nextcloud-33.0.6-1.el10_2
FEDORA-EPEL-2026-32625d66b9
Packages in this update:
- nextcloud-33.0.6-1.el10_2
33.0.6 Release
Fedora Security Advisories
nextcloud-33.0.6-1.el10_3
FEDORA-EPEL-2026-ba0c05aa3d
Packages in this update:
- nextcloud-33.0.6-1.el10_3
33.0.6 Release
nextcloud-33.0.6-1.fc43
FEDORA-2026-5afe6630dc
Packages in this update:
- nextcloud-33.0.6-1.fc43
33.0.6 Release
nextcloud-33.0.6-1.fc44
FEDORA-2026-ee50c21f92
Packages in this update:
- nextcloud-33.0.6-1.fc44
33.0.6 Release
mariadb10.11-10.11.18-2.fc44
FEDORA-2026-0b7d84b1d6
Packages in this update:
- mariadb10.11-10.11.18-2.fc44
MariaDB 10.11.18
Upstream Release notes: https://mariadb.com/docs/release-notes/community-server/10.11/10.11.18 Upstream Changelog: https://mariadb.com/docs/release-notes/community-server/changelogs/10.11/10.11.18 Fixes CVEs: CVE-2026-49261 CVE-2026-48165 CVE-2026-48163 CVE-2026-44173 CVE-2026-44172 CVE-2026-44171 CVE-2026-44170 CVE-2026-44168mariadb10.11-10.11.18-2.fc43
FEDORA-2026-efc64a64ec
Packages in this update:
- mariadb10.11-10.11.18-2.fc43
MariaDB 10.11.18
Upstream Release notes: https://mariadb.com/docs/release-notes/community-server/10.11/10.11.18 Upstream Changelog: https://mariadb.com/docs/release-notes/community-server/changelogs/10.11/10.11.18 Fixes CVEs: CVE-2026-49261 CVE-2026-48165 CVE-2026-48163 CVE-2026-44173 CVE-2026-44172 CVE-2026-44171 CVE-2026-44170 CVE-2026-44168tmux-3.6b-5.fc44
FEDORA-2026-8a9e99315d
Packages in this update:
- tmux-3.6b-5.fc44
fix for bug 2487530 - CVE-2026-11623 tmux: tmux: Use-after-free vulnerability [fedora-all]
tmux-3.6b-6.fc43
FEDORA-2026-50308b152f
Packages in this update:
- tmux-3.6b-6.fc43
fix for bug 2487530 - CVE-2026-11623 tmux: tmux: Use-after-free vulnerability [fedora-all]
python-jupyter-server-2.20.0-1.fc43
FEDORA-2026-275d2ecbbd
Packages in this update:
- python-jupyter-server-2.20.0-1.fc43
New version fixing high-severity CVE.
python-jupyter-server-2.20.0-1.fc44
FEDORA-2026-dd1d19e58b
Packages in this update:
- python-jupyter-server-2.20.0-1.fc44
New version fixing high-severity CVE.
New version of jupyter-server fixing various security vulnerabilities.
mariadb11.8-11.8.8-1.fc43
FEDORA-2026-c39d84e105
Packages in this update:
- mariadb11.8-11.8.8-1.fc43
MariaDB 11.8.8
Upstream Release notes: https://mariadb.com/docs/release-notes/community-server/11.8/11.8.8 Upstream Changelog: https://mariadb.com/docs/release-notes/community-server/changelogs/11.8/11.8.8 Fixes CVEs: CVE-2026-49261 CVE-2026-48165 CVE-2026-48163 CVE-2026-44173 CVE-2026-44172 CVE-2026-44171 CVE-2026-44170 CVE-2026-44169 CVE-2026-44168mariadb11.8-11.8.8-3.fc44
FEDORA-2026-3fdd0e930d
Packages in this update:
- mariadb11.8-11.8.8-3.fc44
MariaDB 11.8.8
Upstream Release notes: https://mariadb.com/docs/release-notes/community-server/11.8/11.8.8 Upstream Changelog: https://mariadb.com/docs/release-notes/community-server/changelogs/11.8/11.8.8 Fixes CVEs: CVE-2026-49261 CVE-2026-48165 CVE-2026-48163 CVE-2026-44173 CVE-2026-44172 CVE-2026-44171 CVE-2026-44170 CVE-2026-44169 CVE-2026-44168nsd-4.14.3-1.fc43
FEDORA-2026-2843bb1cc8
Packages in this update:
- nsd-4.14.3-1.fc43
- Fix for CVE-2026-12244: A specially crafted SVCB RR can cause a heap overflow of up to 65509 attacker controlled bytes. Thanks to Qifan Zhang, Palo Alto Networks for the report https://www.nlnetlabs.nl/downloads/nsd/CVE-2026-12244.txt
- Fix for CVE-2026-12245: If NSD is configured with DNS over TLS, a client that performs a TLS action, closing the connection early, causes a crash and restart of the server process. An attacker can keep all children in a crash-restart loop denying DoT service. Thanks to Qifan Zhang, Palo Alto Networks for the report. https://www.nlnetlabs.nl/downloads/nsd/CVE-2026-12245.txt
- Fix for CVE-2026-12246: The RR type APL rdata address, if too large, causes out of bounds write on the stack, when the zonefile is written out. Thanks to Qifan Zhang from Palo Alto Networks, Haruki Oyama from Waseda University and zhangph for the report. https://www.nlnetlabs.nl/downloads/nsd/CVE-2026-12246.txt
- Fix for CVE-2026-12490: Secondaries authenticated by a client certificate to transfer a zone over TLS, can bypass verification by transferring over TCP. Thanks to Qifan Zhang, Palo Alto Networks for the report. https://www.nlnetlabs.nl/downloads/nsd/CVE-2026-12490.txt
nsd-4.14.3-1.fc44
FEDORA-2026-dd3a7926a3
Packages in this update:
- nsd-4.14.3-1.fc44
- Fix for CVE-2026-12244: A specially crafted SVCB RR can cause a heap overflow of up to 65509 attacker controlled bytes. Thanks to Qifan Zhang, Palo Alto Networks for the report https://www.nlnetlabs.nl/downloads/nsd/CVE-2026-12244.txt
- Fix for CVE-2026-12245: If NSD is configured with DNS over TLS, a client that performs a TLS action, closing the connection early, causes a crash and restart of the server process. An attacker can keep all children in a crash-restart loop denying DoT service. Thanks to Qifan Zhang, Palo Alto Networks for the report. https://www.nlnetlabs.nl/downloads/nsd/CVE-2026-12245.txt
- Fix for CVE-2026-12246: The RR type APL rdata address, if too large, causes out of bounds write on the stack, when the zonefile is written out. Thanks to Qifan Zhang from Palo Alto Networks, Haruki Oyama from Waseda University and zhangph for the report. https://www.nlnetlabs.nl/downloads/nsd/CVE-2026-12246.txt
- Fix for CVE-2026-12490: Secondaries authenticated by a client certificate to transfer a zone over TLS, can bypass verification by transferring over TCP. Thanks to Qifan Zhang, Palo Alto Networks for the report. https://www.nlnetlabs.nl/downloads/nsd/CVE-2026-12490.txt
python-streamlink-8.4.0-1.fc43
FEDORA-2026-4d6aae2d33
Packages in this update:
- python-streamlink-8.4.0-1.fc43
- SECURITY: fixed arbitrary local file read via file:// URI in HLS and DASH (CVE-2026-44353 / GHSA-hgqw-6m45-hw5f)
- Added: --stream-passthrough-encrypted for passing through encrypted HLS/DASH segments to the output stream without any checks (#6896)
- Fixed: --interface selection by name on macOS (#6908)
- Fixed: --interface not being applied to adapters mounted after session init (#6915)
- Updated plugins:
- goltelevision: rewritten and fixed plugin (#6916)
- twitcasting: improved ad segment filtering (#6910)
- Added: support for choosing the --interface by name on non-Windows systems, with optional prefixes, similar to curl (#6862)
- Added: support for also checking stream segments in HLSStream.parse_variant_playlist() by setting check_streams="segments" (#6878)
- Fixed: stdout/stderr streams in ProcessOutput not being fully line-buffered (#6868)
- Updated plugins:
- cdnbg: rewritten and fixed plugin (#6890)
- nicolive: added websocket reconnect attempts on HLS decryption key retrieval failure (#6871)
- soop: migrated to sooplive.com (#6876)
- telefe: rewritten and fixed plugin (#6891)
python-streamlink-8.4.0-1.fc44
FEDORA-2026-b9232006bb
Packages in this update:
- python-streamlink-8.4.0-1.fc44
- SECURITY: fixed arbitrary local file read via file:// URI in HLS and DASH (CVE-2026-44353 / GHSA-hgqw-6m45-hw5f)
- Added: --stream-passthrough-encrypted for passing through encrypted HLS/DASH segments to the output stream without any checks (#6896)
- Fixed: --interface selection by name on macOS (#6908)
- Fixed: --interface not being applied to adapters mounted after session init (#6915)
- Updated plugins:
- goltelevision: rewritten and fixed plugin (#6916)
- twitcasting: improved ad segment filtering (#6910)
- Added: support for choosing the --interface by name on non-Windows systems, with optional prefixes, similar to curl (#6862)
- Added: support for also checking stream segments in HLSStream.parse_variant_playlist() by setting check_streams="segments" (#6878)
- Fixed: stdout/stderr streams in ProcessOutput not being fully line-buffered (#6868)
- Updated plugins:
- cdnbg: rewritten and fixed plugin (#6890)
- nicolive: added websocket reconnect attempts on HLS decryption key retrieval failure (#6871)
- soop: migrated to sooplive.com (#6876)
- telefe: rewritten and fixed plugin (#6891)
chromium-149.0.7827.196-1.el10_3
FEDORA-EPEL-2026-b2d0fa716d
Packages in this update:
- chromium-149.0.7827.196-1.el10_3
149.0.7827.196 security release
* CVE-2026-13028: Use after free in WebGL * CVE-2026-13032: Use after free in WebGL * CVE-2026-13033: Out of bounds read in Blink>InterestGroups * CVE-2026-13038: Use after free in Autofill * CVE-2026-13021: Inappropriate implementation in DeviceBoundSessionCredentials * CVE-2026-13022: Inappropriate implementation in Autofill * CVE-2026-13023: Uninitialized Use in GPU * CVE-2026-13024: Insufficient validation of untrusted input in Navigation * CVE-2026-13025: Insufficient validation of untrusted input in DevTools * CVE-2026-13026: Use after free in Digital Credentials * CVE-2026-13027: Use after free in FileSystem * CVE-2026-13029: Use after free in Web Authentication * CVE-2026-13030: Uninitialized Use in GPU * CVE-2026-13031: Use after free in Blink * CVE-2026-13034: Inappropriate implementation in Passwords * CVE-2026-13035: Use after free in Bluetooth * CVE-2026-13036: Use after free in Blink * CVE-2026-13037: Use after free in WebViewchromium-149.0.7827.196-1.el9
FEDORA-EPEL-2026-262f68b5b5
Packages in this update:
- chromium-149.0.7827.196-1.el9
149.0.7827.196 security release
* CVE-2026-13028: Use after free in WebGL * CVE-2026-13032: Use after free in WebGL * CVE-2026-13033: Out of bounds read in Blink>InterestGroups * CVE-2026-13038: Use after free in Autofill * CVE-2026-13021: Inappropriate implementation in DeviceBoundSessionCredentials * CVE-2026-13022: Inappropriate implementation in Autofill * CVE-2026-13023: Uninitialized Use in GPU * CVE-2026-13024: Insufficient validation of untrusted input in Navigation * CVE-2026-13025: Insufficient validation of untrusted input in DevTools * CVE-2026-13026: Use after free in Digital Credentials * CVE-2026-13027: Use after free in FileSystem * CVE-2026-13029: Use after free in Web Authentication * CVE-2026-13030: Uninitialized Use in GPU * CVE-2026-13031: Use after free in Blink * CVE-2026-13034: Inappropriate implementation in Passwords * CVE-2026-13035: Use after free in Bluetooth * CVE-2026-13036: Use after free in Blink * CVE-2026-13037: Use after free in WebViewchromium-149.0.7827.196-1.el10_2
FEDORA-EPEL-2026-b9cf5268bd
Packages in this update:
- chromium-149.0.7827.196-1.el10_2
149.0.7827.196 security release
* CVE-2026-13028: Use after free in WebGL * CVE-2026-13032: Use after free in WebGL * CVE-2026-13033: Out of bounds read in Blink>InterestGroups * CVE-2026-13038: Use after free in Autofill * CVE-2026-13021: Inappropriate implementation in DeviceBoundSessionCredentials * CVE-2026-13022: Inappropriate implementation in Autofill * CVE-2026-13023: Uninitialized Use in GPU * CVE-2026-13024: Insufficient validation of untrusted input in Navigation * CVE-2026-13025: Insufficient validation of untrusted input in DevTools * CVE-2026-13026: Use after free in Digital Credentials * CVE-2026-13027: Use after free in FileSystem * CVE-2026-13029: Use after free in Web Authentication * CVE-2026-13030: Uninitialized Use in GPU * CVE-2026-13031: Use after free in Blink * CVE-2026-13034: Inappropriate implementation in Passwords * CVE-2026-13035: Use after free in Bluetooth * CVE-2026-13036: Use after free in Blink * CVE-2026-13037: Use after free in WebViewpdns-recursor-5.4.3-1.el10_2
FEDORA-EPEL-2026-fa6af7decc
Packages in this update:
- pdns-recursor-5.4.3-1.el10_2
update to latest upstream release to fix CVEs