Stay Vigilant with Timely Linux Security Advisories

security advisorydenial of servicefedora

Fedora 44 NextCloud Update Denial of Service JSON Tampering 2026-30881a5be7

33.0.4 Release. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-30881a5be7 2026-06-05 04:25:00.359051+00:00 -------------------------------------------------------------------------------- Name : nextcloud Product : Fedora 44 Version : 33.0.4 Release : 1.fc44 URL : http://nextcloud.com Summary : Private file sync and share server Description : NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing right on the web. NextCloud is extendable via a simple but powerful API for applications and plugins. -------------------------------------------------------------------------------- Update Information: 33.0.4 Release -------------------------------------------------------------------------------- ChangeLog: * Thu May 28 2026 Andrew Bauer - 33.0.4-1 - 33.0.4 Release RHBZ#2482794 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2467998 - CVE-2026-42044 nextcloud: Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2467998 [ 2 ] Bug #2468008 - CVE-2026-42044 nextcloud: Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2468008 [ 3 ] Bug #2476733 - CVE-2026-44167 nextcloud: phpseclib: Denial of Service via untrusted ASN.1 file loading [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2476733 [ 4 ] Bug #2476734 - CVE-2026-44167 nextcloud: phpseclib: Denial of Service via untrusted ASN.1 file loading [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2476734 [ 5 ] Bug #2482794 - nextcloud-33.0.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=2482794 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-30881a5be7' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . NextCloud update for Fedora 44 addresses critical denials of service and security tampering issues in version 33.0.4.. nextcloud update Fedora 44 json tampering denial of service. . Severity: Important. LinuxSecurity.com Team

Jun 05, 2026 •Important Fedora

security advisoryfedorapython

Fedora 44 python-starlette Security Fix for CVE-2026-48710

Backport fix for CVE-2026-48710. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-3bce8d3f11 2026-06-05 04:25:00.359057+00:00 -------------------------------------------------------------------------------- Name : python-starlette Product : Fedora 44 Version : 0.52.1 Release : 2.fc44 URL : https://www.starlette.io/ Summary : The little ASGI library that shines Description : Starlette is a lightweight ASGI framework/toolkit, which is ideal for building async web services in Python. It is production-ready, and gives you the following: • A lightweight, low-complexity HTTP web framework. • WebSocket support. • In-process background tasks. • Startup and shutdown events. • Test client built on requests. • CORS, GZip, Static Files, Streaming responses. • Session and Cookie support. • 100% test coverage. • 100% type annotated codebase. • Few hard dependencies. • Compatible with asyncio and trio backends. • Great overall performance against independent benchmarks. -------------------------------------------------------------------------------- Update Information: Backport fix for CVE-2026-48710 -------------------------------------------------------------------------------- ChangeLog: * Thu May 28 2026 Paul Wouters - 0.52.1-2 - Backport fix for CVE-2026-48710 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2481742 - CVE-2026-48710 starlette: Starlette: Security restriction bypass via malformed HTTP Host header https://bugzilla.redhat.com/show_bug.cgi?id=2481742 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-3bce8d3f11' at the command line. For more information, refer to the dnf documentation availableat http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . Fix for CVE-2026-48710 in Fedora 44's python-starlette ensures enhanced security and stability.. Fedora 44, python application, security update, CVE-2026-48710. . Severity: Critical. LinuxSecurity.com Team

Jun 05, 2026 •Critical Fedora

security advisorydenial of servicesecurity issue

Fedora 44 perl-Cpanel-JSON-XS Moderate Denial of Service CVE-2026-9516

This update addresses a number of bugs including these security issues: Fix BOM-shift PV-corruption SIGABRT (CVE-2026-9516) Fix dupkeys_as_arrayref type confusion (CVE-2026-9334). -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-0a82e80353 2026-06-05 04:25:00.359045+00:00 -------------------------------------------------------------------------------- Name : perl-Cpanel-JSON-XS Product : Fedora 44 Version : 4.41 Release : 1.fc44 URL : https://metacpan.org/release/Cpanel-JSON-XS Summary : JSON::XS for Cpanel, fast and correct serializing Description : This module converts Perl data structures to JSON and vice versa. Its primary goal is to be correct and its secondary goal is to be fast. To reach the latter goal it was written in C. -------------------------------------------------------------------------------- Update Information: This update addresses a number of bugs including these security issues: Fix BOM-shift PV-corruption SIGABRT (CVE-2026-9516) Fix dupkeys_as_arrayref type confusion (CVE-2026-9334) -------------------------------------------------------------------------------- ChangeLog: * Thu May 28 2026 Paul Howarth - 4.41-1 - Update to 4.41 - Fix BOM-shift PV-corruption SIGABRT (CVE-2026-9516) - Fix dupkeys_as_arrayref type confusion (CVE-2026-9334) - Fix incr_parse single-quote string delimiter (GH#245) - Fix a one-byte out-of-bounds heap read reachable via allow_barekey on truncated input (GH#244) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2484331 - CVE-2026-9334 perl-Cpanel-JSON-XS: perl-Cpanel-JSON-XS: Denial of Service via type confusion with duplicate JSON object keys [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2484331 [ 2 ] Bug #2484333 - CVE-2026-9516 perl-Cpanel-JSON-XS: Cpanel::JSON::XS: Denial of Service via UTF-8 BOM prefixed input [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2484333 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-0a82e80353' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . This Fedora update addresses critical bugs and security issues in perl-Cpanel-JSON-XS, ensuring system integrity and safety.. Fedora perl-Cpanel-JSON-XS security issues. . Severity: Important. LinuxSecurity.com Team

Jun 05, 2026 •Important Fedora