Fedora Security Advisories

• kernel-7.0.7-200.fc44

The 7.0.7 stable kernel update contains a number of important fixes across the tree. It also patches up a vulnerable codepath for franesia that was not in the original patches for 7.0.6

• nginx-1.30.1-1.fc42
• nginx-mod-brotli-1.0.0~rc-9.fc42
• nginx-mod-fancyindex-0.6.0-4.fc42
• nginx-mod-headers-more-0.39-9.fc42
• nginx-mod-modsecurity-1.0.4-10.fc42
• nginx-mod-naxsi-1.6-17.fc42
• nginx-mod-vts-0.2.4-9.fc42

nginx-mod-vts:

• Rebuild for 1.30.1

nginx-mod-fancyindex:

• Rebuild for 1.30.1

nginx-mod-naxsi:

• Rebuild for 1.30.1

nginx-mod-headers-more:

• Rebuild for 1.30.1

nginx-mod-brotli:

• Rebuild for 1.30.1

nginx-mod-modsecurity:

• Rebuild for 1.30.1

nginx:

• update to 1.30.1
• fixes CVE-2026-42926, CVE-2026-42945, CVE-2026-42946, CVE-2026-42934, CVE-2026-40460 and CVE-2026-40701

• perl-Apache-Session-Browseable-1.3.19-1.fc44

This update has improvements to generate more secure session IDs (CVE-2026-8503).

• perl-Apache-Session-Browseable-1.3.19-1.el10_1

This update has improvements to generate more secure session IDs (CVE-2026-8503).

• perl-Apache-Session-Browseable-1.3.19-1.el10_3

This update has improvements to generate more secure session IDs (CVE-2026-8503).

• perl-Apache-Session-Browseable-1.3.19-1.fc43

This update has improvements to generate more secure session IDs (CVE-2026-8503).

• perl-Apache-Session-Browseable-1.3.19-1.el8

This update has improvements to generate more secure session IDs (CVE-2026-8503).

• perl-Apache-Session-Browseable-1.3.19-1.el9

This update has improvements to generate more secure session IDs (CVE-2026-8503).

• perl-Apache-Session-Browseable-1.3.19-1.el10_2

This update has improvements to generate more secure session IDs (CVE-2026-8503).

• dotnet10.0-10.0.108-1.fc44

Update to .NET SDK 10.0.108 and Runtime 10.0.8

Fixes: CVE-2026-32175,CVE-2026-32177,CVE-2026-35433,CVE-2026-42899

Release Notes:

• SDK: https://github.com/dotnet/core/blob/main/release-notes/10.0/10.0.8/10.0.108.md
• Runtime: https://github.com/dotnet/core/blob/main/release-notes/10.0/10.0.8/10.0.8.md

• dotnet10.0-10.0.108-1.fc43

Update to .NET SDK 10.0.108 and Runtime 10.0.8

Fixes: CVE-2026-32175,CVE-2026-32177,CVE-2026-35433,CVE-2026-42899

Release Notes:

• SDK: https://github.com/dotnet/core/blob/main/release-notes/10.0/10.0.8/10.0.108.md
• Runtime: https://github.com/dotnet/core/blob/main/release-notes/10.0/10.0.8/10.0.8.md

• dotnet10.0-10.0.108-1.fc42

Update to .NET SDK 10.0.108 and Runtime 10.0.8

Fixes: CVE-2026-32175,CVE-2026-32177,CVE-2026-35433,CVE-2026-42899

Release Notes:

• SDK: https://github.com/dotnet/core/blob/main/release-notes/10.0/10.0.8/10.0.108.md
• Runtime: https://github.com/dotnet/core/blob/main/release-notes/10.0/10.0.8/10.0.8.md

• dotnet9.0-9.0.117-1.fc44

Update to .NET SDK 9.0.117 and Runtime 9.0.16

Fixes: CVE-2026-32175,CVE-2026-32177,CVE-2026-35433,CVE-2026-42899

Release Notes:

• SDK: https://github.com/dotnet/core/blob/main/release-notes/9.0/9.0.16/9.0.117.md
• Runtime: https://github.com/dotnet/core/blob/main/release-notes/9.0/9.0.16/9.0.16.md

• dotnet9.0-9.0.117-1.fc43

Update to .NET SDK 9.0.117 and Runtime 9.0.16

Fixes: CVE-2026-32175,CVE-2026-32177,CVE-2026-35433,CVE-2026-42899

Release Notes:

• SDK: https://github.com/dotnet/core/blob/main/release-notes/9.0/9.0.16/9.0.117.md
• Runtime: https://github.com/dotnet/core/blob/main/release-notes/9.0/9.0.16/9.0.16.md

• dotnet9.0-9.0.117-1.fc42

Update to .NET SDK 9.0.117 and Runtime 9.0.16

Fixes: CVE-2026-32175,CVE-2026-32177,CVE-2026-35433,CVE-2026-42899

Release Notes:

• SDK: https://github.com/dotnet/core/blob/main/release-notes/9.0/9.0.16/9.0.117.md
• Runtime: https://github.com/dotnet/core/blob/main/release-notes/9.0/9.0.16/9.0.16.md

• nginx-1.30.1-1.fc43
• nginx-mod-brotli-1.0.0~rc-9.fc43
• nginx-mod-fancyindex-0.6.0-4.fc43
• nginx-mod-headers-more-0.39-9.fc43
• nginx-mod-modsecurity-1.0.4-10.fc43
• nginx-mod-naxsi-1.6-17.fc43
• nginx-mod-vts-0.2.4-9.fc43

nginx-mod-brotli:

• Rebuild for 1.30.1

nginx-mod-vts:

• Rebuild for 1.30.1

nginx-mod-modsecurity:

• Rebuild for 1.30.1

nginx-mod-fancyindex:

• Rebuild for 1.30.1

nginx-mod-headers-more:

• Rebuild for 1.30.1

nginx-mod-naxsi:

• Rebuild for 1.30.1

nginx:

• update to 1.30.1
• fixes CVE-2026-42926, CVE-2026-42945, CVE-2026-42946, CVE-2026-42934, CVE-2026-40460 and CVE-2026-40701

• kernel-6.19.14-102.fc42

The 6.19.14-102 stable kernel update contains a fix for the Fragnesia CVE-2026-46300.

• nginx-1.30.1-1.fc44
• nginx-mod-brotli-1.0.0~rc-9.fc44
• nginx-mod-fancyindex-0.6.0-4.fc44
• nginx-mod-headers-more-0.39-9.fc44
• nginx-mod-js-challenge-0^20230517.gitda6852d-7.fc44
• nginx-mod-modsecurity-1.0.4-10.fc44
• nginx-mod-naxsi-1.6-17.fc44
• nginx-mod-vts-0.2.4-9.fc44

nginx-mod-fancyindex:

• Rebuild for 1.30.1

nginx-mod-headers-more:

• Rebuild for 1.30.1

nginx-mod-naxsi:

• Rebuild for 1.30.1

nginx-mod-js-challenge:

• Rebuild for 1.30.1

nginx-mod-brotli:

• Rebuild for 1.30.1

nginx-mod-vts:

• Rebuild for 1.30.1

nginx-mod-modsecurity:

• Rebuild for 1.30.1

nginx:

• update to 1.30.1
• fixes CVE-2026-42926, CVE-2026-42945, CVE-2026-42946, CVE-2026-42934, CVE-2026-40460 and CVE-2026-40701

• docker-buildkit-0.30.0-1.fc42

• Update to release v0.30.0
• Resolves CVE-2026-39984: rhbz#2458929
• Upstream new features and fixes

• docker-buildkit-0.30.0-1.fc43

• Update to release v0.30.0
• Resolves CVE-2026-39984: rhbz#2458929
• Upstream new features and fixes