lighttpd-1.4.84-1.fc44
FEDORA-2026-1907dd9339
Packages in this update:
- lighttpd-1.4.84-1.fc44
1.4.84
1.4.83
Fedora Security Advisories
docker-buildkit-0.31.0-1.fc45
FEDORA-2026-c6481c190e
Packages in this update:
- docker-buildkit-0.31.0-1.fc45
Automatic update for docker-buildkit-0.31.0-1.fc45.
Changelog * Wed Jun 17 2026 Bradley G Smith <bradley.g.smith@gmail.com> - 0.31.0-1 - Update to release v0.31.0 - Resolve CVE-2026-39829: rhbz#2489939, rhbz#2490056 - Upstream new features and fixestigervnc-1.16.2-4.fc44
FEDORA-2026-e7c97d043e
Packages in this update:
- tigervnc-1.16.2-4.fc44
Fixes CVE-2026-50256 CVE-2026-50257 CVE-2026-50258 CVE-2026-50259 CVE-2026-50260 CVE-2026-50261 CVE-2026-50262 CVE-2026-50263 CVE-2026-50264.
tigervnc-1.16.2-4.fc43
FEDORA-2026-ad10afa9cd
Packages in this update:
- tigervnc-1.16.2-4.fc43
Fixes CVE-2026-50256 CVE-2026-50257 CVE-2026-50258 CVE-2026-50259 CVE-2026-50260 CVE-2026-50261 CVE-2026-50262 CVE-2026-50263 CVE-2026-50264.
freerdp-3.27.1-1.fc44
FEDORA-2026-9c6082d92d
Packages in this update:
- freerdp-3.27.1-1.fc44
Update to 3.27.1
It fixes CVE-2026-55191, CVE-2026-55192, CVE-2026-55193, CVE-2026-55194, CVE-2026-55648 and CVE-2026-55827.
freerdp-3.27.1-1.fc43
FEDORA-2026-78a12ffec8
Packages in this update:
- freerdp-3.27.1-1.fc43
Update to 3.27.1
It fixes CVE-2026-55191, CVE-2026-55192, CVE-2026-55193, CVE-2026-55194, CVE-2026-55648 and CVE-2026-55827.
chromium-149.0.7827.155-1.fc43
FEDORA-2026-f9a0af40b2
Packages in this update:
- chromium-149.0.7827.155-1.fc43
Update to 149.0.7827.155
- CVE-2026-12437: Use after free in WebShare
- CVE-2026-12438: Inappropriate implementation in WebView
- CVE-2026-12439: Use after free in Digital Credentials
- CVE-2026-12440: Use after free in DigitalCredentials
- CVE-2026-12441: Use after free in File Input
- CVE-2026-12442: Use after free in Passwords
- CVE-2026-12443: Use after free in Web Authentication
- CVE-2026-12444: Out of bounds read in Chromoting
- CVE-2026-12445: Use after free in Extensions
- CVE-2026-12446: Insufficient data validation in Passwords
- CVE-2026-12447: Heap buffer overflow in WebRTC
- CVE-2026-12448: Inappropriate implementation in WebView
- CVE-2026-12449: Use after free in Chromoting
- CVE-2026-12450: Inappropriate implementation in Media
- CVE-2026-12451: Use after free in DigitalCredentials
- CVE-2026-12452: Use after free in Downloads
- CVE-2026-12453: Insufficient validation of untrusted input in Input
- CVE-2026-12454: Race in Safe Browsing
- CVE-2026-12455: Use after free in Tab Strip
- CVE-2026-12456: Insufficient validation of untrusted input in Extensions
- CVE-2026-12457: Insufficient data validation in Extensions
- CVE-2026-12458: Incorrect security UI in Passwords
- CVE-2026-12459: Inappropriate implementation in Serial
- CVE-2026-12460: Insufficient policy enforcement in File System Access
- CVE-2026-12461: Out of bounds read in WebRTC
- CVE-2026-12462: Use after free in Media
- CVE-2026-12463: Inappropriate implementation in Views
- CVE-2026-12464: Use after free in Browser
- CVE-2026-12465: Insufficient validation of untrusted input in Metrics
- CVE-2026-12466: Heap buffer overflow in WebRTC
- CVE-2026-12467: Use after free in Extensions
- CVE-2026-12468: Inappropriate implementation in Updater
- CVE-2026-12469: Uninitialized Use in GPU
chromium-149.0.7827.155-1.fc44
FEDORA-2026-650bd96540
Packages in this update:
- chromium-149.0.7827.155-1.fc44
Update to 149.0.7827.155
- CVE-2026-12437: Use after free in WebShare
- CVE-2026-12438: Inappropriate implementation in WebView
- CVE-2026-12439: Use after free in Digital Credentials
- CVE-2026-12440: Use after free in DigitalCredentials
- CVE-2026-12441: Use after free in File Input
- CVE-2026-12442: Use after free in Passwords
- CVE-2026-12443: Use after free in Web Authentication
- CVE-2026-12444: Out of bounds read in Chromoting
- CVE-2026-12445: Use after free in Extensions
- CVE-2026-12446: Insufficient data validation in Passwords
- CVE-2026-12447: Heap buffer overflow in WebRTC
- CVE-2026-12448: Inappropriate implementation in WebView
- CVE-2026-12449: Use after free in Chromoting
- CVE-2026-12450: Inappropriate implementation in Media
- CVE-2026-12451: Use after free in DigitalCredentials
- CVE-2026-12452: Use after free in Downloads
- CVE-2026-12453: Insufficient validation of untrusted input in Input
- CVE-2026-12454: Race in Safe Browsing
- CVE-2026-12455: Use after free in Tab Strip
- CVE-2026-12456: Insufficient validation of untrusted input in Extensions
- CVE-2026-12457: Insufficient data validation in Extensions
- CVE-2026-12458: Incorrect security UI in Passwords
- CVE-2026-12459: Inappropriate implementation in Serial
- CVE-2026-12460: Insufficient policy enforcement in File System Access
- CVE-2026-12461: Out of bounds read in WebRTC
- CVE-2026-12462: Use after free in Media
- CVE-2026-12463: Inappropriate implementation in Views
- CVE-2026-12464: Use after free in Browser
- CVE-2026-12465: Insufficient validation of untrusted input in Metrics
- CVE-2026-12466: Heap buffer overflow in WebRTC
- CVE-2026-12467: Use after free in Extensions
- CVE-2026-12468: Inappropriate implementation in Updater
- CVE-2026-12469: Uninitialized Use in GPU
pacemaker-3.0.2-3.fc43
FEDORA-2026-6a4bfb1309
Packages in this update:
- pacemaker-3.0.2-3.fc43
xdg-desktop-portal-1.22.1-1.fc44
FEDORA-2026-d8f8abf763
Packages in this update:
- xdg-desktop-portal-1.22.1-1.fc44
Update to 1.22.1
It fixes CVE-2026-55888 and CVE-2026-55889.
haveged-1.9.23-1.el8
FEDORA-EPEL-2026-0638da5c88
Packages in this update:
- haveged-1.9.23-1.el8
Update to 1.9.23 — security hardening: - Use O_EXCL with sem_open to prevent semaphore pre-planting attacks - Fix OOB memory access in safein()/safeout() on socket errors - Reject command socket connections from different user namespaces - Use O_NOFOLLOW for PID file to prevent symlink attacks - Open random device with O_CLOEXEC, restrict semaphore to 0600 - Fix stale semaphore recovery after SIGKILL - Fix compilation when NO_COMMAND_MODE is defined
haveged-1.9.23-1.el10_2
FEDORA-EPEL-2026-6c01f75372
Packages in this update:
- haveged-1.9.23-1.el10_2
Update to 1.9.23 — security hardening: - Use O_EXCL with sem_open to prevent semaphore pre-planting attacks - Fix OOB memory access in safein()/safeout() on socket errors - Reject command socket connections from different user namespaces - Use O_NOFOLLOW for PID file to prevent symlink attacks - Open random device with O_CLOEXEC, restrict semaphore to 0600 - Fix stale semaphore recovery after SIGKILL - Fix compilation when NO_COMMAND_MODE is defined
haveged-1.9.23-1.el10_3
FEDORA-EPEL-2026-d206fb8dbe
Packages in this update:
- haveged-1.9.23-1.el10_3
Update to 1.9.23 — security hardening: - Use O_EXCL with sem_open to prevent semaphore pre-planting attacks - Fix OOB memory access in safein()/safeout() on socket errors - Reject command socket connections from different user namespaces - Use O_NOFOLLOW for PID file to prevent symlink attacks - Open random device with O_CLOEXEC, restrict semaphore to 0600 - Fix stale semaphore recovery after SIGKILL - Fix compilation when NO_COMMAND_MODE is defined
haveged-1.9.23-1.el9
FEDORA-EPEL-2026-50018db082
Packages in this update:
- haveged-1.9.23-1.el9
Update to 1.9.23 — security hardening: - Use O_EXCL with sem_open to prevent semaphore pre-planting attacks - Fix OOB memory access in safein()/safeout() on socket errors - Reject command socket connections from different user namespaces - Use O_NOFOLLOW for PID file to prevent symlink attacks - Open random device with O_CLOEXEC, restrict semaphore to 0600 - Fix stale semaphore recovery after SIGKILL - Fix compilation when NO_COMMAND_MODE is defined
haveged-1.9.23-1.fc43
FEDORA-2026-afa00da304
Packages in this update:
- haveged-1.9.23-1.fc43
Update to 1.9.23 — security hardening: - Use O_EXCL with sem_open to prevent semaphore pre-planting attacks - Fix OOB memory access in safein()/safeout() on socket errors - Reject command socket connections from different user namespaces - Use O_NOFOLLOW for PID file to prevent symlink attacks - Open random device with O_CLOEXEC, restrict semaphore to 0600 - Fix stale semaphore recovery after SIGKILL - Fix compilation when NO_COMMAND_MODE is defined
haveged-1.9.23-1.fc44
FEDORA-2026-333f3f8aba
Packages in this update:
- haveged-1.9.23-1.fc44
Update to 1.9.23 — security hardening: - Use O_EXCL with sem_open to prevent semaphore pre-planting attacks - Fix OOB memory access in safein()/safeout() on socket errors - Reject command socket connections from different user namespaces - Use O_NOFOLLOW for PID file to prevent symlink attacks - Open random device with O_CLOEXEC, restrict semaphore to 0600 - Fix stale semaphore recovery after SIGKILL - Fix compilation when NO_COMMAND_MODE is defined
nginx-1.30.3-1.fc43 nginx-mod-brotli-1.0.0~rc-11.fc43 nginx-mod-fancyindex-0.6.0-6.fc43 nginx-mod-headers-more-0.39-11.fc43 nginx-mod-modsecurity-1.0.4-12.fc43 nginx-mod-naxsi-1.6-19.fc43 nginx-mod-vts-0.2.4-11.fc43
FEDORA-2026-9d7328702e
Packages in this update:
- nginx-1.30.3-1.fc43
- nginx-mod-brotli-1.0.0~rc-11.fc43
- nginx-mod-fancyindex-0.6.0-6.fc43
- nginx-mod-headers-more-0.39-11.fc43
- nginx-mod-modsecurity-1.0.4-12.fc43
- nginx-mod-naxsi-1.6-19.fc43
- nginx-mod-vts-0.2.4-11.fc43
nginx-mod-headers-more:
- Rebuild for 1.30.3
nginx-mod-brotli:
- Rebuild for 1.30.3
nginx-mod-vts:
- Rebuild for 1.30.3
nginx-mod-modsecurity:
- Rebuild for 1.30.3
nginx-mod-fancyindex:
- Rebuild for 1.30.3
nginx-mod-naxsi:
- Rebuild for 1.30.3
nginx:
- update to 1.30.3
- fixes CVE-2026-42055, CVE-2026-42530 and CVE-2026-48142
nginx-1.30.3-1.fc44 nginx-mod-brotli-1.0.0~rc-11.fc44 nginx-mod-fancyindex-0.6.0-6.fc44 nginx-mod-headers-more-0.39-11.fc44 nginx-mod-js-challenge-0^20230517.gitda6852d-9.fc44 nginx-mod-modsecurity-1.0.4-12.fc44 nginx-mod-naxsi-1.6-19.fc44 nginx-mod-vts…
FEDORA-2026-b8e751787c
Packages in this update:
- nginx-1.30.3-1.fc44
- nginx-mod-brotli-1.0.0~rc-11.fc44
- nginx-mod-fancyindex-0.6.0-6.fc44
- nginx-mod-headers-more-0.39-11.fc44
- nginx-mod-js-challenge-0^20230517.gitda6852d-9.fc44
- nginx-mod-modsecurity-1.0.4-12.fc44
- nginx-mod-naxsi-1.6-19.fc44
- nginx-mod-vts-0.2.4-11.fc44
nginx-mod-brotli:
- Rebuild for 1.30.3
nginx-mod-fancyindex:
- Rebuild for 1.30.3
nginx-mod-vts:
- Rebuild for 1.30.3
nginx-mod-modsecurity:
- Rebuild for 1.30.3
nginx-mod-headers-more:
- Rebuild for 1.30.3
nginx-mod-naxsi:
- Rebuild for 1.30.3
nginx-mod-js-challenge:
- Rebuild for 1.30.3
nginx:
- update to 1.30.3
- fixes CVE-2026-42055, CVE-2026-42530 and CVE-2026-48142
nginx-1.30.3-1.fc45 nginx-mod-brotli-1.0.0~rc-11.fc45 nginx-mod-fancyindex-0.6.0-6.fc45 nginx-mod-headers-more-0.39-11.fc45 nginx-mod-js-challenge-0^20230517.gitda6852d-9.fc45 nginx-mod-modsecurity-1.0.4-12.fc45 nginx-mod-naxsi-1.6-19.fc45 nginx-mod-vts…
FEDORA-2026-e212182e6e
Packages in this update:
- nginx-1.30.3-1.fc45
- nginx-mod-brotli-1.0.0~rc-11.fc45
- nginx-mod-fancyindex-0.6.0-6.fc45
- nginx-mod-headers-more-0.39-11.fc45
- nginx-mod-js-challenge-0^20230517.gitda6852d-9.fc45
- nginx-mod-modsecurity-1.0.4-12.fc45
- nginx-mod-naxsi-1.6-19.fc45
- nginx-mod-vts-0.2.4-11.fc45
nginx-mod-brotli:
- Rebuild for 1.30.3
nginx-mod-fancyindex:
- Rebuild for 1.30.3
nginx-mod-modsecurity:
- Rebuild for 1.30.3
nginx-mod-headers-more:
- Rebuild for 1.30.3
nginx-mod-naxsi:
- Rebuild for 1.30.3
nginx-mod-js-challenge:
- Rebuild for 1.30.3
nginx-mod-vts:
- Rebuild for 1.30.3
nginx:
- update to 1.30.3
- fixes CVE-2026-42055, CVE-2026-42530 and CVE-2026-48142
openbao-2.5.5-1.el10_2
FEDORA-EPEL-2026-a80cc1ccf4
Packages in this update:
- openbao-2.5.5-1.el10_2
Update to upstream 2.5.5. Also fixes CVE-2026-55770, CVE-2026-55774, CVE-2026-55775, and CVE-2026-55776.