Fedora Security Advisories

FEDORA-2026-0b8cc86e5b Packages in this update:

• nginx-1.28.2-1.fc42
• nginx-mod-brotli-1.0.0~rc-6.fc42
• nginx-mod-fancyindex-0.5.2-15.fc42
• nginx-mod-headers-more-0.39-6.fc42
• nginx-mod-modsecurity-1.0.4-7.fc42
• nginx-mod-naxsi-1.6-14.fc42
• nginx-mod-vts-0.2.4-6.fc42

Update description:

nginx-mod-fancyindex:

• Rebuild for 1.28.2

nginx-mod-headers-more:

• Rebuild for 1.28.2

nginx-mod-brotli:

• Rebuild for 1.28.2

nginx-mod-modsecurity:

• Rebuild for 1.28.2

nginx-mod-vts:

• Rebuild for 1.28.2

nginx-mod-naxsi:

• Rebuild for 1.28.2

nginx:

• Update to 1.28.2
• fixes CVE-2026-1642
• move log directory to nginx-filesystem subpackage (PR#20)
• delete Maxim Dounin's key, it's no longer listed on the nginx website

FEDORA-2026-cd0705c6a7 Packages in this update:

• nginx-1.28.2-1.fc43
• nginx-mod-brotli-1.0.0~rc-6.fc43
• nginx-mod-fancyindex-0.5.2-15.fc43
• nginx-mod-headers-more-0.39-6.fc43
• nginx-mod-modsecurity-1.0.4-7.fc43
• nginx-mod-naxsi-1.6-14.fc43
• nginx-mod-vts-0.2.4-6.fc43

Update description:

nginx-mod-naxsi:

• Rebuild for 1.28.2

nginx-mod-brotli:

• Rebuild for 1.28.2

nginx-mod-fancyindex:

• Rebuild for 1.28.2

nginx-mod-modsecurity:

• Rebuild for 1.28.2

nginx-mod-headers-more:

• Rebuild for 1.28.2

nginx-mod-vts:

• Rebuild for 1.28.2

nginx:

• Update to 1.28.2
• fixes CVE-2026-1642
• move log directory to nginx-filesystem subpackage (PR#20)
• delete Maxim Dounin's key, it's no longer listed on the nginx website

FEDORA-2026-ce174cdc78 Packages in this update:

• vultr-cli-3.8.0-1.fc44

Update description:

Automatic update for vultr-cli-3.8.0-1.fc44.

Changelog * Wed Feb 4 2026 Major Hayden <major@redhat.com> - 3.8.0-1 - Update to 3.8.0 - Fixes CVE-2025-11065: go-viper/mapstructure updated to v2.4.0 - Resolves: rhbz#2390882, rhbz#2399729, rhbz#2397062

FEDORA-2026-a84e0ad039 Packages in this update:

• linux-sgx-2.26-34.fc43

Update description:

Update nodejs modules used by pccs daemon for CVE-2026-23745, CVE-2026-23950, CVE-2026-24842, CVE-2025-13465, CVE-2025-15284. Remove Fedora override of default pccs daemon port. Remove redundant dep on mpa_registration from pccs. Add system scriptlets for pccs server. Port to pycryptography & pyasn1. Fix tracebacks in keyring code.

FEDORA-EPEL-2026-5e10141457 Packages in this update:

• openbao-2.5.0-1.el8

Update description:

Update to upstream openbao-2.5.0. Also fixes CVE-2025-58189, CVE-2025-61723, CVE-2025-61725, CVE-2025-58183, CVE-2025-58185, CVE-2025-58188 on epel-8.

FEDORA-2026-66cb8ecfc2 Packages in this update:

• python-aiohttp-3.13.3-4.fc43

Update description:

https://github.com/aio-libs/aiohttp/blob/v3.13.3/CHANGES.rst

FEDORA-2026-f5514402fd Packages in this update:

• python3.6-3.6.15-52.fc42

Update description:

• Security fixes for CVE-2026-0865, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299

FEDORA-2026-d68ca022b1 Packages in this update:

• python3.6-3.6.15-52.fc43

Update description:

• Security fixes for CVE-2026-0865, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299

FEDORA-2026-59fdfa64f5 Packages in this update:

• gnupg2-2.4.9-2.fc42

Update description:

Fix CVE-2026-24882: Stack-based buffer overflow in tpm2daemon allows arbitrary code execution

FEDORA-2026-d5c00a447f Packages in this update:

• gnupg2-2.4.9-5.fc43

Update description:

Fix CVE-2026-24882: Stack-based buffer overflow in tpm2daemon allows arbitrary code execution

FEDORA-2026-ab67a4d8b3 Packages in this update:

• osslsigncode-2.12-1.fc42

Update description:

See commit history

FEDORA-EPEL-2026-5cd59d2965 Packages in this update:

• osslsigncode-2.12-1.el9

Update description:

See commit history

FEDORA-2026-3c6cc85b52 Packages in this update:

• osslsigncode-2.12-1.fc43

Update description:

See commit history

FEDORA-2026-55bb6efd14 Packages in this update:

• open-vm-tools-13.0.10-2.fc43

Update description:

Update to 13.0.10.

FEDORA-2026-33c6aa1881 Packages in this update:

• open-vm-tools-13.0.10-2.fc42

Update description:

Update to 13.0.10.

FEDORA-EPEL-2026-96a07a6444 Packages in this update:

• openssl3-3.5.5-1.1.el8

Update description:

Rebased openssl3 to the latest c9s openssl for the latest round of CVEs

FEDORA-2026-792b1b7bbd Packages in this update:

• cef-144.0.11^chromium144.0.7559.109-2.fc43

Update description:

Update to Chromium 144.0.7559.109

• CVE-2026-1504: Inappropriate implementation in Background Fetch API

FEDORA-2026-24ed079b30 Packages in this update:

• cef-144.0.11^chromium144.0.7559.109-2.fc42

Update description:

Update to Chromium 144.0.7559.109

• CVE-2026-1504: Inappropriate implementation in Background Fetch API

FEDORA-EPEL-2026-58b60068fc Packages in this update:

• node-exporter-1.10.2-3.el9

Update description:

Update to 1.10.2

Update was blocked by a ppc64 issue, but a workaround has been found.

FEDORA-EPEL-2026-c702846a3a Packages in this update:

• node-exporter-1.10.2-3.el10_1

Update description:

Update to 1.10.2

Update was blocked by a ppc64 issue, but a workaround has been found.