Aggregator

FEDORA-2026-5dfbb9ed69 Packages in this update:

• nix-2.31.5-1.fc43

Update description:

• update to 2.31.5: fixes GHSA-vh5x-56v6-4368
• https://discourse.nixos.org/t/security-advisory-local-privilege-escalation-in-lix-and-nix/77407
• https://github.com/NixOS/nix/security/advisories/GHSA-vh5x-56v6-4368

Version:next-20260504 (linux-next) Released:2026-05-04

FEDORA-2026-d5f140eb90 Packages in this update:

• gnutls-3.8.13-1.fc43

Update description:

Update to 3.8.13, fixes, like 13 CVEs.

FEDORA-2026-668d2793e8 Packages in this update:

• gnutls-3.8.13-1.fc44

Update description:

Update to 3.8.13, fixes, like 13 CVEs.

Michał Majchrowicz and Marcin Wyczechowski discovered that sed incorrectly handled symbolic links when performing in-place edits. A local attacker could possibly use this issue to overwrite arbitrary files.

It was discovered that Exim incorrectly handled parsing malformed JSON in message headers. A remote attacker could possibly use this issue to execute arbitrary code. (CVE-2026-40685) It was discovered that Exim incorrectly handled processing of UTF-8 trailing characters. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2026-40686) It was discovered that Exim incorrectly handled SPA authenticator input. An authenticated user could possibly use this issue to execute arbitrary code. (CVE-2026-40687)

It was discovered that curl incorrectly reused non-TLS connections when TLS was required in some STARTTLS configurations. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2026-4873) It was discovered that curl incorrectly reused certain HTTP Negotiate connections. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2026-5545) It was discovered that curl incorrectly reused certain SMB connections. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2026-5773) It was discovered that curl could leak proxy credentials when handling redirects in some configurations. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2026-6253) It was discovered that curl could leak cookies because of stale custom cookie host handling in some requests. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2026-6276) It was discovered that curl could leak .netrc credentials when reusing proxy connections in some situations. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2026-6429) It was discovered that curl could leak Digest authentication state when switching proxies in some situations. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2026-7168)

FEDORA-2026-0f43f09cd9 Packages in this update:

• nodejs20-20.20.2-4.fc42

Update description:

Update for nodejs20

Version:7.1-rc2 (mainline) Released:2026-05-03 Source:linux-7.1-rc2.tar.gz Patch:full (incremental)

FEDORA-EPEL-2026-a9ba2c8be0 Packages in this update:

• gnuplot-6.0.4-2.el10_3

Update description:

Bump on EPEL10, fixes a security issue (rhbz#2357751)

FEDORA-2026-0f01e844c3 Packages in this update:

• SDL3_image-3.4.4-1.fc43

Update description:

Update to 3.4.4.

FEDORA-2026-992a75bea6 Packages in this update:

• SDL3_image-3.4.4-1.fc44

Update description:

Update to 3.4.4.

FEDORA-2026-2fed8dd674 Packages in this update:

• nextcloud-33.0.3-1.fc42

Update description:

33.0.3 Release

FEDORA-EPEL-2026-5039e33738 Packages in this update:

• nextcloud-33.0.3-1.el10_1

Update description:

33.0.3 Release

FEDORA-EPEL-2026-6610e2eca4 Packages in this update:

• nextcloud-33.0.3-1.el10_2

Update description:

33.0.3 Release

FEDORA-EPEL-2026-f7ea7872a6 Packages in this update:

• nextcloud-33.0.3-1.el10_3

Update description:

33.0.3 Release

FEDORA-2026-6599e30e04 Packages in this update:

• nextcloud-33.0.3-1.fc43

Update description:

33.0.3 Release