Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 518
Alerts This Week
Warning Icon 1 518

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 92 articles for you...
89

Fedora 43 Caddy Important Security Update 22 CVEs Advisory 2026-3dc324bd9a

Security update resolving 22 CVEs across both caddy itself and its vendored libraries.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-3dc324bd9a 2026-07-02 01:07:29.332017+00:00 -------------------------------------------------------------------------------- Name : caddy Product : Fedora 43 Version : 2.10.2 Release : 9.fc43 URL : https://caddyserver.com Summary : Web server with automatic HTTPS Description : Caddy is an extensible server platform that uses TLS by default. -------------------------------------------------------------------------------- Update Information: Security update resolving 22 CVEs across both caddy itself and its vendored libraries. -------------------------------------------------------------------------------- ChangeLog: * Tue Jun 23 2026 Carl George - 2.10.2-9 - Port to new golang packaging guidelines - Backport upstream fix for CVE-2026-27585 - Backport upstream fix for CVE-2026-27586 - Backport upstream fix for CVE-2026-27587 - Backport upstream fix for CVE-2026-27588 - Backport upstream fix for CVE-2026-27589 - Backport upstream fix for CVE-2026-27590 - Backport upstream fix for CVE-2026-30851 - Backport upstream fix for CVE-2026-30852 - Update vendored github.com/quic-go/quic-go to v0.57.0 for CVE-2025-64702 - Update vendored golang.org/x/crypto to v0.52.0 for CVE-2025-47913, CVE-2026-39828, CVE-2026-39829, and CVE-2026-39830 - Update vendored github.com/smallstep/certificates to v0.30.0 for CVE-2025-44005 and CVE-2026-40097 - Update vendored github.com/go-chi/chi/v5 to v5.2.5 for CVE-2025-69725 - Update vendored github.com/yuin/goldmark/renderer/html to v1.7.17 for CVE-2026-5160 * Mon Feb 2 2026 Maxwell G - 2.10.2-5 - Rebuild for https://fedoraproject.org/wiki/Changes/golang1.26 * Fri Jan 16 2026 Fedora Release Engineering - 2.10.2-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild * Fri Jan 16 2026 Fedora Release Engineering - 2.10.2-3 -Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild * Fri Oct 10 2025 Alejandro Sáez - 2.10.2-2 - rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2488094 - CVE-2026-30851 caddy: Caddy: Privilege escalation via identity injection due to unstripped client headers [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488094 [ 2 ] Bug #2488095 - CVE-2026-30852 caddy: Caddy: Information disclosure via double-expansion of user-controlled input [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488095 [ 3 ] Bug #2488141 - CVE-2026-40097 caddy: Step CA: Denial of Service via crafted attestation key certificate [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488141 [ 4 ] Bug #2488502 - CVE-2026-27585 caddy: Caddy: Path security bypass due to unsanitized backslashes [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488502 [ 5 ] Bug #2488503 - CVE-2026-27586 caddy: Caddy: Authentication bypass via mTLS client certificate validation failure [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488503 [ 6 ] Bug #2488514 - CVE-2026-27587 caddy: Caddy: Access control bypass due to improper handling of percent-escape sequences in HTTP path matcher [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488514 [ 7 ] Bug #2488516 - CVE-2026-27588 caddy: Caddy: Access control bypass due to case-sensitive host matching [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488516 [ 8 ] Bug #2488517 - CVE-2026-27589 caddy: Caddy: Unauthorized configuration modification via cross-origin requests to the admin API [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488517 [ 9 ] Bug #2488518 - CVE-2026-27590 caddy: Caddy: Remote Code Execution via FastCGI path confusion [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488518 [ 10 ] Bug #2488572 - CVE-2025-47910 caddy: CrossOriginProtection bypass in net/http[fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2488572 [ 11 ] Bug #2488575 - CVE-2025-58185 caddy: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2488575 [ 12 ] Bug #2488578 - CVE-2025-58188 caddy: Panic when validating certificates with DSA public keys in crypto/x509 [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2488578 [ 13 ] Bug #2488580 - CVE-2025-58189 caddy: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2488580 [ 14 ] Bug #2488582 - CVE-2025-61723 caddy: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2488582 [ 15 ] Bug #2488661 - CVE-2025-64702 caddy: quic-go HTTP/3 QPACK Header Expansion DoS [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488661 [ 16 ] Bug #2488663 - CVE-2025-47913 caddy: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488663 [ 17 ] Bug #2488665 - CVE-2025-44005 caddy: github.com/smallstep/certificates: Authorization bypass allows unauthorized certificate creation [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488665 [ 18 ] Bug #2488666 - CVE-2025-69725 caddy: Go-chi/chi: Open Redirect vulnerability allows redirection to malicious websites [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488666 [ 19 ] Bug #2488667 - CVE-2026-5160 caddy: github.com/yuin/goldmark/renderer/html: Cross-site Scripting due to improper URL validation [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2488667 [ 20 ] Bug #2489962 - CVE-2026-39828 caddy: golang.org/x/crypto/ssh: Unauthorized command execution via discarded SSH permissions [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2489962 [ 21 ] Bug #2490067 -CVE-2026-39829 caddy: golang.org/x/crypto/ssh: Denial of Service via crafted public key with excessive parameters [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2490067 [ 22 ] Bug #2490486 - CVE-2026-39830 caddy: golang.org/x/crypto/ssh: Denial of Service via resource leak from unsolicited SSH responses [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2490486 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-3dc324bd9a' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . Fedora 43 security advisory updating Caddy addressing 22 CVEs with critical risks including DoS and information leaks.. Fedora 43, security advisory, Caddy update, CVE patching, web server security. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Jul 01, 2026 Critical Fedora
89

Fedora 44 Nginx Update 1.30.3 Important CVE Fixes FEDORA-2026-b8e751787c

nginx-mod-brotli: Rebuild for 1.30.3 nginx-mod-fancyindex: Rebuild for 1.30.3 nginx-mod-vts:. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-b8e751787c 2026-06-27 01:10:00.374795+00:00 -------------------------------------------------------------------------------- Name : nginx Product : Fedora 44 Version : 1.30.3 Release : 1.fc44 URL : https://nginx.org Summary : A high performance web server and reverse proxy server Description : Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage. -------------------------------------------------------------------------------- Update Information: nginx-mod-brotli: Rebuild for 1.30.3 nginx-mod-fancyindex: Rebuild for 1.30.3 nginx-mod-vts: Rebuild for 1.30.3 nginx-mod-modsecurity: Rebuild for 1.30.3 nginx-mod-headers-more: Rebuild for 1.30.3 nginx-mod-naxsi: Rebuild for 1.30.3 nginx-mod-js-challenge: Rebuild for 1.30.3 nginx: update to 1.30.3 fixes CVE-2026-42055, CVE-2026-42530 and CVE-2026-48142 -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 17 2026 Felix Kaechele - 2:1.30.3-1 - update to 1.30.3 - fixes CVE-2026-42055, CVE-2026-42530 and CVE-2026-48142 * Fri Jun 12 2026 Yaakov Selkowitz - 2:1.30.2-2 - Rebuilt for openssl 4.0 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-b8e751787c' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Nginx updated in Fedora 44 for improved performance and security with fixes for CVEs.. Fedora Nginx Update, Security Fixes, Performance Improvement, Nginx Server, CVE Updates. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jun 26, 2026 Important Fedora
89

Fedora 43 lighttpd Important Update for Fast Web Server 2026-d7d472853a

1.4.84 1.4.83 https://wiki.lighttpd.net/Release-1_4_83. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-d7d472853a 2026-06-27 00:54:50.049700+00:00 -------------------------------------------------------------------------------- Name : lighttpd Product : Fedora 43 Version : 1.4.84 Release : 1.fc43 URL : http://www.lighttpd.net/ Summary : Lightning fast webserver with light system requirements Description : lighttpd (pronounced /lighty/) is a secure, fast, compliant, and very flexible web server that has been optimized for high-performance environments. lighttpd uses memory and CPU efficiently and has lower resource use than other popular web servers. Its advanced feature-set (FastCGI, CGI, Auth, Output-Compression, URL-Rewriting and much more) make lighttpd the perfect web server for all systems, small and large. -------------------------------------------------------------------------------- Update Information: 1.4.84 1.4.83 https://wiki.lighttpd.net/Release-1_4_83 -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 18 2026 Gwyn Ciesla - 1.4.84-1 - 1.4.84 * Mon Jun 15 2026 Gwyn Ciesla - 1.4.83-1 - 1.4.83 * Fri Jun 12 2026 Yaakov Selkowitz - 1.4.82-5 - Rebuilt for openssl 4.0 * Thu Apr 16 2026 Tom Callaway - 1.4.82-4 - rebuild * Tue Mar 3 2026 Tom Callaway - 1.4.82-3 - rebuild for lua 5.5 * Fri Jan 16 2026 Fedora Release Engineering - 1.4.82-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2488792 - lighttpd-1.4.83 is available https://bugzilla.redhat.com/show_bug.cgi?id=2488792 [ 2 ] Bug #2490240 - lighttpd-1.4.84 is available https://bugzilla.redhat.com/show_bug.cgi?id=2490240 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-d7d472853a' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Keep your Fedora 43 lighttpd installation secure with this important update addressing performance and resource efficiency.. Fedora Lighttpd Security Update Performance. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jun 26, 2026 Important Fedora
89

Fedora 43 nginx Critical Update for CVE-2026-42055, 42530, 48142

nginx-mod-headers-more: Rebuild for 1.30.3 nginx-mod-brotli: Rebuild for 1.30.3 nginx-mod-vts:. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-9d7328702e 2026-06-27 00:54:50.049683+00:00 -------------------------------------------------------------------------------- Name : nginx Product : Fedora 43 Version : 1.30.3 Release : 1.fc43 URL : https://nginx.org Summary : A high performance web server and reverse proxy server Description : Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage. -------------------------------------------------------------------------------- Update Information: nginx-mod-headers-more: Rebuild for 1.30.3 nginx-mod-brotli: Rebuild for 1.30.3 nginx-mod-vts: Rebuild for 1.30.3 nginx-mod-modsecurity: Rebuild for 1.30.3 nginx-mod-fancyindex: Rebuild for 1.30.3 nginx-mod-naxsi: Rebuild for 1.30.3 nginx: update to 1.30.3 fixes CVE-2026-42055, CVE-2026-42530 and CVE-2026-48142 -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 17 2026 Felix Kaechele - 2:1.30.3-1 - update to 1.30.3 - fixes CVE-2026-42055, CVE-2026-42530 and CVE-2026-48142 * Fri Jun 12 2026 Yaakov Selkowitz - 2:1.30.2-2 - Rebuilt for openssl 4.0 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-9d7328702e' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Explore the critical update for Fedora 43 nginx addressing multiple security flaws. Install the recommended patches promptly.. nginx update, Fedora security advisory, software patch, system upgrade, web server security. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jun 26, 2026 Important Fedora
89

Fedora 42 Nginx High Arbitrary Code Execution Notice FEDORA-2026-38623b4fed

nginx-mod-vts: Rebuild for 1.30.1 nginx-mod-fancyindex: Rebuild for 1.30.1 nginx-mod-naxsi:. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-38623b4fed 2026-05-15 22:44:59.632855+00:00 -------------------------------------------------------------------------------- Name : nginx Product : Fedora 42 Version : 1.30.1 Release : 1.fc42 URL : https://nginx.org Summary : A high performance web server and reverse proxy server Description : Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage. -------------------------------------------------------------------------------- Update Information: nginx-mod-vts: Rebuild for 1.30.1 nginx-mod-fancyindex: Rebuild for 1.30.1 nginx-mod-naxsi: Rebuild for 1.30.1 nginx-mod-headers-more: Rebuild for 1.30.1 nginx-mod-brotli: Rebuild for 1.30.1 nginx-mod-modsecurity: Rebuild for 1.30.1 nginx: update to 1.30.1 fixes CVE-2026-42926, CVE-2026-42945, CVE-2026-42946, CVE-2026-42934, CVE-2026-40460 and CVE-2026-40701 -------------------------------------------------------------------------------- ChangeLog: * Wed May 13 2026 Felix Kaechele - 2:1.30.1-1 - update to 1.30.1 - fixes CVE-2026-42926, CVE-2026-42945, CVE-2026-42946, CVE-2026-42934, CVE-2026-40460 and CVE-2026-40701 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2477413 - CVE-2026-42945 nginx: NGINX: Arbitrary Code Execution Vulnerability [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2477413 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-38623b4fed' at the command line. For more information, refer to the dnf documentation availableat http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Update for Fedora 42 nginx fixes critical issues including arbitrary code execution vulnerabilities for enhanced security.. Fedora nginx update security patch, arbitrary code execution, web server upgrade, nginx vulnerabilities, Fedora security fix. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 May 15, 2026 Critical Fedora
89

Fedora 42 advisory on nginx-mod-modsecurity for CVE-2026-42945 issue

nginx-mod-vts: Rebuild for 1.30.1 nginx-mod-fancyindex: Rebuild for 1.30.1 nginx-mod-naxsi:. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-38623b4fed 2026-05-15 22:44:59.632855+00:00 -------------------------------------------------------------------------------- Name : nginx-mod-modsecurity Product : Fedora 42 Version : 1.0.4 Release : 10.fc42 URL : https://github.com/SpiderLabs/ModSecurity-nginx Summary : ModSecurity v3 nginx connector Description : The ModSecurity-nginx connector is the connection point between nginx and libmodsecurity (ModSecurity v3). Said another way, this project provides a communication channel between nginx and libmodsecurity. This connector is required to use LibModSecurity with nginx. The ModSecurity-nginx connector takes the form of an nginx module. The module simply serves as a layer of communication between nginx and ModSecurity -------------------------------------------------------------------------------- Update Information: nginx-mod-vts: Rebuild for 1.30.1 nginx-mod-fancyindex: Rebuild for 1.30.1 nginx-mod-naxsi: Rebuild for 1.30.1 nginx-mod-headers-more: Rebuild for 1.30.1 nginx-mod-brotli: Rebuild for 1.30.1 nginx-mod-modsecurity: Rebuild for 1.30.1 nginx: update to 1.30.1 fixes CVE-2026-42926, CVE-2026-42945, CVE-2026-42946, CVE-2026-42934, CVE-2026-40460 and CVE-2026-40701 -------------------------------------------------------------------------------- ChangeLog: * Wed May 13 2026 Felix Kaechele - 1.0.4-10 - Rebuild for 1.30.1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2477413 - CVE-2026-42945 nginx: NGINX: Arbitrary Code Execution Vulnerability [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2477413 -------------------------------------------------------------------------------- This update can be installed with the "dnf"update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-38623b4fed' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Critical update for Fedora 42 nginx-mod-modsecurity addresses multiple CVEs related to security flaws.. Fedora 42, nginx-mod-modsecurity, security patch. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 May 15, 2026 Critical Fedora
89

Fedora 44 nginx Moderate Nginx Code Exec CVE-2026-42926 2026-094eb13bb1

nginx-mod-fancyindex: Rebuild for 1.30.1 nginx-mod-headers-more: Rebuild for 1.30.1 nginx-mod-naxsi:. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-094eb13bb1 2026-05-15 20:57:10.102601+00:00 -------------------------------------------------------------------------------- Name : nginx Product : Fedora 44 Version : 1.30.1 Release : 1.fc44 URL : https://nginx.org Summary : A high performance web server and reverse proxy server Description : Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage. -------------------------------------------------------------------------------- Update Information: nginx-mod-fancyindex: Rebuild for 1.30.1 nginx-mod-headers-more: Rebuild for 1.30.1 nginx-mod-naxsi: Rebuild for 1.30.1 nginx-mod-js-challenge: Rebuild for 1.30.1 nginx-mod-brotli: Rebuild for 1.30.1 nginx-mod-vts: Rebuild for 1.30.1 nginx-mod-modsecurity: Rebuild for 1.30.1 nginx: update to 1.30.1 fixes CVE-2026-42926, CVE-2026-42945, CVE-2026-42946, CVE-2026-42934, CVE-2026-40460 and CVE-2026-40701 -------------------------------------------------------------------------------- ChangeLog: * Wed May 13 2026 Felix Kaechele - 2:1.30.1-1 - update to 1.30.1 - fixes CVE-2026-42926, CVE-2026-42945, CVE-2026-42946, CVE-2026-42934, CVE-2026-40460 and CVE-2026-40701 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2477413 - CVE-2026-42945 nginx: NGINX: Arbitrary Code Execution Vulnerability [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2477413 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-094eb13bb1' at the command line. For more information,refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Critical Fedora 44 nginx patches for arbitrary code execution issues. Safeguard your server with the latest updates!. Fedora updates, nginx server, security patches, code execution fixes. . Severity: Important. LinuxSecurity.com Team

Calendar%202 May 15, 2026 Important Fedora
89

Fedora 44 httpd Critical Heap Overflow Advisory FEDORA-2026-3e32c54eab

new version 2.4.67. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-3e32c54eab 2026-05-12 00:48:49.533506+00:00 -------------------------------------------------------------------------------- Name : httpd Product : Fedora 44 Version : 2.4.67 Release : 1.fc44 URL : https://httpd.apache.org/ Summary : Apache HTTP Server Description : The Apache HTTP Server is a powerful, efficient, and extensible web server. -------------------------------------------------------------------------------- Update Information: new version 2.4.67 -------------------------------------------------------------------------------- ChangeLog: * Wed May 6 2026 Lubo\u0161 Uhliarik - 2.4.67-1 - new version 2.4.67 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2464943 - httpd-2.4.67 is available https://bugzilla.redhat.com/show_bug.cgi?id=2464943 [ 2 ] Bug #2466956 - CVE-2026-28780 httpd: Apache HTTP Server mod_proxy_ajp: Arbitrary code execution via heap-based buffer overflow [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2466956 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-3e32c54eab' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . Apache HTTP Server update available for Fedora 44 addressing critical code execution issue. Install to secure system.. Apache HTTP Server, Fedora 44, security advisory, code execution update. . Severity: Critical.LinuxSecurity.com Team

Calendar%202 May 12, 2026 Critical Fedora
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200