|
|
Log in / Subscribe / Register

Fedora alert FEDORA-2026-ca43aa006f (nextcloud)



From:
              updates--- via package-announce <package-announce@lists.fedoraproject.org>


To:
              package-announce@lists.fedoraproject.org


Subject:
              [SECURITY] Fedora 42 Update: nextcloud-33.0.1-1.fc42


Date:
              Tue, 07 Apr 2026 01:11:00 +0000


Message-ID:
              <20260407011100.E9A28793B2@bastion01.rdu3.fedoraproject.org>


Archive-link:
              Article


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-ca43aa006f
2026-04-07 01:10:18.296597+00:00
--------------------------------------------------------------------------------

Name        : nextcloud
Product     : Fedora 42
Version     : 33.0.1
Release     : 1.fc42
URL         : http://nextcloud.com
Summary     : Private file sync and share server
Description :
NextCloud gives you universal access to your files through a web interface or
WebDAV. It also provides a platform to easily view & sync your contacts,
calendars and bookmarks across all your devices and enables basic editing right
on the web. NextCloud is extendable via a simple but powerful API for
applications and plugins.

--------------------------------------------------------------------------------
Update Information:

33.0.1 release
--------------------------------------------------------------------------------
ChangeLog:

* Sun Mar 29 2026 Andrew Bauer <zonexpertconsulting@outlook.com> - 33.0.1-1
- 33.0.1 release RHBZ#2451773
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2439538 - CVE-2026-2391 nextcloud: qs's arrayLimit bypass in comma parsing allows
denial of service [epel-10]
        https://bugzilla.redhat.com/show_bug.cgi?id=2439538
  [ 2 ] Bug #2439563 - CVE-2026-2391 nextcloud: qs's arrayLimit bypass in comma parsing allows
denial of service [fedora-42]
        https://bugzilla.redhat.com/show_bug.cgi?id=2439563
  [ 3 ] Bug #2439579 - CVE-2026-2391 nextcloud: qs's arrayLimit bypass in comma parsing allows
denial of service [fedora-43]
        https://bugzilla.redhat.com/show_bug.cgi?id=2439579
  [ 4 ] Bug #2446240 - CVE-2026-30964 nextcloud: web-auth/webauthn-lib: Origin validation bypass
due to host component reduction [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2446240
  [ 5 ] Bug #2446242 - CVE-2026-30964 nextcloud: web-auth/webauthn-lib: Origin validation bypass
due to host component reduction [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2446242
  [ 6 ] Bug #2449631 - CVE-2026-32935 nextcloud: phpseclib: Information disclosure via padding
oracle timing attack when using AES in CBC mode [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2449631
  [ 7 ] Bug #2449632 - CVE-2026-32935 nextcloud: phpseclib: Information disclosure via padding
oracle timing attack when using AES in CBC mode [fedora-42]
        https://bugzilla.redhat.com/show_bug.cgi?id=2449632
  [ 8 ] Bug #2449635 - CVE-2026-32935 nextcloud: phpseclib: Information disclosure via padding
oracle timing attack when using AES in CBC mode [fedora-43]
        https://bugzilla.redhat.com/show_bug.cgi?id=2449635
  [ 9 ] Bug #2451773 - nextcloud-33.0.1 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2451773
  [ 10 ] Bug #2452573 - CVE-2026-33916 nextcloud: Handlebars: Cross-Site Scripting (XSS) via
prototype pollution in partial resolution [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2452573
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-ca43aa006f' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgr...

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

-- 
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-cond...
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/package-ann...
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds