Fedora Security Advisories

• nextcloud-33.0.1-1.fc42

33.0.1 release

• nextcloud-33.0.1-1.el10_1

33.0.1 release

• calibre-9.6.0-1.fc43

Update to 9.6.0. Fixes rhbz#2452087

• calibre-9.6.0-1.fc44

Update to 9.6.0. Fixes rhbz#2452087

• webkitgtk-2.52.1-1.fc44

Update to 2.52.1:

• Reduce the amount of useless MPRIS notifications produced by MediaSesion when the information about media being played is incomplete.
• Add Sysprof marks for mouse events.
• Fix MediaSession icon for iheart.com not being displayed.
• Fix several crashes and rendering issues.
• Translation updates: Georgian.

Update to 2.52.0:

• Make text look like in other browsers by blending in linear color space.
• Improved rendering performance by using a different tile size depending on whether GPU rendering is enabled or not.
• Improved composition scheduling to avoid blocking waiting for tile painting.
• Improved performance of accelerated 2D canvas by recording operations for batched replay.
• Improved async scrolling when main thread is busy by avoiding locks and rendering the scrollbars from the scrolling thread.
• Enabled dynamic MSAA for accelerated 2D canvas rendering.
• Improved text rendering performance
• Videos with BT2100-PQ colorspace are now tone-mapped to SDR, ensuring colours do not appear washed out.
• Added support for the Audio Output Devices API.
• Added API to handle WebXR permission requests.
• Added API to query the immersive session status.
• Added initial API for web extensions.

2.51.93:

• Make text look like in other browsers by blending in linear color space.
• Avoid composition for non visible layers with running animations.
• Fix several crashes and rendering issues.

2.51.92:

• Fix PDF rendering broken by the accelerated 2D canvas performance improvements.
• Fix flickering while scrolling in some edge cases.
• Support for rotation and mirroring in internal WebCodecs encoder.
• System fallback font selection no longer takes style into account.
• Fix several crashes and rendering issues.

• polkit-127-2.fc44.2

CVE-2026-4897 aisle.com fix of unsanitized getline

• polkit-126-6.fc43.2

CVE-2026-4897 aisle.com fix of unsanitized getline

• polkit-126-3.fc42.2

CVE-2026-4897 aisle.com fix of unsanitized getline

• mingw-binutils-2.43.1-6.fc42

Backport fixes for multiple CVEs.

• mingw-binutils-2.45.1-2.fc43

Backport fixes for multiple CVEs.

• xen-4.19.5-1.fc42

update to xen 4.19.5

Use after free of paging structures in EPT [XSA-480, CVE-2026-23554] Xenstored DoS by unprivileged domain [XSA-481, CVE-2026-23555]

• mingw-gstreamer1-1.26.11-1.fc43
• mingw-gstreamer1-plugins-bad-free-1.26.11-1.fc43
• mingw-gstreamer1-plugins-base-1.26.11-1.fc43
• mingw-gstreamer1-plugins-good-1.26.11-1.fc43

Update to gstreamer-1.26.11.

• mingw-gstreamer1-1.26.11-1.fc42
• mingw-gstreamer1-plugins-bad-free-1.26.11-1.fc42
• mingw-gstreamer1-plugins-base-1.26.11-1.fc42
• mingw-gstreamer1-plugins-good-1.26.11-1.fc42

Update to gstreamer-1.26.11.

• mingw-python3-3.11.15-2.fc42

Update to python-3.11.15, backport fixes for CVE-2026-4519, CVE-2026-3644, CVE-2026-4224, CVE-2026-2297

• mingw-python3-3.11.15-2.fc44

Update to python-3.11.15, backport fixes for CVE-2026-4519, CVE-2026-3644, CVE-2026-4224, CVE-2026-2297

• mingw-python3-3.11.15-2.fc43

Update to python-3.11.15, backport fixes for CVE-2026-4519, CVE-2026-3644, CVE-2026-4224, CVE-2026-2297

• mapserver-8.4.1-3.fc43

Backport fix for CVE-2026-33721.

• mapserver-8.4.1-3.fc42

Backport fix for CVE-2026-33721.

• mapserver-8.6.1-1.fc44

Update to mapserver 8.6.1.

• mapserver-8.6.1-1.el9

Update to mapserver 8.6.1.