|
|
Log in / Subscribe / Register

Fedora alert FEDORA-2026-4de4d247a0 (nginx-mod-brotli)



From:
              updates--- via package-announce <package-announce@lists.fedoraproject.org>


To:
              package-announce@lists.fedoraproject.org


Subject:
              [SECURITY] Fedora 44 Update: nginx-mod-brotli-1.0.0~rc-7.fc44


Date:
              Sat, 25 Apr 2026 01:52:12 +0000


Message-ID:
              <20260425015212.780CA9B94C@bastion01.rdu3.fedoraproject.org>


Archive-link:
              Article


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-4de4d247a0
2026-04-25 01:21:36.170930+00:00
--------------------------------------------------------------------------------

Name        : nginx-mod-brotli
Product     : Fedora 44
Version     : 1.0.0~rc
Release     : 7.fc44
URL         : https://github.com/google/ngx_brotli
Summary     : NGINX module for Brotli compression
Description :
NGINX module for Brotli compression.

--------------------------------------------------------------------------------
Update Information:

nginx-mod-brotli:
Rebuild for 1.28.3
nginx-mod-fancyindex:
Rebuild for 1.28.3
nginx-mod-naxsi:
Rebuild for 1.28.3
nginx-mod-headers-more:
Rebuild for 1.28.3
nginx-mod-vts:
Rebuild for 1.28.3
nginx-mod-modsecurity:
Rebuild for 1.28.3
nginx:
Update to 1.28.3
fixes CVE-2026-27654, CVE-2026-27784, CVE-2026-32647, CVE-2026-27651,
  CVE-2026-28753, CVE-2026-28755
--------------------------------------------------------------------------------
ChangeLog:

* Wed Mar 25 2026 Felix Kaechele <felix@kaechele.ca> - 1.0.0~rc-7
- Rebuild for 1.28.3
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2372546 - Use `systemctl kill` in logrotate postrotate script
        https://bugzilla.redhat.com/show_bug.cgi?id=2372546
  [ 2 ] Bug #2393382 - nginx-upgrade: Support custom PID and config file locations
        https://bugzilla.redhat.com/show_bug.cgi?id=2393382
  [ 3 ] Bug #2413647 - The default server (i.e. _) is not the default server
        https://bugzilla.redhat.com/show_bug.cgi?id=2413647
  [ 4 ] Bug #2445461 - RFE: please enable the geoip module
        https://bugzilla.redhat.com/show_bug.cgi?id=2445461
  [ 5 ] Bug #2450834 - CVE-2026-27651 nginx: NGINX: Denial of Service via undisclosed requests when
ngx_mail_auth_http_module is enabled [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2450834
  [ 6 ] Bug #2450837 - CVE-2026-27651 nginx: NGINX: Denial of Service via undisclosed requests when
ngx_mail_auth_http_module is enabled [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2450837
  [ 7 ] Bug #2450838 - CVE-2026-27651 nginx: NGINX: Denial of Service via undisclosed requests when
ngx_mail_auth_http_module is enabled [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2450838
  [ 8 ] Bug #2450839 - CVE-2026-27651 nginx: NGINX: Denial of Service via undisclosed requests when
ngx_mail_auth_http_module is enabled [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2450839
  [ 9 ] Bug #2450840 - CVE-2026-27784 nginx: NGINX: Denial of Service due to memory corruption via
crafted MP4 file [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2450840
  [ 10 ] Bug #2450842 - CVE-2026-28753 nginx: NGINX Plus and NGINX Open Source: Request
manipulation via header injection in SMTP upstream requests [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2450842
  [ 11 ] Bug #2450844 - CVE-2026-28755 nginx: NGINX: Certificate revocation bypass when OCSP is
enabled [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2450844
  [ 12 ] Bug #2450849 - CVE-2026-27654 nginx: NGINX: Denial of Service or file modification via
buffer overflow in ngx_http_dav_module [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2450849
  [ 13 ] Bug #2452220 - CVE-2026-32647 nginx: NGINX: Denial of Service or Code Execution via
specially crafted MP4 files [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2452220
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-4de4d247a0' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgr...

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

-- 
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-cond...
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/package-ann...
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds