------------------
ChangeLog:
* Thu Dec 25 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 25.02a-5
- Backport fix for CVE-2025-14439/GHSA-grjp-54v3-c442 (fix RHBZ#2422275)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2422275 - CVE-2025-14439 usd: OpenUSD File Parsing Use-After-Free Remote Code Execution Vulnerability [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2422275
[ 2 ] Bug #2424910 - CVE-2025-12839 usd: OpenEXR: Remote Code Execution via Heap-based Buffer Overflow in EXR File Parsing [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2424910
[ 3 ] Bug #2424912 - CVE-2025-12840 usd: OpenEXR: Remote Code Execution via EXR file parsing heap-based buffer overflow [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2424912
[ 4 ] Bug #2424917 - CVE-2025-12495 usd: OpenEXR: Remote Code Execution via malicious EXR file parsing [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2424917
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-2e7d5d49f2' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 43 Update: nginx-mod-fancyindex-0.5.2-13.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-8aa169ea14
2026-01-03 00:41:36.670931+00:00
--------------------------------------------------------------------------------
Name : nginx-mod-fancyindex
Product : Fedora 43
Version : 0.5.2
Release : 13.fc43
URL : https://github.com/aperezdc/ngx-fancyindex
Summary : Nginx FancyIndex module
Description :
The Fancy Index module makes possible the generation of file listings,
like the built-in autoindex module does, but adding a touch of style.
This is possible because the module allows a certain degree of
customization of the generated content:
* Custom headers. Either local or stored remotely.
* Custom footers. Either local or stored remotely.
* Add you own CSS style rules.
* Allow choosing to sort elements by name (default),
modification time, or size; both ascending (default),
or descending.
--------------------------------------------------------------------------------
Update Information:
Changes with nginx 1.28.1 23 Dec 2025
*) Security: processing of a specially crafted login/password when using
the "none" authentication method in the ngx_mail_smtp_module might
cause worker process memory disclosure to the authentication server
(CVE-2025-53859).
*) Bugfix: a segmentation fault might occur in a worker process if the
"try_files" directive and "proxy_pass" with a URI were used.
*) Bugfix: in handling "Host" and ":authority" header lines with equal
values when using HTTP/2; the bug had appeared in 1.17.9.
*) Bugfix: in handling "Host" header lines with a port when using
HTTP/3.
*) Bugfix: an XCLIENT command didn't use the xtext encoding.
Thanks to Igor Morgenstern of Aisle Research.
*) Bugfix: in SSL certificate caching during reconfiguration.
*) Bugfix: in delta-seconds processing in the "Cache-Control" backend
response header line.
*) Change: the native nginx/Windows binary release is now built using
Windows SDK 10.
*) Bugfix: nginx could not be built on NetBSD 10.0.
*) Bugfix: in HTTP/3.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 26 2025 Felix Kaechele [felix@kaechele.ca] - 0.5.2-13
- Rebuild for 1.28.1
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-8aa169ea14' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 43 Update: nginx-mod-modsecurity-1.0.4-5.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-8aa169ea14
2026-01-03 00:41:36.670931+00:00
--------------------------------------------------------------------------------
Name : nginx-mod-modsecurity
Product : Fedora 43
Version : 1.0.4
Release : 5.fc43
URL : https://github.com/SpiderLabs/ModSecurity-nginx
Summary : ModSecurity v3 nginx connector
Description :
The ModSecurity-nginx connector is the connection point between nginx and
libmodsecurity (ModSecurity v3). Said another way, this project provides a
communication channel between nginx and libmodsecurity. This connector is
required to use LibModSecurity with nginx.
The ModSecurity-nginx connector takes the form of an nginx module. The module
simply serves as a layer of communication between nginx and ModSecurity
--------------------------------------------------------------------------------
Update Information:
Changes with nginx 1.28.1 23 Dec 2025
*) Security: processing of a specially crafted login/password when using
the "none" authentication method in the ngx_mail_smtp_module might
cause worker process memory disclosure to the authentication server
(CVE-2025-53859).
*) Bugfix: a segmentation fault might occur in a worker process if the
"try_files" directive and "proxy_pass" with a URI were used.
*) Bugfix: in handling "Host" and ":authority" header lines with equal
values when using HTTP/2; the bug had appeared in 1.17.9.
*) Bugfix: in handling "Host" header lines with a port when using
HTTP/3.
*) Bugfix: an XCLIENT command didn't use the xtext encoding.
Thanks to Igor Morgenstern of Aisle Research.
*) Bugfix: in SSL certificate caching during reconfiguration.
*) Bugfix: in delta-seconds processing in the "Cache-Control" backend
response header line.
*) Change: the native nginx/Windows binary release is now built using
Windows SDK 10.
*) Bugfix: nginx could not be built on NetBSD 10.0.
*) Bugfix: in HTTP/3.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 26 2025 Felix Kaechele [felix@kaechele.ca] - 1.0.4-5
- Rebuild for 1.28.1
* Fri Sep 5 2025 Mikel Olasagasti Uranga [mikel@olasagasti.info] - 1.0.4-4
- Use pcre2-devel
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-8aa169ea14' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 43 Update: nginx-mod-brotli-1.0.0~rc-4.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-8aa169ea14
2026-01-03 00:41:36.670931+00:00
--------------------------------------------------------------------------------
Name : nginx-mod-brotli
Product : Fedora 43
Version : 1.0.0~rc
Release : 4.fc43
URL : https://github.com/google/ngx_brotli
Summary : NGINX module for Brotli compression
Description :
NGINX module for Brotli compression.
--------------------------------------------------------------------------------
Update Information:
Changes with nginx 1.28.1 23 Dec 2025
*) Security: processing of a specially crafted login/password when using
the "none" authentication method in the ngx_mail_smtp_module might
cause worker process memory disclosure to the authentication server
(CVE-2025-53859).
*) Bugfix: a segmentation fault might occur in a worker process if the
"try_files" directive and "proxy_pass" with a URI were used.
*) Bugfix: in handling "Host" and ":authority" header lines with equal
values when using HTTP/2; the bug had appeared in 1.17.9.
*) Bugfix: in handling "Host" header lines with a port when using
HTTP/3.
*) Bugfix: an XCLIENT command didn't use the xtext encoding.
Thanks to Igor Morgenstern of Aisle Research.
*) Bugfix: in SSL certificate caching during reconfiguration.
*) Bugfix: in delta-seconds processing in the "Cache-Control" backend
response header line.
*) Change: the native nginx/Windows binary release is now built using
Windows SDK 10.
*) Bugfix: nginx could not be built on NetBSD 10.0.
*) Bugfix: in HTTP/3.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 26 2025 Felix Kaechele [felix@kaechele.ca] - 1.0.0~rc-4
- Rebuild for 1.28.1
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-8aa169ea14' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 43 Update: nginx-1.28.1-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-8aa169ea14
2026-01-03 00:41:36.670931+00:00
--------------------------------------------------------------------------------
Name : nginx
Product : Fedora 43
Version : 1.28.1
Release : 1.fc43
URL : https://nginx.org
Summary : A high performance web server and reverse proxy server
Description :
Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and
IMAP protocols, with a strong focus on high concurrency, performance and low
memory usage.
--------------------------------------------------------------------------------
Update Information:
Changes with nginx 1.28.1 23 Dec 2025
*) Security: processing of a specially crafted login/password when using
the "none" authentication method in the ngx_mail_smtp_module might
cause worker process memory disclosure to the authentication server
(CVE-2025-53859).
*) Bugfix: a segmentation fault might occur in a worker process if the
"try_files" directive and "proxy_pass" with a URI were used.
*) Bugfix: in handling "Host" and ":authority" header lines with equal
values when using HTTP/2; the bug had appeared in 1.17.9.
*) Bugfix: in handling "Host" header lines with a port when using
HTTP/3.
*) Bugfix: an XCLIENT command didn't use the xtext encoding.
Thanks to Igor Morgenstern of Aisle Research.
*) Bugfix: in SSL certificate caching during reconfiguration.
*) Bugfix: in delta-seconds processing in the "Cache-Control" backend
response header line.
*) Change: the native nginx/Windows binary release is now built using
Windows SDK 10.
*) Bugfix: nginx could not be built on NetBSD 10.0.
*) Bugfix: in HTTP/3.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 24 2025 Felix Kaechele [felix@kaechele.ca] - 2:1.28.1-1
- update to 1.28.1
* Thu Nov 20 2025 Lubo?? Uhliarik [luhliari@redhat.com] - 2:1.28.0-5
- Remove 50x.html from the nginx-core package
* Tue Sep 16 2025 Lubo?? Uhliarik [luhliari@redhat.com] - 2:1.28.0-4
- Add tmpfiles.d rules for /var directories (bootc compatibility)
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-8aa169ea14' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 43 Update: nginx-mod-vts-0.2.4-4.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-8aa169ea14
2026-01-03 00:41:36.670931+00:00
--------------------------------------------------------------------------------
Name : nginx-mod-vts
Product : Fedora 43
Version : 0.2.4
Release : 4.fc43
URL : https://github.com/vozlt/nginx-module-vts
Summary : Nginx virtual host traffic status module
Description :
Nginx virtual host traffic status module.
--------------------------------------------------------------------------------
Update Information:
Changes with nginx 1.28.1 23 Dec 2025
*) Security: processing of a specially crafted login/password when using
the "none" authentication method in the ngx_mail_smtp_module might
cause worker process memory disclosure to the authentication server
(CVE-2025-53859).
*) Bugfix: a segmentation fault might occur in a worker process if the
"try_files" directive and "proxy_pass" with a URI were used.
*) Bugfix: in handling "Host" and ":authority" header lines with equal
values when using HTTP/2; the bug had appeared in 1.17.9.
*) Bugfix: in handling "Host" header lines with a port when using
HTTP/3.
*) Bugfix: an XCLIENT command didn't use the xtext encoding.
Thanks to Igor Morgenstern of Aisle Research.
*) Bugfix: in SSL certificate caching during reconfiguration.
*) Bugfix: in delta-seconds processing in the "Cache-Control" backend
response header line.
*) Change: the native nginx/Windows binary release is now built using
Windows SDK 10.
*) Bugfix: nginx could not be built on NetBSD 10.0.
*) Bugfix: in HTTP/3.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 26 2025 Felix Kaechele [felix@kaechele.ca] - 0.2.4-4
- Rebuild for 1.28.1
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-8aa169ea14' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 43 Update: nginx-mod-headers-more-0.39-4.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-8aa169ea14
2026-01-03 00:41:36.670931+00:00
--------------------------------------------------------------------------------
Name : nginx-mod-headers-more
Product : Fedora 43
Version : 0.39
Release : 4.fc43
URL : https://github.com/openresty/headers-more-nginx-module
Summary : This module allows adding, setting, or clearing specified input/output headers
Description :
This module allows adding, setting, or clearing specified input/output headers.
This is an enhanced version of the standard headers module because it provides
more utilities like resetting or clearing "builtin headers" like Content-Type,
Content-Length, and Server.
--------------------------------------------------------------------------------
Update Information:
Changes with nginx 1.28.1 23 Dec 2025
*) Security: processing of a specially crafted login/password when using
the "none" authentication method in the ngx_mail_smtp_module might
cause worker process memory disclosure to the authentication server
(CVE-2025-53859).
*) Bugfix: a segmentation fault might occur in a worker process if the
"try_files" directive and "proxy_pass" with a URI were used.
*) Bugfix: in handling "Host" and ":authority" header lines with equal
values when using HTTP/2; the bug had appeared in 1.17.9.
*) Bugfix: in handling "Host" header lines with a port when using
HTTP/3.
*) Bugfix: an XCLIENT command didn't use the xtext encoding.
Thanks to Igor Morgenstern of Aisle Research.
*) Bugfix: in SSL certificate caching during reconfiguration.
*) Bugfix: in delta-seconds processing in the "Cache-Control" backend
response header line.
*) Change: the native nginx/Windows binary release is now built using
Windows SDK 10.
*) Bugfix: nginx could not be built on NetBSD 10.0.
*) Bugfix: in HTTP/3.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 26 2025 Felix Kaechele [felix@kaechele.ca] - 0.39-4
- Rebuild for 1.28.1
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-8aa169ea14' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 43 Update: nginx-mod-naxsi-1.6-12.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-8aa169ea14
2026-01-03 00:41:36.670931+00:00
--------------------------------------------------------------------------------
Name : nginx-mod-naxsi
Product : Fedora 43
Version : 1.6
Release : 12.fc43
URL : https://github.com/wargio/naxsi
Summary : nginx web application firewall module
Description :
naxsi is an nginx module that provides score based Web Application Firewall
(WAF) abilities in a highly granular fashion.
--------------------------------------------------------------------------------
Update Information:
Changes with nginx 1.28.1 23 Dec 2025
*) Security: processing of a specially crafted login/password when using
the "none" authentication method in the ngx_mail_smtp_module might
cause worker process memory disclosure to the authentication server
(CVE-2025-53859).
*) Bugfix: a segmentation fault might occur in a worker process if the
"try_files" directive and "proxy_pass" with a URI were used.
*) Bugfix: in handling "Host" and ":authority" header lines with equal
values when using HTTP/2; the bug had appeared in 1.17.9.
*) Bugfix: in handling "Host" header lines with a port when using
HTTP/3.
*) Bugfix: an XCLIENT command didn't use the xtext encoding.
Thanks to Igor Morgenstern of Aisle Research.
*) Bugfix: in SSL certificate caching during reconfiguration.
*) Bugfix: in delta-seconds processing in the "Cache-Control" backend
response header line.
*) Change: the native nginx/Windows binary release is now built using
Windows SDK 10.
*) Bugfix: nginx could not be built on NetBSD 10.0.
*) Bugfix: in HTTP/3.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 26 2025 Felix Kaechele [felix@kaechele.ca] - 1.6-12
- Rebuild for 1.28.1
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-8aa169ea14' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
