Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 496
Alerts This Week
Warning Icon 1 496

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 42 articles for you...
89

Fedora 44 Nextcloud Critical Denial Service Issues Advisory 2026-ee50c21f92

33.0.6 Release. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-ee50c21f92 2026-07-05 01:07:02.694223+00:00 -------------------------------------------------------------------------------- Name : nextcloud Product : Fedora 44 Version : 33.0.6 Release : 1.fc44 URL : http://nextcloud.com Summary : Private file sync and share server Description : NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing right on the web. NextCloud is extendable via a simple but powerful API for applications and plugins. -------------------------------------------------------------------------------- Update Information: 33.0.6 Release -------------------------------------------------------------------------------- ChangeLog: * Fri Jun 26 2026 Andrew Bauer - 33.0.6-1 - 33.0.6 release * Tue Jun 9 2026 Brian J. Murrell - 33.0.5-2 - Dynamically determine which .map file to update the occ upgrade command in -------------------------------------------------------------------------------- References: [ 1 ] Bug #2486357 - nextcloud-34.0.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2486357 [ 2 ] Bug #2486491 - CVE-2026-41150 nextcloud: Mermaid: Denial of Service via specially crafted gantt charts [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2486491 [ 3 ] Bug #2486496 - CVE-2026-41150 nextcloud: Mermaid: Denial of Service via specially crafted gantt charts [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2486496 [ 4 ] Bug #2487344 - .map file update is fragile https://bugzilla.redhat.com/show_bug.cgi?id=2487344 [ 5 ] Bug #2487477 - CVE-2026-8723 nextcloud: qs: Denial of Service due to improper handling of null/undefined array elements [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2487477 [ 6 ] Bug #2487498 - CVE-2026-8723 nextcloud: qs: Denial of Service due to improper handling of null/undefined array elements [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2487498 [ 7 ] Bug #2488103 - CVE-2026-44495 nextcloud: Axios: Information disclosure due to prototype pollution vulnerability [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488103 [ 8 ] Bug #2488116 - CVE-2026-44489 nextcloud: Axios: Information disclosure via Prototype Pollution [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488116 [ 9 ] Bug #2488118 - CVE-2026-44495 nextcloud: Axios: Information disclosure due to prototype pollution vulnerability [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488118 [ 10 ] Bug #2488119 - CVE-2026-44489 nextcloud: Axios: Information disclosure via Prototype Pollution [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488119 [ 11 ] Bug #2488129 - CVE-2026-44490 nextcloud: Axios: Information disclosure and denial of service due to prototype pollution [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488129 [ 12 ] Bug #2488137 - CVE-2026-44490 nextcloud: Axios: Information disclosure and denial of service due to prototype pollution [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488137 [ 13 ] Bug #2488146 - CVE-2026-44488 nextcloud: Axios: Denial of Service due to unenforced request and response size limits [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488146 [ 14 ] Bug #2488154 - CVE-2026-44488 nextcloud: Axios: Denial of Service due to unenforced request and response size limits [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488154 [ 15 ] Bug #2488159 - CVE-2026-44487 nextcloud: Axios: Information disclosure of proxy credentials via redirect flows [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488159 [ 16 ] Bug #2488171 - CVE-2026-44487nextcloud: Axios: Information disclosure of proxy credentials via redirect flows [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488171 [ 17 ] Bug #2488186 - CVE-2026-44494 nextcloud: Axios: Man-in-the-Middle (MITM) attack via Prototype Pollution [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488186 [ 18 ] Bug #2488188 - CVE-2026-44494 nextcloud: Axios: Man-in-the-Middle (MITM) attack via Prototype Pollution [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488188 [ 19 ] Bug #2488192 - CVE-2026-44486 nextcloud: Axios: Information disclosure of proxy credentials via HTTP redirects [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488192 [ 20 ] Bug #2488196 - CVE-2026-44486 nextcloud: Axios: Information disclosure of proxy credentials via HTTP redirects [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488196 [ 21 ] Bug #2488202 - CVE-2026-44496 nextcloud: Axios: Client-side Denial of Service via unescaped regex metacharacters in XSRF cookie name [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488202 [ 22 ] Bug #2488207 - CVE-2026-44496 nextcloud: Axios: Client-side Denial of Service via unescaped regex metacharacters in XSRF cookie name [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488207 [ 23 ] Bug #2488219 - CVE-2026-44492 nextcloud: Axios: Proxy bypass via IPv4-mapped IPv6 address non-normalization [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488219 [ 24 ] Bug #2488224 - CVE-2026-44492 nextcloud: Axios: Proxy bypass via IPv4-mapped IPv6 address non-normalization [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488224 [ 25 ] Bug #2488275 - CVE-2026-48998 nextcloud: guzzlehttp/psr7: Information disclosure via improper Host header validation [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488275 [ 26 ] Bug #2488278 - CVE-2026-48998 nextcloud: guzzlehttp/psr7: Information disclosure via improper Host headervalidation [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488278 [ 27 ] Bug #2489107 - CVE-2026-49214 nextcloud: `guzzlehttp/psr7`: Request Smuggling and Cache Poisoning via HTTP Header Injection [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2489107 [ 28 ] Bug #2489108 - CVE-2026-49214 nextcloud: `guzzlehttp/psr7`: Request Smuggling and Cache Poisoning via HTTP Header Injection [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2489108 [ 29 ] Bug #2489147 - CVE-2026-41148 nextcloud: Mermaid: CSS injection vulnerability allows page defacement and information disclosure [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2489147 [ 30 ] Bug #2489154 - CVE-2026-41148 nextcloud: Mermaid: CSS injection vulnerability allows page defacement and information disclosure [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2489154 [ 31 ] Bug #2489164 - CVE-2026-54133 nextcloud: jmespath.php has CompilerRuntime code injection via unescaped function names [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2489164 [ 32 ] Bug #2489165 - CVE-2026-54133 nextcloud: jmespath.php has CompilerRuntime code injection via unescaped function names [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2489165 [ 33 ] Bug #2489259 - CVE-2026-41149 nextcloud: Mermaid: HTML injection via classDef directive in state diagrams [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2489259 [ 34 ] Bug #2489262 - CVE-2026-41149 nextcloud: Mermaid: HTML injection via classDef directive in state diagrams [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2489262 [ 35 ] Bug #2491652 - CVE-2026-42040 nextcloud: Axios: Incorrect null byte handling can lead to data integrity issues [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2491652 [ 36 ] Bug #2491660 - CVE-2026-42040 nextcloud: Axios: Incorrect null byte handling can lead to data integrity issues [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2491660 [ 37 ] Bug #2491781 - CVE-2026-55766 nextcloud: guzzlehttp/psr7: Information disclosure due to improper handling of CR/LF characters in HTTP start-line fields [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2491781 [ 38 ] Bug #2491785 - CVE-2026-55766 nextcloud: guzzlehttp/psr7: Information disclosure due to improper handling of CR/LF characters in HTTP start-line fields [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2491785 [ 39 ] Bug #2491789 - CVE-2026-55568 nextcloud: Guzzle: Information disclosure via cleartext proxy communication [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2491789 [ 40 ] Bug #2491790 - CVE-2026-55767 nextcloud: Guzzle: Cookie injection and session fixation due to improper domain validation [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2491790 [ 41 ] Bug #2491791 - CVE-2026-55568 nextcloud: Guzzle: Information disclosure via cleartext proxy communication [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2491791 [ 42 ] Bug #2491792 - CVE-2026-55767 nextcloud: Guzzle: Cookie injection and session fixation due to improper domain validation [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2491792 [ 43 ] Bug #2492891 - CVE-2026-42264 nextcloud: Axios: Prototype pollution allows information disclosure and request manipulation [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2492891 [ 44 ] Bug #2492905 - CVE-2026-42264 nextcloud: Axios: Prototype pollution allows information disclosure and request manipulation [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2492905 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-ee50c21f92' at the command line. For more information, refer to the dnf documentation availableat http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Nextcloud 33.0.6 on Fedora 44 addresses critical Denial of Service vulnerabilities requiring immediate attention for users.. Nextcloud Denial Service Fedora Security Update. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Jul 04, 2026 Critical Fedora
89

Fedora 43 Nextcloud Important Denial of Service Issues Fix 2026-5afe6630dc

33.0.6 Release. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-5afe6630dc 2026-07-05 00:49:16.510808+00:00 -------------------------------------------------------------------------------- Name : nextcloud Product : Fedora 43 Version : 33.0.6 Release : 1.fc43 URL : http://nextcloud.com Summary : Private file sync and share server Description : NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing right on the web. NextCloud is extendable via a simple but powerful API for applications and plugins. -------------------------------------------------------------------------------- Update Information: 33.0.6 Release -------------------------------------------------------------------------------- ChangeLog: * Fri Jun 26 2026 Andrew Bauer - 33.0.6-1 - 33.0.6 release * Tue Jun 9 2026 Brian J. Murrell - 33.0.5-2 - Dynamically determine which .map file to update the occ upgrade command in -------------------------------------------------------------------------------- References: [ 1 ] Bug #2486357 - nextcloud-34.0.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2486357 [ 2 ] Bug #2486491 - CVE-2026-41150 nextcloud: Mermaid: Denial of Service via specially crafted gantt charts [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2486491 [ 3 ] Bug #2486496 - CVE-2026-41150 nextcloud: Mermaid: Denial of Service via specially crafted gantt charts [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2486496 [ 4 ] Bug #2487344 - .map file update is fragile https://bugzilla.redhat.com/show_bug.cgi?id=2487344 [ 5 ] Bug #2487477 - CVE-2026-8723 nextcloud: qs: Denial of Service due to improper handling of null/undefined array elements [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2487477 [ 6 ] Bug #2487498 - CVE-2026-8723 nextcloud: qs: Denial of Service due to improper handling of null/undefined array elements [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2487498 [ 7 ] Bug #2488103 - CVE-2026-44495 nextcloud: Axios: Information disclosure due to prototype pollution vulnerability [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488103 [ 8 ] Bug #2488116 - CVE-2026-44489 nextcloud: Axios: Information disclosure via Prototype Pollution [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488116 [ 9 ] Bug #2488118 - CVE-2026-44495 nextcloud: Axios: Information disclosure due to prototype pollution vulnerability [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488118 [ 10 ] Bug #2488119 - CVE-2026-44489 nextcloud: Axios: Information disclosure via Prototype Pollution [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488119 [ 11 ] Bug #2488129 - CVE-2026-44490 nextcloud: Axios: Information disclosure and denial of service due to prototype pollution [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488129 [ 12 ] Bug #2488137 - CVE-2026-44490 nextcloud: Axios: Information disclosure and denial of service due to prototype pollution [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488137 [ 13 ] Bug #2488146 - CVE-2026-44488 nextcloud: Axios: Denial of Service due to unenforced request and response size limits [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488146 [ 14 ] Bug #2488154 - CVE-2026-44488 nextcloud: Axios: Denial of Service due to unenforced request and response size limits [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488154 [ 15 ] Bug #2488159 - CVE-2026-44487 nextcloud: Axios: Information disclosure of proxy credentials via redirect flows [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488159 [ 16 ] Bug #2488171 - CVE-2026-44487nextcloud: Axios: Information disclosure of proxy credentials via redirect flows [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488171 [ 17 ] Bug #2488186 - CVE-2026-44494 nextcloud: Axios: Man-in-the-Middle (MITM) attack via Prototype Pollution [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488186 [ 18 ] Bug #2488188 - CVE-2026-44494 nextcloud: Axios: Man-in-the-Middle (MITM) attack via Prototype Pollution [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488188 [ 19 ] Bug #2488192 - CVE-2026-44486 nextcloud: Axios: Information disclosure of proxy credentials via HTTP redirects [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488192 [ 20 ] Bug #2488196 - CVE-2026-44486 nextcloud: Axios: Information disclosure of proxy credentials via HTTP redirects [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488196 [ 21 ] Bug #2488202 - CVE-2026-44496 nextcloud: Axios: Client-side Denial of Service via unescaped regex metacharacters in XSRF cookie name [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488202 [ 22 ] Bug #2488207 - CVE-2026-44496 nextcloud: Axios: Client-side Denial of Service via unescaped regex metacharacters in XSRF cookie name [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488207 [ 23 ] Bug #2488219 - CVE-2026-44492 nextcloud: Axios: Proxy bypass via IPv4-mapped IPv6 address non-normalization [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488219 [ 24 ] Bug #2488224 - CVE-2026-44492 nextcloud: Axios: Proxy bypass via IPv4-mapped IPv6 address non-normalization [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488224 [ 25 ] Bug #2488275 - CVE-2026-48998 nextcloud: guzzlehttp/psr7: Information disclosure via improper Host header validation [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488275 [ 26 ] Bug #2488278 - CVE-2026-48998 nextcloud: guzzlehttp/psr7: Information disclosure via improper Host headervalidation [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488278 [ 27 ] Bug #2489107 - CVE-2026-49214 nextcloud: `guzzlehttp/psr7`: Request Smuggling and Cache Poisoning via HTTP Header Injection [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2489107 [ 28 ] Bug #2489108 - CVE-2026-49214 nextcloud: `guzzlehttp/psr7`: Request Smuggling and Cache Poisoning via HTTP Header Injection [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2489108 [ 29 ] Bug #2489147 - CVE-2026-41148 nextcloud: Mermaid: CSS injection vulnerability allows page defacement and information disclosure [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2489147 [ 30 ] Bug #2489154 - CVE-2026-41148 nextcloud: Mermaid: CSS injection vulnerability allows page defacement and information disclosure [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2489154 [ 31 ] Bug #2489164 - CVE-2026-54133 nextcloud: jmespath.php has CompilerRuntime code injection via unescaped function names [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2489164 [ 32 ] Bug #2489165 - CVE-2026-54133 nextcloud: jmespath.php has CompilerRuntime code injection via unescaped function names [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2489165 [ 33 ] Bug #2489259 - CVE-2026-41149 nextcloud: Mermaid: HTML injection via classDef directive in state diagrams [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2489259 [ 34 ] Bug #2489262 - CVE-2026-41149 nextcloud: Mermaid: HTML injection via classDef directive in state diagrams [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2489262 [ 35 ] Bug #2491652 - CVE-2026-42040 nextcloud: Axios: Incorrect null byte handling can lead to data integrity issues [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2491652 [ 36 ] Bug #2491660 - CVE-2026-42040 nextcloud: Axios: Incorrect null byte handling can lead to data integrity issues [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2491660 [ 37 ] Bug #2491781 - CVE-2026-55766 nextcloud: guzzlehttp/psr7: Information disclosure due to improper handling of CR/LF characters in HTTP start-line fields [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2491781 [ 38 ] Bug #2491785 - CVE-2026-55766 nextcloud: guzzlehttp/psr7: Information disclosure due to improper handling of CR/LF characters in HTTP start-line fields [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2491785 [ 39 ] Bug #2491789 - CVE-2026-55568 nextcloud: Guzzle: Information disclosure via cleartext proxy communication [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2491789 [ 40 ] Bug #2491790 - CVE-2026-55767 nextcloud: Guzzle: Cookie injection and session fixation due to improper domain validation [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2491790 [ 41 ] Bug #2491791 - CVE-2026-55568 nextcloud: Guzzle: Information disclosure via cleartext proxy communication [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2491791 [ 42 ] Bug #2491792 - CVE-2026-55767 nextcloud: Guzzle: Cookie injection and session fixation due to improper domain validation [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2491792 [ 43 ] Bug #2492891 - CVE-2026-42264 nextcloud: Axios: Prototype pollution allows information disclosure and request manipulation [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2492891 [ 44 ] Bug #2492905 - CVE-2026-42264 nextcloud: Axios: Prototype pollution allows information disclosure and request manipulation [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2492905 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-5afe6630dc' at the command line. For more information, refer to the dnf documentation availableat http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . NextCloud update for Fedora 43 addressing critical security concerns, including denial of service and information disclosure.. nextcloud update, Fedora security, denial of service, information disclosure, Fedora 43. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jul 04, 2026 Important Fedora
89

Fedora 44 NextCloud Update Denial of Service JSON Tampering 2026-30881a5be7

33.0.4 Release. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-30881a5be7 2026-06-05 04:25:00.359051+00:00 -------------------------------------------------------------------------------- Name : nextcloud Product : Fedora 44 Version : 33.0.4 Release : 1.fc44 URL : http://nextcloud.com Summary : Private file sync and share server Description : NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing right on the web. NextCloud is extendable via a simple but powerful API for applications and plugins. -------------------------------------------------------------------------------- Update Information: 33.0.4 Release -------------------------------------------------------------------------------- ChangeLog: * Thu May 28 2026 Andrew Bauer - 33.0.4-1 - 33.0.4 Release RHBZ#2482794 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2467998 - CVE-2026-42044 nextcloud: Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2467998 [ 2 ] Bug #2468008 - CVE-2026-42044 nextcloud: Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2468008 [ 3 ] Bug #2476733 - CVE-2026-44167 nextcloud: phpseclib: Denial of Service via untrusted ASN.1 file loading [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2476733 [ 4 ] Bug #2476734 - CVE-2026-44167 nextcloud: phpseclib: Denial of Service via untrusted ASN.1 file loading [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2476734 [ 5 ] Bug #2482794 - nextcloud-33.0.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=2482794 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-30881a5be7' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . NextCloud update for Fedora 44 addresses critical denials of service and security tampering issues in version 33.0.4.. nextcloud update Fedora 44 json tampering denial of service. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jun 05, 2026 Important Fedora
89

Fedora 43 nextcloud 33.0.4 Critical JSON Tampering DoS CVE-2026-42044

33.0.4 Release. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-e187104307 2026-06-05 04:07:33.980039+00:00 -------------------------------------------------------------------------------- Name : nextcloud Product : Fedora 43 Version : 33.0.4 Release : 1.fc43 URL : http://nextcloud.com Summary : Private file sync and share server Description : NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing right on the web. NextCloud is extendable via a simple but powerful API for applications and plugins. -------------------------------------------------------------------------------- Update Information: 33.0.4 Release -------------------------------------------------------------------------------- ChangeLog: * Thu May 28 2026 Andrew Bauer - 33.0.4-1 - 33.0.4 Release RHBZ#2482794 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2467998 - CVE-2026-42044 nextcloud: Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2467998 [ 2 ] Bug #2468008 - CVE-2026-42044 nextcloud: Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2468008 [ 3 ] Bug #2476733 - CVE-2026-44167 nextcloud: phpseclib: Denial of Service via untrusted ASN.1 file loading [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2476733 [ 4 ] Bug #2476734 - CVE-2026-44167 nextcloud: phpseclib: Denial of Service via untrusted ASN.1 file loading [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2476734 [ 5 ] Bug #2482794 - nextcloud-33.0.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=2482794 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-e187104307' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Nextcloud 33.0.4 Release brings critical fixes for Denial of Service and JSON tampering vulnerabilities.. nextcloud security nextcloud update Fedora advisory Denial of Service. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Jun 05, 2026 Critical Fedora
89

Fedora Nextcloud 33.0.4 JSON Tampering DoS Advisory 2026-e187104307

33.0.4 Release. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-e187104307 2026-06-05 04:07:33.980039+00:00 -------------------------------------------------------------------------------- Name : nextcloud Product : Fedora 43 Version : 33.0.4 Release : 1.fc43 URL : http://nextcloud.com Summary : Private file sync and share server Description : NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing right on the web. NextCloud is extendable via a simple but powerful API for applications and plugins. -------------------------------------------------------------------------------- Update Information: 33.0.4 Release -------------------------------------------------------------------------------- ChangeLog: * Thu May 28 2026 Andrew Bauer - 33.0.4-1 - 33.0.4 Release RHBZ#2482794 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2467998 - CVE-2026-42044 nextcloud: Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2467998 [ 2 ] Bug #2468008 - CVE-2026-42044 nextcloud: Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2468008 [ 3 ] Bug #2476733 - CVE-2026-44167 nextcloud: phpseclib: Denial of Service via untrusted ASN.1 file loading [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2476733 [ 4 ] Bug #2476734 - CVE-2026-44167 nextcloud: phpseclib: Denial of Service via untrusted ASN.1 file loading [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2476734 [ 5 ] Bug #2482794 - nextcloud-33.0.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=2482794 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-e187104307' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Safeguard your Fedora environment with the latest Nextcloud updates addressing critical JSON tampering and DoS threats.. Nextcloud Fedora update, Denial of Service threats, JSON response tampering. . Severity: Informational. LinuxSecurity.com Team

Calendar%202 Jun 05, 2026 Informational Fedora
89

Fedora 43 Nextcloud 33.0.3 Security Advisory 2026-6599e30e04 Critical RCE

33.0.3 Release. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-6599e30e04 2026-05-11 01:00:46.370221+00:00 -------------------------------------------------------------------------------- Name : nextcloud Product : Fedora 43 Version : 33.0.3 Release : 1.fc43 URL : http://nextcloud.com Summary : Private file sync and share server Description : NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing right on the web. NextCloud is extendable via a simple but powerful API for applications and plugins. -------------------------------------------------------------------------------- Update Information: 33.0.3 Release -------------------------------------------------------------------------------- ChangeLog: * Sat May 2 2026 Andrew Bauer - 33.0.3-1 - 33.0.3 Release RHBZ#2454311 * Sat Apr 18 2026 Andrew Bauer - 33.0.1-2 - fix cli upgrade advice -------------------------------------------------------------------------------- References: [ 1 ] Bug #2452582 - CVE-2026-33916 nextcloud: Handlebars: Cross-Site Scripting (XSS) via prototype pollution in partial resolution [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2452582 [ 2 ] Bug #2452588 - CVE-2026-33937 nextcloud: Handlebars: Remote Code Execution via crafted Abstract Syntax Tree object in compile() [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2452588 [ 3 ] Bug #2452590 - CVE-2026-33938 nextcloud: Handlebars: Arbitrary code execution via @partial-block overwrite [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2452590 [ 4 ] Bug #2452593 - CVE-2026-33939 nextcloud: Handlebars.js: Denial of Service via malformed decorator syntax in template compilation [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2452593 [ 5 ] Bug #2452596 - CVE-2026-33940 nextcloud: Handlebars.js: Arbitrary code execution via crafted template context [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2452596 [ 6 ] Bug #2452597 - CVE-2026-33941 nextcloud: Handlebars: Arbitrary code execution via CLI precompiler input sanitization flaw [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2452597 [ 7 ] Bug #2452622 - CVE-2026-33937 nextcloud: Handlebars: Remote Code Execution via crafted Abstract Syntax Tree object in compile() [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2452622 [ 8 ] Bug #2452631 - CVE-2026-33938 nextcloud: Handlebars: Arbitrary code execution via @partial-block overwrite [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2452631 [ 9 ] Bug #2452635 - CVE-2026-33940 nextcloud: Handlebars.js: Arbitrary code execution via crafted template context [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2452635 [ 10 ] Bug #2452645 - CVE-2026-33941 nextcloud: Handlebars: Arbitrary code execution via CLI precompiler input sanitization flaw [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2452645 [ 11 ] Bug #2452647 - CVE-2026-33939 nextcloud: Handlebars.js: Denial of Service via malformed decorator syntax in template compilation [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2452647 [ 12 ] Bug #2453984 - CVE-2026-4800 nextcloud: lodash: Arbitrary code execution via untrusted input in template imports [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2453984 [ 13 ] Bug #2454038 - CVE-2026-4800 nextcloud: lodash: Arbitrary code execution via untrusted input in template imports [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2454038 [ 14 ] Bug #2454311 - nextcloud-33.0.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=2454311 [ 15 ] Bug #2456569 - CVE-2026-39865 nextcloud: Axios: Denial of Service viaHTTP/2 session cleanup logic state corruption [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2456569 [ 16 ] Bug #2456575 - CVE-2026-39865 nextcloud: Axios: Denial of Service via HTTP/2 session cleanup logic state corruption [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2456575 [ 17 ] Bug #2457496 - CVE-2025-62718 nextcloud: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2457496 [ 18 ] Bug #2457502 - CVE-2025-62718 nextcloud: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2457502 [ 19 ] Bug #2457809 - CVE-2026-40194 nextcloud: phpseclib: Information disclosure via timing attack in SSH HMAC comparison [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2457809 [ 20 ] Bug #2457810 - CVE-2026-40194 nextcloud: phpseclib: Information disclosure via timing attack in SSH HMAC comparison [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2457810 [ 21 ] Bug #2457869 - CVE-2026-40175 nextcloud: Axios: Remote Code Execution via Prototype Pollution escalation [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2457869 [ 22 ] Bug #2457875 - CVE-2026-40175 nextcloud: Axios: Remote Code Execution via Prototype Pollution escalation [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2457875 [ 23 ] Bug #2463440 - CVE-2026-42035 nextcloud: Axios: Arbitrary HTTP header injection via prototype pollution [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2463440 [ 24 ] Bug #2463443 - CVE-2026-42035 nextcloud: Axios: Arbitrary HTTP header injection via prototype pollution [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2463443 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program.Use su -c 'dnf upgrade --advisory FEDORA-2026-6599e30e04' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Nextcloud 33.0.3 in Fedora 43 addresses critical security threats including remote code execution vulnerabilities.. Nextcloud Remote Code Execution Fedora Denial of Service XSS. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 May 11, 2026 Critical Fedora
89

Fedora 42 nextcloud 33.0.3 Important Remote Code Exec Vuln 2026-2fed8dd674

33.0.3 Release. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-2fed8dd674 2026-05-10 03:21:58.076217+00:00 -------------------------------------------------------------------------------- Name : nextcloud Product : Fedora 42 Version : 33.0.3 Release : 1.fc42 URL : http://nextcloud.com Summary : Private file sync and share server Description : NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing right on the web. NextCloud is extendable via a simple but powerful API for applications and plugins. -------------------------------------------------------------------------------- Update Information: 33.0.3 Release -------------------------------------------------------------------------------- ChangeLog: * Sat May 2 2026 Andrew Bauer - 33.0.3-1 - 33.0.3 Release RHBZ#2454311 * Sat Apr 18 2026 Andrew Bauer - 33.0.1-2 - fix cli upgrade advice -------------------------------------------------------------------------------- References: [ 1 ] Bug #2452582 - CVE-2026-33916 nextcloud: Handlebars: Cross-Site Scripting (XSS) via prototype pollution in partial resolution [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2452582 [ 2 ] Bug #2452588 - CVE-2026-33937 nextcloud: Handlebars: Remote Code Execution via crafted Abstract Syntax Tree object in compile() [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2452588 [ 3 ] Bug #2452590 - CVE-2026-33938 nextcloud: Handlebars: Arbitrary code execution via @partial-block overwrite [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2452590 [ 4 ] Bug #2452593 - CVE-2026-33939 nextcloud: Handlebars.js: Denial of Service via malformed decorator syntax in template compilation [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2452593 [ 5 ] Bug #2452596 - CVE-2026-33940 nextcloud: Handlebars.js: Arbitrary code execution via crafted template context [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2452596 [ 6 ] Bug #2452597 - CVE-2026-33941 nextcloud: Handlebars: Arbitrary code execution via CLI precompiler input sanitization flaw [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2452597 [ 7 ] Bug #2452622 - CVE-2026-33937 nextcloud: Handlebars: Remote Code Execution via crafted Abstract Syntax Tree object in compile() [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2452622 [ 8 ] Bug #2452631 - CVE-2026-33938 nextcloud: Handlebars: Arbitrary code execution via @partial-block overwrite [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2452631 [ 9 ] Bug #2452635 - CVE-2026-33940 nextcloud: Handlebars.js: Arbitrary code execution via crafted template context [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2452635 [ 10 ] Bug #2452645 - CVE-2026-33941 nextcloud: Handlebars: Arbitrary code execution via CLI precompiler input sanitization flaw [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2452645 [ 11 ] Bug #2452647 - CVE-2026-33939 nextcloud: Handlebars.js: Denial of Service via malformed decorator syntax in template compilation [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2452647 [ 12 ] Bug #2453984 - CVE-2026-4800 nextcloud: lodash: Arbitrary code execution via untrusted input in template imports [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2453984 [ 13 ] Bug #2454038 - CVE-2026-4800 nextcloud: lodash: Arbitrary code execution via untrusted input in template imports [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2454038 [ 14 ] Bug #2454311 - nextcloud-33.0.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=2454311 [ 15 ] Bug #2456569 - CVE-2026-39865 nextcloud: Axios: Denial of Service viaHTTP/2 session cleanup logic state corruption [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2456569 [ 16 ] Bug #2456575 - CVE-2026-39865 nextcloud: Axios: Denial of Service via HTTP/2 session cleanup logic state corruption [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2456575 [ 17 ] Bug #2457496 - CVE-2025-62718 nextcloud: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2457496 [ 18 ] Bug #2457502 - CVE-2025-62718 nextcloud: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2457502 [ 19 ] Bug #2457809 - CVE-2026-40194 nextcloud: phpseclib: Information disclosure via timing attack in SSH HMAC comparison [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2457809 [ 20 ] Bug #2457810 - CVE-2026-40194 nextcloud: phpseclib: Information disclosure via timing attack in SSH HMAC comparison [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2457810 [ 21 ] Bug #2457869 - CVE-2026-40175 nextcloud: Axios: Remote Code Execution via Prototype Pollution escalation [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2457869 [ 22 ] Bug #2457875 - CVE-2026-40175 nextcloud: Axios: Remote Code Execution via Prototype Pollution escalation [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2457875 [ 23 ] Bug #2463440 - CVE-2026-42035 nextcloud: Axios: Arbitrary HTTP header injection via prototype pollution [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2463440 [ 24 ] Bug #2463443 - CVE-2026-42035 nextcloud: Axios: Arbitrary HTTP header injection via prototype pollution [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2463443 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program.Use su -c 'dnf upgrade --advisory FEDORA-2026-2fed8dd674' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Update for Fedora 42 Nextcloud 33.0.3 addresses critical security risks including remote code execution.. Fedora Nextcloud Security Update, Remote Code Execution, Software Update Advisory. . Severity: Important. LinuxSecurity.com Team

Calendar%202 May 10, 2026 Important Fedora
89

Fedora 44 Nextcloud 33.0.3 Critical RCE DoS Advisory 2026-cb5661d883

33.0.3 Release. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-cb5661d883 2026-05-10 02:48:49.647077+00:00 -------------------------------------------------------------------------------- Name : nextcloud Product : Fedora 44 Version : 33.0.3 Release : 1.fc44 URL : http://nextcloud.com Summary : Private file sync and share server Description : NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing right on the web. NextCloud is extendable via a simple but powerful API for applications and plugins. -------------------------------------------------------------------------------- Update Information: 33.0.3 Release -------------------------------------------------------------------------------- ChangeLog: * Sat May 2 2026 Andrew Bauer - 33.0.3-1 - 33.0.3 Release RHBZ#2454311 * Sat Apr 18 2026 Andrew Bauer - 33.0.1-2 - fix cli upgrade advice -------------------------------------------------------------------------------- References: [ 1 ] Bug #2452582 - CVE-2026-33916 nextcloud: Handlebars: Cross-Site Scripting (XSS) via prototype pollution in partial resolution [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2452582 [ 2 ] Bug #2452588 - CVE-2026-33937 nextcloud: Handlebars: Remote Code Execution via crafted Abstract Syntax Tree object in compile() [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2452588 [ 3 ] Bug #2452590 - CVE-2026-33938 nextcloud: Handlebars: Arbitrary code execution via @partial-block overwrite [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2452590 [ 4 ] Bug #2452593 - CVE-2026-33939 nextcloud: Handlebars.js: Denial of Service via malformed decorator syntax in template compilation [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2452593 [ 5 ] Bug #2452596 - CVE-2026-33940 nextcloud: Handlebars.js: Arbitrary code execution via crafted template context [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2452596 [ 6 ] Bug #2452597 - CVE-2026-33941 nextcloud: Handlebars: Arbitrary code execution via CLI precompiler input sanitization flaw [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2452597 [ 7 ] Bug #2452622 - CVE-2026-33937 nextcloud: Handlebars: Remote Code Execution via crafted Abstract Syntax Tree object in compile() [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2452622 [ 8 ] Bug #2452631 - CVE-2026-33938 nextcloud: Handlebars: Arbitrary code execution via @partial-block overwrite [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2452631 [ 9 ] Bug #2452635 - CVE-2026-33940 nextcloud: Handlebars.js: Arbitrary code execution via crafted template context [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2452635 [ 10 ] Bug #2452645 - CVE-2026-33941 nextcloud: Handlebars: Arbitrary code execution via CLI precompiler input sanitization flaw [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2452645 [ 11 ] Bug #2452647 - CVE-2026-33939 nextcloud: Handlebars.js: Denial of Service via malformed decorator syntax in template compilation [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2452647 [ 12 ] Bug #2453984 - CVE-2026-4800 nextcloud: lodash: Arbitrary code execution via untrusted input in template imports [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2453984 [ 13 ] Bug #2454038 - CVE-2026-4800 nextcloud: lodash: Arbitrary code execution via untrusted input in template imports [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2454038 [ 14 ] Bug #2454311 - nextcloud-33.0.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=2454311 [ 15 ] Bug #2456569 - CVE-2026-39865 nextcloud: Axios: Denial of Service viaHTTP/2 session cleanup logic state corruption [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2456569 [ 16 ] Bug #2456575 - CVE-2026-39865 nextcloud: Axios: Denial of Service via HTTP/2 session cleanup logic state corruption [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2456575 [ 17 ] Bug #2457496 - CVE-2025-62718 nextcloud: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2457496 [ 18 ] Bug #2457502 - CVE-2025-62718 nextcloud: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2457502 [ 19 ] Bug #2457809 - CVE-2026-40194 nextcloud: phpseclib: Information disclosure via timing attack in SSH HMAC comparison [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2457809 [ 20 ] Bug #2457810 - CVE-2026-40194 nextcloud: phpseclib: Information disclosure via timing attack in SSH HMAC comparison [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2457810 [ 21 ] Bug #2457869 - CVE-2026-40175 nextcloud: Axios: Remote Code Execution via Prototype Pollution escalation [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2457869 [ 22 ] Bug #2457875 - CVE-2026-40175 nextcloud: Axios: Remote Code Execution via Prototype Pollution escalation [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2457875 [ 23 ] Bug #2463440 - CVE-2026-42035 nextcloud: Axios: Arbitrary HTTP header injection via prototype pollution [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2463440 [ 24 ] Bug #2463443 - CVE-2026-42035 nextcloud: Axios: Arbitrary HTTP header injection via prototype pollution [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2463443 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program.Use su -c 'dnf upgrade --advisory FEDORA-2026-cb5661d883' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Nextcloud 33.0.3 brings critical security fixes addressing remote code execution and denial of service vulnerabilities.. nextcloud security, fedora update, security advisory, code execution, denial of service. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 May 10, 2026 Critical Fedora
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200