Explore top 10 tips to secure your open-source projects now. Read More
×
33.0.6 Release. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-ee50c21f92 2026-07-05 01:07:02.694223+00:00 -------------------------------------------------------------------------------- Name : nextcloud Product : Fedora 44 Version : 33.0.6 Release : 1.fc44 URL : http://nextcloud.com Summary : Private file sync and share server Description : NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing right on the web. NextCloud is extendable via a simple but powerful API for applications and plugins. -------------------------------------------------------------------------------- Update Information: 33.0.6 Release -------------------------------------------------------------------------------- ChangeLog: * Fri Jun 26 2026 Andrew Bauer - 33.0.6-1 - 33.0.6 release * Tue Jun 9 2026 Brian J. Murrell - 33.0.5-2 - Dynamically determine which .map file to update the occ upgrade command in -------------------------------------------------------------------------------- References: [ 1 ] Bug #2486357 - nextcloud-34.0.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2486357 [ 2 ] Bug #2486491 - CVE-2026-41150 nextcloud: Mermaid: Denial of Service via specially crafted gantt charts [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2486491 [ 3 ] Bug #2486496 - CVE-2026-41150 nextcloud: Mermaid: Denial of Service via specially crafted gantt charts [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2486496 [ 4 ] Bug #2487344 - .map file update is fragile https://bugzilla.redhat.com/show_bug.cgi?id=2487344 [ 5 ] Bug #2487477 - CVE-2026-8723 nextcloud: qs: Denial of Service due to improper handling of null/undefined array elements [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2487477 [ 6 ] Bug #2487498 - CVE-2026-8723 nextcloud: qs: Denial of Service due to improper handling of null/undefined array elements [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2487498 [ 7 ] Bug #2488103 - CVE-2026-44495 nextcloud: Axios: Information disclosure due to prototype pollution vulnerability [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488103 [ 8 ] Bug #2488116 - CVE-2026-44489 nextcloud: Axios: Information disclosure via Prototype Pollution [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488116 [ 9 ] Bug #2488118 - CVE-2026-44495 nextcloud: Axios: Information disclosure due to prototype pollution vulnerability [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488118 [ 10 ] Bug #2488119 - CVE-2026-44489 nextcloud: Axios: Information disclosure via Prototype Pollution [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488119 [ 11 ] Bug #2488129 - CVE-2026-44490 nextcloud: Axios: Information disclosure and denial of service due to prototype pollution [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488129 [ 12 ] Bug #2488137 - CVE-2026-44490 nextcloud: Axios: Information disclosure and denial of service due to prototype pollution [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488137 [ 13 ] Bug #2488146 - CVE-2026-44488 nextcloud: Axios: Denial of Service due to unenforced request and response size limits [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488146 [ 14 ] Bug #2488154 - CVE-2026-44488 nextcloud: Axios: Denial of Service due to unenforced request and response size limits [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488154 [ 15 ] Bug #2488159 - CVE-2026-44487 nextcloud: Axios: Information disclosure of proxy credentials via redirect flows [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488159 [ 16 ] Bug #2488171 - CVE-2026-44487nextcloud: Axios: Information disclosure of proxy credentials via redirect flows [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488171 [ 17 ] Bug #2488186 - CVE-2026-44494 nextcloud: Axios: Man-in-the-Middle (MITM) attack via Prototype Pollution [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488186 [ 18 ] Bug #2488188 - CVE-2026-44494 nextcloud: Axios: Man-in-the-Middle (MITM) attack via Prototype Pollution [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488188 [ 19 ] Bug #2488192 - CVE-2026-44486 nextcloud: Axios: Information disclosure of proxy credentials via HTTP redirects [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488192 [ 20 ] Bug #2488196 - CVE-2026-44486 nextcloud: Axios: Information disclosure of proxy credentials via HTTP redirects [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488196 [ 21 ] Bug #2488202 - CVE-2026-44496 nextcloud: Axios: Client-side Denial of Service via unescaped regex metacharacters in XSRF cookie name [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488202 [ 22 ] Bug #2488207 - CVE-2026-44496 nextcloud: Axios: Client-side Denial of Service via unescaped regex metacharacters in XSRF cookie name [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488207 [ 23 ] Bug #2488219 - CVE-2026-44492 nextcloud: Axios: Proxy bypass via IPv4-mapped IPv6 address non-normalization [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488219 [ 24 ] Bug #2488224 - CVE-2026-44492 nextcloud: Axios: Proxy bypass via IPv4-mapped IPv6 address non-normalization [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488224 [ 25 ] Bug #2488275 - CVE-2026-48998 nextcloud: guzzlehttp/psr7: Information disclosure via improper Host header validation [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488275 [ 26 ] Bug #2488278 - CVE-2026-48998 nextcloud: guzzlehttp/psr7: Information disclosure via improper Host headervalidation [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488278 [ 27 ] Bug #2489107 - CVE-2026-49214 nextcloud: `guzzlehttp/psr7`: Request Smuggling and Cache Poisoning via HTTP Header Injection [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2489107 [ 28 ] Bug #2489108 - CVE-2026-49214 nextcloud: `guzzlehttp/psr7`: Request Smuggling and Cache Poisoning via HTTP Header Injection [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2489108 [ 29 ] Bug #2489147 - CVE-2026-41148 nextcloud: Mermaid: CSS injection vulnerability allows page defacement and information disclosure [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2489147 [ 30 ] Bug #2489154 - CVE-2026-41148 nextcloud: Mermaid: CSS injection vulnerability allows page defacement and information disclosure [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2489154 [ 31 ] Bug #2489164 - CVE-2026-54133 nextcloud: jmespath.php has CompilerRuntime code injection via unescaped function names [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2489164 [ 32 ] Bug #2489165 - CVE-2026-54133 nextcloud: jmespath.php has CompilerRuntime code injection via unescaped function names [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2489165 [ 33 ] Bug #2489259 - CVE-2026-41149 nextcloud: Mermaid: HTML injection via classDef directive in state diagrams [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2489259 [ 34 ] Bug #2489262 - CVE-2026-41149 nextcloud: Mermaid: HTML injection via classDef directive in state diagrams [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2489262 [ 35 ] Bug #2491652 - CVE-2026-42040 nextcloud: Axios: Incorrect null byte handling can lead to data integrity issues [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2491652 [ 36 ] Bug #2491660 - CVE-2026-42040 nextcloud: Axios: Incorrect null byte handling can lead to data integrity issues [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2491660 [ 37 ] Bug #2491781 - CVE-2026-55766 nextcloud: guzzlehttp/psr7: Information disclosure due to improper handling of CR/LF characters in HTTP start-line fields [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2491781 [ 38 ] Bug #2491785 - CVE-2026-55766 nextcloud: guzzlehttp/psr7: Information disclosure due to improper handling of CR/LF characters in HTTP start-line fields [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2491785 [ 39 ] Bug #2491789 - CVE-2026-55568 nextcloud: Guzzle: Information disclosure via cleartext proxy communication [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2491789 [ 40 ] Bug #2491790 - CVE-2026-55767 nextcloud: Guzzle: Cookie injection and session fixation due to improper domain validation [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2491790 [ 41 ] Bug #2491791 - CVE-2026-55568 nextcloud: Guzzle: Information disclosure via cleartext proxy communication [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2491791 [ 42 ] Bug #2491792 - CVE-2026-55767 nextcloud: Guzzle: Cookie injection and session fixation due to improper domain validation [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2491792 [ 43 ] Bug #2492891 - CVE-2026-42264 nextcloud: Axios: Prototype pollution allows information disclosure and request manipulation [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2492891 [ 44 ] Bug #2492905 - CVE-2026-42264 nextcloud: Axios: Prototype pollution allows information disclosure and request manipulation [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2492905 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-ee50c21f92' at the command line. For more information, refer to the dnf documentation availableat http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
33.0.6 Release. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-5afe6630dc 2026-07-05 00:49:16.510808+00:00 -------------------------------------------------------------------------------- Name : nextcloud Product : Fedora 43 Version : 33.0.6 Release : 1.fc43 URL : http://nextcloud.com Summary : Private file sync and share server Description : NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing right on the web. NextCloud is extendable via a simple but powerful API for applications and plugins. -------------------------------------------------------------------------------- Update Information: 33.0.6 Release -------------------------------------------------------------------------------- ChangeLog: * Fri Jun 26 2026 Andrew Bauer - 33.0.6-1 - 33.0.6 release * Tue Jun 9 2026 Brian J. Murrell - 33.0.5-2 - Dynamically determine which .map file to update the occ upgrade command in -------------------------------------------------------------------------------- References: [ 1 ] Bug #2486357 - nextcloud-34.0.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2486357 [ 2 ] Bug #2486491 - CVE-2026-41150 nextcloud: Mermaid: Denial of Service via specially crafted gantt charts [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2486491 [ 3 ] Bug #2486496 - CVE-2026-41150 nextcloud: Mermaid: Denial of Service via specially crafted gantt charts [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2486496 [ 4 ] Bug #2487344 - .map file update is fragile https://bugzilla.redhat.com/show_bug.cgi?id=2487344 [ 5 ] Bug #2487477 - CVE-2026-8723 nextcloud: qs: Denial of Service due to improper handling of null/undefined array elements [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2487477 [ 6 ] Bug #2487498 - CVE-2026-8723 nextcloud: qs: Denial of Service due to improper handling of null/undefined array elements [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2487498 [ 7 ] Bug #2488103 - CVE-2026-44495 nextcloud: Axios: Information disclosure due to prototype pollution vulnerability [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488103 [ 8 ] Bug #2488116 - CVE-2026-44489 nextcloud: Axios: Information disclosure via Prototype Pollution [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488116 [ 9 ] Bug #2488118 - CVE-2026-44495 nextcloud: Axios: Information disclosure due to prototype pollution vulnerability [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488118 [ 10 ] Bug #2488119 - CVE-2026-44489 nextcloud: Axios: Information disclosure via Prototype Pollution [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488119 [ 11 ] Bug #2488129 - CVE-2026-44490 nextcloud: Axios: Information disclosure and denial of service due to prototype pollution [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488129 [ 12 ] Bug #2488137 - CVE-2026-44490 nextcloud: Axios: Information disclosure and denial of service due to prototype pollution [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488137 [ 13 ] Bug #2488146 - CVE-2026-44488 nextcloud: Axios: Denial of Service due to unenforced request and response size limits [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488146 [ 14 ] Bug #2488154 - CVE-2026-44488 nextcloud: Axios: Denial of Service due to unenforced request and response size limits [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488154 [ 15 ] Bug #2488159 - CVE-2026-44487 nextcloud: Axios: Information disclosure of proxy credentials via redirect flows [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488159 [ 16 ] Bug #2488171 - CVE-2026-44487nextcloud: Axios: Information disclosure of proxy credentials via redirect flows [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488171 [ 17 ] Bug #2488186 - CVE-2026-44494 nextcloud: Axios: Man-in-the-Middle (MITM) attack via Prototype Pollution [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488186 [ 18 ] Bug #2488188 - CVE-2026-44494 nextcloud: Axios: Man-in-the-Middle (MITM) attack via Prototype Pollution [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488188 [ 19 ] Bug #2488192 - CVE-2026-44486 nextcloud: Axios: Information disclosure of proxy credentials via HTTP redirects [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488192 [ 20 ] Bug #2488196 - CVE-2026-44486 nextcloud: Axios: Information disclosure of proxy credentials via HTTP redirects [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488196 [ 21 ] Bug #2488202 - CVE-2026-44496 nextcloud: Axios: Client-side Denial of Service via unescaped regex metacharacters in XSRF cookie name [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488202 [ 22 ] Bug #2488207 - CVE-2026-44496 nextcloud: Axios: Client-side Denial of Service via unescaped regex metacharacters in XSRF cookie name [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488207 [ 23 ] Bug #2488219 - CVE-2026-44492 nextcloud: Axios: Proxy bypass via IPv4-mapped IPv6 address non-normalization [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488219 [ 24 ] Bug #2488224 - CVE-2026-44492 nextcloud: Axios: Proxy bypass via IPv4-mapped IPv6 address non-normalization [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488224 [ 25 ] Bug #2488275 - CVE-2026-48998 nextcloud: guzzlehttp/psr7: Information disclosure via improper Host header validation [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488275 [ 26 ] Bug #2488278 - CVE-2026-48998 nextcloud: guzzlehttp/psr7: Information disclosure via improper Host headervalidation [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488278 [ 27 ] Bug #2489107 - CVE-2026-49214 nextcloud: `guzzlehttp/psr7`: Request Smuggling and Cache Poisoning via HTTP Header Injection [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2489107 [ 28 ] Bug #2489108 - CVE-2026-49214 nextcloud: `guzzlehttp/psr7`: Request Smuggling and Cache Poisoning via HTTP Header Injection [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2489108 [ 29 ] Bug #2489147 - CVE-2026-41148 nextcloud: Mermaid: CSS injection vulnerability allows page defacement and information disclosure [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2489147 [ 30 ] Bug #2489154 - CVE-2026-41148 nextcloud: Mermaid: CSS injection vulnerability allows page defacement and information disclosure [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2489154 [ 31 ] Bug #2489164 - CVE-2026-54133 nextcloud: jmespath.php has CompilerRuntime code injection via unescaped function names [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2489164 [ 32 ] Bug #2489165 - CVE-2026-54133 nextcloud: jmespath.php has CompilerRuntime code injection via unescaped function names [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2489165 [ 33 ] Bug #2489259 - CVE-2026-41149 nextcloud: Mermaid: HTML injection via classDef directive in state diagrams [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2489259 [ 34 ] Bug #2489262 - CVE-2026-41149 nextcloud: Mermaid: HTML injection via classDef directive in state diagrams [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2489262 [ 35 ] Bug #2491652 - CVE-2026-42040 nextcloud: Axios: Incorrect null byte handling can lead to data integrity issues [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2491652 [ 36 ] Bug #2491660 - CVE-2026-42040 nextcloud: Axios: Incorrect null byte handling can lead to data integrity issues [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2491660 [ 37 ] Bug #2491781 - CVE-2026-55766 nextcloud: guzzlehttp/psr7: Information disclosure due to improper handling of CR/LF characters in HTTP start-line fields [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2491781 [ 38 ] Bug #2491785 - CVE-2026-55766 nextcloud: guzzlehttp/psr7: Information disclosure due to improper handling of CR/LF characters in HTTP start-line fields [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2491785 [ 39 ] Bug #2491789 - CVE-2026-55568 nextcloud: Guzzle: Information disclosure via cleartext proxy communication [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2491789 [ 40 ] Bug #2491790 - CVE-2026-55767 nextcloud: Guzzle: Cookie injection and session fixation due to improper domain validation [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2491790 [ 41 ] Bug #2491791 - CVE-2026-55568 nextcloud: Guzzle: Information disclosure via cleartext proxy communication [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2491791 [ 42 ] Bug #2491792 - CVE-2026-55767 nextcloud: Guzzle: Cookie injection and session fixation due to improper domain validation [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2491792 [ 43 ] Bug #2492891 - CVE-2026-42264 nextcloud: Axios: Prototype pollution allows information disclosure and request manipulation [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2492891 [ 44 ] Bug #2492905 - CVE-2026-42264 nextcloud: Axios: Prototype pollution allows information disclosure and request manipulation [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2492905 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-5afe6630dc' at the command line. For more information, refer to the dnf documentation availableat http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
33.0.4 Release. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-30881a5be7 2026-06-05 04:25:00.359051+00:00 -------------------------------------------------------------------------------- Name : nextcloud Product : Fedora 44 Version : 33.0.4 Release : 1.fc44 URL : http://nextcloud.com Summary : Private file sync and share server Description : NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing right on the web. NextCloud is extendable via a simple but powerful API for applications and plugins. -------------------------------------------------------------------------------- Update Information: 33.0.4 Release -------------------------------------------------------------------------------- ChangeLog: * Thu May 28 2026 Andrew Bauer - 33.0.4-1 - 33.0.4 Release RHBZ#2482794 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2467998 - CVE-2026-42044 nextcloud: Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2467998 [ 2 ] Bug #2468008 - CVE-2026-42044 nextcloud: Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2468008 [ 3 ] Bug #2476733 - CVE-2026-44167 nextcloud: phpseclib: Denial of Service via untrusted ASN.1 file loading [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2476733 [ 4 ] Bug #2476734 - CVE-2026-44167 nextcloud: phpseclib: Denial of Service via untrusted ASN.1 file loading [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2476734 [ 5 ] Bug #2482794 - nextcloud-33.0.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=2482794 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-30881a5be7' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
33.0.4 Release. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-e187104307 2026-06-05 04:07:33.980039+00:00 -------------------------------------------------------------------------------- Name : nextcloud Product : Fedora 43 Version : 33.0.4 Release : 1.fc43 URL : http://nextcloud.com Summary : Private file sync and share server Description : NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing right on the web. NextCloud is extendable via a simple but powerful API for applications and plugins. -------------------------------------------------------------------------------- Update Information: 33.0.4 Release -------------------------------------------------------------------------------- ChangeLog: * Thu May 28 2026 Andrew Bauer - 33.0.4-1 - 33.0.4 Release RHBZ#2482794 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2467998 - CVE-2026-42044 nextcloud: Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2467998 [ 2 ] Bug #2468008 - CVE-2026-42044 nextcloud: Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2468008 [ 3 ] Bug #2476733 - CVE-2026-44167 nextcloud: phpseclib: Denial of Service via untrusted ASN.1 file loading [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2476733 [ 4 ] Bug #2476734 - CVE-2026-44167 nextcloud: phpseclib: Denial of Service via untrusted ASN.1 file loading [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2476734 [ 5 ] Bug #2482794 - nextcloud-33.0.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=2482794 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-e187104307' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
33.0.4 Release. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-e187104307 2026-06-05 04:07:33.980039+00:00 -------------------------------------------------------------------------------- Name : nextcloud Product : Fedora 43 Version : 33.0.4 Release : 1.fc43 URL : http://nextcloud.com Summary : Private file sync and share server Description : NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing right on the web. NextCloud is extendable via a simple but powerful API for applications and plugins. -------------------------------------------------------------------------------- Update Information: 33.0.4 Release -------------------------------------------------------------------------------- ChangeLog: * Thu May 28 2026 Andrew Bauer - 33.0.4-1 - 33.0.4 Release RHBZ#2482794 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2467998 - CVE-2026-42044 nextcloud: Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2467998 [ 2 ] Bug #2468008 - CVE-2026-42044 nextcloud: Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2468008 [ 3 ] Bug #2476733 - CVE-2026-44167 nextcloud: phpseclib: Denial of Service via untrusted ASN.1 file loading [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2476733 [ 4 ] Bug #2476734 - CVE-2026-44167 nextcloud: phpseclib: Denial of Service via untrusted ASN.1 file loading [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2476734 [ 5 ] Bug #2482794 - nextcloud-33.0.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=2482794 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-e187104307' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
33.0.3 Release. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-6599e30e04 2026-05-11 01:00:46.370221+00:00 -------------------------------------------------------------------------------- Name : nextcloud Product : Fedora 43 Version : 33.0.3 Release : 1.fc43 URL : http://nextcloud.com Summary : Private file sync and share server Description : NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing right on the web. NextCloud is extendable via a simple but powerful API for applications and plugins. -------------------------------------------------------------------------------- Update Information: 33.0.3 Release -------------------------------------------------------------------------------- ChangeLog: * Sat May 2 2026 Andrew Bauer - 33.0.3-1 - 33.0.3 Release RHBZ#2454311 * Sat Apr 18 2026 Andrew Bauer - 33.0.1-2 - fix cli upgrade advice -------------------------------------------------------------------------------- References: [ 1 ] Bug #2452582 - CVE-2026-33916 nextcloud: Handlebars: Cross-Site Scripting (XSS) via prototype pollution in partial resolution [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2452582 [ 2 ] Bug #2452588 - CVE-2026-33937 nextcloud: Handlebars: Remote Code Execution via crafted Abstract Syntax Tree object in compile() [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2452588 [ 3 ] Bug #2452590 - CVE-2026-33938 nextcloud: Handlebars: Arbitrary code execution via @partial-block overwrite [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2452590 [ 4 ] Bug #2452593 - CVE-2026-33939 nextcloud: Handlebars.js: Denial of Service via malformed decorator syntax in template compilation [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2452593 [ 5 ] Bug #2452596 - CVE-2026-33940 nextcloud: Handlebars.js: Arbitrary code execution via crafted template context [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2452596 [ 6 ] Bug #2452597 - CVE-2026-33941 nextcloud: Handlebars: Arbitrary code execution via CLI precompiler input sanitization flaw [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2452597 [ 7 ] Bug #2452622 - CVE-2026-33937 nextcloud: Handlebars: Remote Code Execution via crafted Abstract Syntax Tree object in compile() [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2452622 [ 8 ] Bug #2452631 - CVE-2026-33938 nextcloud: Handlebars: Arbitrary code execution via @partial-block overwrite [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2452631 [ 9 ] Bug #2452635 - CVE-2026-33940 nextcloud: Handlebars.js: Arbitrary code execution via crafted template context [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2452635 [ 10 ] Bug #2452645 - CVE-2026-33941 nextcloud: Handlebars: Arbitrary code execution via CLI precompiler input sanitization flaw [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2452645 [ 11 ] Bug #2452647 - CVE-2026-33939 nextcloud: Handlebars.js: Denial of Service via malformed decorator syntax in template compilation [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2452647 [ 12 ] Bug #2453984 - CVE-2026-4800 nextcloud: lodash: Arbitrary code execution via untrusted input in template imports [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2453984 [ 13 ] Bug #2454038 - CVE-2026-4800 nextcloud: lodash: Arbitrary code execution via untrusted input in template imports [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2454038 [ 14 ] Bug #2454311 - nextcloud-33.0.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=2454311 [ 15 ] Bug #2456569 - CVE-2026-39865 nextcloud: Axios: Denial of Service viaHTTP/2 session cleanup logic state corruption [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2456569 [ 16 ] Bug #2456575 - CVE-2026-39865 nextcloud: Axios: Denial of Service via HTTP/2 session cleanup logic state corruption [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2456575 [ 17 ] Bug #2457496 - CVE-2025-62718 nextcloud: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2457496 [ 18 ] Bug #2457502 - CVE-2025-62718 nextcloud: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2457502 [ 19 ] Bug #2457809 - CVE-2026-40194 nextcloud: phpseclib: Information disclosure via timing attack in SSH HMAC comparison [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2457809 [ 20 ] Bug #2457810 - CVE-2026-40194 nextcloud: phpseclib: Information disclosure via timing attack in SSH HMAC comparison [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2457810 [ 21 ] Bug #2457869 - CVE-2026-40175 nextcloud: Axios: Remote Code Execution via Prototype Pollution escalation [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2457869 [ 22 ] Bug #2457875 - CVE-2026-40175 nextcloud: Axios: Remote Code Execution via Prototype Pollution escalation [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2457875 [ 23 ] Bug #2463440 - CVE-2026-42035 nextcloud: Axios: Arbitrary HTTP header injection via prototype pollution [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2463440 [ 24 ] Bug #2463443 - CVE-2026-42035 nextcloud: Axios: Arbitrary HTTP header injection via prototype pollution [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2463443 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program.Use su -c 'dnf upgrade --advisory FEDORA-2026-6599e30e04' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
33.0.3 Release. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-2fed8dd674 2026-05-10 03:21:58.076217+00:00 -------------------------------------------------------------------------------- Name : nextcloud Product : Fedora 42 Version : 33.0.3 Release : 1.fc42 URL : http://nextcloud.com Summary : Private file sync and share server Description : NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing right on the web. NextCloud is extendable via a simple but powerful API for applications and plugins. -------------------------------------------------------------------------------- Update Information: 33.0.3 Release -------------------------------------------------------------------------------- ChangeLog: * Sat May 2 2026 Andrew Bauer - 33.0.3-1 - 33.0.3 Release RHBZ#2454311 * Sat Apr 18 2026 Andrew Bauer - 33.0.1-2 - fix cli upgrade advice -------------------------------------------------------------------------------- References: [ 1 ] Bug #2452582 - CVE-2026-33916 nextcloud: Handlebars: Cross-Site Scripting (XSS) via prototype pollution in partial resolution [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2452582 [ 2 ] Bug #2452588 - CVE-2026-33937 nextcloud: Handlebars: Remote Code Execution via crafted Abstract Syntax Tree object in compile() [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2452588 [ 3 ] Bug #2452590 - CVE-2026-33938 nextcloud: Handlebars: Arbitrary code execution via @partial-block overwrite [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2452590 [ 4 ] Bug #2452593 - CVE-2026-33939 nextcloud: Handlebars.js: Denial of Service via malformed decorator syntax in template compilation [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2452593 [ 5 ] Bug #2452596 - CVE-2026-33940 nextcloud: Handlebars.js: Arbitrary code execution via crafted template context [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2452596 [ 6 ] Bug #2452597 - CVE-2026-33941 nextcloud: Handlebars: Arbitrary code execution via CLI precompiler input sanitization flaw [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2452597 [ 7 ] Bug #2452622 - CVE-2026-33937 nextcloud: Handlebars: Remote Code Execution via crafted Abstract Syntax Tree object in compile() [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2452622 [ 8 ] Bug #2452631 - CVE-2026-33938 nextcloud: Handlebars: Arbitrary code execution via @partial-block overwrite [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2452631 [ 9 ] Bug #2452635 - CVE-2026-33940 nextcloud: Handlebars.js: Arbitrary code execution via crafted template context [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2452635 [ 10 ] Bug #2452645 - CVE-2026-33941 nextcloud: Handlebars: Arbitrary code execution via CLI precompiler input sanitization flaw [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2452645 [ 11 ] Bug #2452647 - CVE-2026-33939 nextcloud: Handlebars.js: Denial of Service via malformed decorator syntax in template compilation [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2452647 [ 12 ] Bug #2453984 - CVE-2026-4800 nextcloud: lodash: Arbitrary code execution via untrusted input in template imports [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2453984 [ 13 ] Bug #2454038 - CVE-2026-4800 nextcloud: lodash: Arbitrary code execution via untrusted input in template imports [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2454038 [ 14 ] Bug #2454311 - nextcloud-33.0.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=2454311 [ 15 ] Bug #2456569 - CVE-2026-39865 nextcloud: Axios: Denial of Service viaHTTP/2 session cleanup logic state corruption [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2456569 [ 16 ] Bug #2456575 - CVE-2026-39865 nextcloud: Axios: Denial of Service via HTTP/2 session cleanup logic state corruption [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2456575 [ 17 ] Bug #2457496 - CVE-2025-62718 nextcloud: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2457496 [ 18 ] Bug #2457502 - CVE-2025-62718 nextcloud: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2457502 [ 19 ] Bug #2457809 - CVE-2026-40194 nextcloud: phpseclib: Information disclosure via timing attack in SSH HMAC comparison [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2457809 [ 20 ] Bug #2457810 - CVE-2026-40194 nextcloud: phpseclib: Information disclosure via timing attack in SSH HMAC comparison [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2457810 [ 21 ] Bug #2457869 - CVE-2026-40175 nextcloud: Axios: Remote Code Execution via Prototype Pollution escalation [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2457869 [ 22 ] Bug #2457875 - CVE-2026-40175 nextcloud: Axios: Remote Code Execution via Prototype Pollution escalation [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2457875 [ 23 ] Bug #2463440 - CVE-2026-42035 nextcloud: Axios: Arbitrary HTTP header injection via prototype pollution [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2463440 [ 24 ] Bug #2463443 - CVE-2026-42035 nextcloud: Axios: Arbitrary HTTP header injection via prototype pollution [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2463443 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program.Use su -c 'dnf upgrade --advisory FEDORA-2026-2fed8dd674' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
33.0.3 Release. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-cb5661d883 2026-05-10 02:48:49.647077+00:00 -------------------------------------------------------------------------------- Name : nextcloud Product : Fedora 44 Version : 33.0.3 Release : 1.fc44 URL : http://nextcloud.com Summary : Private file sync and share server Description : NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing right on the web. NextCloud is extendable via a simple but powerful API for applications and plugins. -------------------------------------------------------------------------------- Update Information: 33.0.3 Release -------------------------------------------------------------------------------- ChangeLog: * Sat May 2 2026 Andrew Bauer - 33.0.3-1 - 33.0.3 Release RHBZ#2454311 * Sat Apr 18 2026 Andrew Bauer - 33.0.1-2 - fix cli upgrade advice -------------------------------------------------------------------------------- References: [ 1 ] Bug #2452582 - CVE-2026-33916 nextcloud: Handlebars: Cross-Site Scripting (XSS) via prototype pollution in partial resolution [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2452582 [ 2 ] Bug #2452588 - CVE-2026-33937 nextcloud: Handlebars: Remote Code Execution via crafted Abstract Syntax Tree object in compile() [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2452588 [ 3 ] Bug #2452590 - CVE-2026-33938 nextcloud: Handlebars: Arbitrary code execution via @partial-block overwrite [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2452590 [ 4 ] Bug #2452593 - CVE-2026-33939 nextcloud: Handlebars.js: Denial of Service via malformed decorator syntax in template compilation [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2452593 [ 5 ] Bug #2452596 - CVE-2026-33940 nextcloud: Handlebars.js: Arbitrary code execution via crafted template context [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2452596 [ 6 ] Bug #2452597 - CVE-2026-33941 nextcloud: Handlebars: Arbitrary code execution via CLI precompiler input sanitization flaw [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2452597 [ 7 ] Bug #2452622 - CVE-2026-33937 nextcloud: Handlebars: Remote Code Execution via crafted Abstract Syntax Tree object in compile() [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2452622 [ 8 ] Bug #2452631 - CVE-2026-33938 nextcloud: Handlebars: Arbitrary code execution via @partial-block overwrite [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2452631 [ 9 ] Bug #2452635 - CVE-2026-33940 nextcloud: Handlebars.js: Arbitrary code execution via crafted template context [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2452635 [ 10 ] Bug #2452645 - CVE-2026-33941 nextcloud: Handlebars: Arbitrary code execution via CLI precompiler input sanitization flaw [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2452645 [ 11 ] Bug #2452647 - CVE-2026-33939 nextcloud: Handlebars.js: Denial of Service via malformed decorator syntax in template compilation [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2452647 [ 12 ] Bug #2453984 - CVE-2026-4800 nextcloud: lodash: Arbitrary code execution via untrusted input in template imports [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2453984 [ 13 ] Bug #2454038 - CVE-2026-4800 nextcloud: lodash: Arbitrary code execution via untrusted input in template imports [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2454038 [ 14 ] Bug #2454311 - nextcloud-33.0.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=2454311 [ 15 ] Bug #2456569 - CVE-2026-39865 nextcloud: Axios: Denial of Service viaHTTP/2 session cleanup logic state corruption [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2456569 [ 16 ] Bug #2456575 - CVE-2026-39865 nextcloud: Axios: Denial of Service via HTTP/2 session cleanup logic state corruption [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2456575 [ 17 ] Bug #2457496 - CVE-2025-62718 nextcloud: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2457496 [ 18 ] Bug #2457502 - CVE-2025-62718 nextcloud: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2457502 [ 19 ] Bug #2457809 - CVE-2026-40194 nextcloud: phpseclib: Information disclosure via timing attack in SSH HMAC comparison [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2457809 [ 20 ] Bug #2457810 - CVE-2026-40194 nextcloud: phpseclib: Information disclosure via timing attack in SSH HMAC comparison [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2457810 [ 21 ] Bug #2457869 - CVE-2026-40175 nextcloud: Axios: Remote Code Execution via Prototype Pollution escalation [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2457869 [ 22 ] Bug #2457875 - CVE-2026-40175 nextcloud: Axios: Remote Code Execution via Prototype Pollution escalation [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2457875 [ 23 ] Bug #2463440 - CVE-2026-42035 nextcloud: Axios: Arbitrary HTTP header injection via prototype pollution [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2463440 [ 24 ] Bug #2463443 - CVE-2026-42035 nextcloud: Axios: Arbitrary HTTP header injection via prototype pollution [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2463443 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program.Use su -c 'dnf upgrade --advisory FEDORA-2026-cb5661d883' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Get the latest Linux and open source security news straight to your inbox.