Fedora Linux has been updated with multiple security enhancements, including Firefox, Corosync, Suricata, and Nextcloud:

Fedora 40 Update: firefox-137.0-2.fc40
Fedora 40 Update: corosync-3.1.9-2.fc40
Fedora 40 Update: suricata-7.0.10-1.fc40
Fedora 40 Update: nextcloud-31.0.2-2.fc40
Fedora 41 Update: corosync-3.1.9-2.fc41
Fedora 41 Update: nextcloud-31.0.2-1.fc41
Fedora 41 Update: suricata-7.0.10-1.fc41

[SECURITY] Fedora 40 Update: firefox-137.0-2.fc40

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-d48f900812
2025-04-03 01:51:21.151687+00:00
--------------------------------------------------------------------------------

Name : firefox
Product : Fedora 40
Version : 137.0
Release : 2.fc40
URL : https://www.mozilla.org/firefox/
Summary : Mozilla Firefox Web browser
Description :
Mozilla Firefox is an open-source web browser, designed for standards
compliance, performance and portability.

--------------------------------------------------------------------------------
Update Information:

Updated to latest upstream (137.0)
--------------------------------------------------------------------------------
ChangeLog:

* Mon Mar 31 2025 Martin Stransky [stransky@redhat.com] - 137.0-2
- Update 137.0 build 2
* Wed Mar 26 2025 Martin Stransky [stransky@redhat.com] - 137.0-1
- Update to latest upstream (137.0)
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-d48f900812' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--

[SECURITY] Fedora 40 Update: corosync-3.1.9-2.fc40

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-0bafd025de
2025-04-03 01:51:21.151676+00:00
--------------------------------------------------------------------------------

Name : corosync
Product : Fedora 40
Version : 3.1.9
Release : 2.fc40
URL : http://corosync.github.io/corosync/
Summary : The Corosync Cluster Engine and Application Programming Interfaces
Description :
This package contains the Corosync Cluster Engine Executive, several default
APIs and libraries, default configuration files, and an init script.

--------------------------------------------------------------------------------
Update Information:

Security fix for CVE-2025-30472
--------------------------------------------------------------------------------
ChangeLog:

* Wed Mar 26 2025 Jan Friesse [jfriesse@redhat.com] - 3.1.9-2
- totemsrp: Check size of orf_token msg
(fixes CVE-2025-30472)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2354383 - CVE-2025-30472 corosync: Stack buffer overflow from 'orf_token_endian_convert' [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2354383
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-0bafd025de' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--

[SECURITY] Fedora 40 Update: suricata-7.0.10-1.fc40

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-2a295896e6
2025-04-03 01:51:21.151653+00:00
--------------------------------------------------------------------------------

Name : suricata
Product : Fedora 40
Version : 7.0.10
Release : 1.fc40
URL : https://suricata-ids.org/
Summary : Intrusion Detection System
Description :
The Suricata Engine is an Open Source Next Generation Intrusion
Detection and Prevention Engine. This engine is not intended to
just replace or emulate the existing tools in the industry, but
will bring new ideas and technologies to the field. This new Engine
supports Multi-threading, Automatic Protocol Detection (IP, TCP,
UDP, ICMP, HTTP, TLS, FTP and SMB! ), Gzip Decompression, Fast IP
Matching, and GeoIP identification.

--------------------------------------------------------------------------------
Update Information:

This is an extra release to address a critical issue in 7.0.9 affecting
AF_PACKET users: setting a BPF would cause Suricata to fail to start up. This
has been fixed.
Various security, performance, accuracy, and stability issues have been fixed.
LibHTP has been updated to version 0.5.50 which is bundled with this new
release. This fixes:
CVE-2025-29915: HIGH
CVE-2025-29917: HIGH
CVE-2025-29918: HIGH
CVE-2025-29916: Moderate
--------------------------------------------------------------------------------
ChangeLog:

* Tue Mar 25 2025 Steve Grubb [sgrubb@redhat.com] 7.0.10-1
- New bugfix release
* Tue Mar 18 2025 Steve Grubb [sgrubb@redhat.com] 7.0.9-1
- New security and bugfix release
* Tue Feb 11 2025 Zbigniew J??drzejewski-Szmek [zbyszek@in.waw.pl] - 7.0.8-3
- Add sysusers.d config file to allow rpm to create users/groups automatically
* Sun Jan 19 2025 Fedora Release Engineering [releng@fedoraproject.org] - 7.0.8-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-2a295896e6' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

[SECURITY] Fedora 40 Update: nextcloud-31.0.2-2.fc40

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-dbeb2c60c3
2025-04-03 01:51:21.151647+00:00
--------------------------------------------------------------------------------

Name : nextcloud
Product : Fedora 40
Version : 31.0.2
Release : 2.fc40
URL : http://nextcloud.com
Summary : Private file sync and share server
Description :
NextCloud gives you universal access to your files through a web interface or
WebDAV. It also provides a platform to easily view & sync your contacts,
calendars and bookmarks across all your devices and enables basic editing right
on the web. NextCloud is extendable via a simple but powerful API for
applications and plugins.

--------------------------------------------------------------------------------
Update Information:

31.0.2 release RHBZ#2345769 RHBZ#2345775 RHBZ#2350414
--------------------------------------------------------------------------------
ChangeLog:

* Tue Mar 25 2025 Andrew Bauer [zonexpertconsulting@outlook.com] - 31.0.2-1
- 31.0.2 release RHBZ#2345769 RHBZ#2345775 RHBZ#2350414
* Sun Mar 2 2025 Andrew Bauer [zonexpertconsulting@outlook.com] - 31.0.0-1
- 31.0.0 release RHBZ#2324262 RHBZ#2336564
* Fri Feb 7 2025 Andrew Bauer [zonexpertconsulting@outlook.com] - 30.0.5-4
- escape period
* Mon Feb 3 2025 Andrew Bauer [zonexpertconsulting@outlook.com] - 30.0.5-3
- use composer-generators to autogenerate php-composer provides
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2345769 - CVE-2025-26791 nextcloud: Mutation XSS in DOMPurify Due to Improper Template Literal Handling [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2345769
[ 2 ] Bug #2345775 - CVE-2025-26791 nextcloud: Mutation XSS in DOMPurify Due to Improper Template Literal Handling [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2345775
[ 3 ] Bug #2350414 - nextcloud-31.0.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2350414
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-dbeb2c60c3' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--

[SECURITY] Fedora 41 Update: corosync-3.1.9-2.fc41

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-c55f39aeb3
2025-04-03 01:35:58.156056+00:00
--------------------------------------------------------------------------------

Name : corosync
Product : Fedora 41
Version : 3.1.9
Release : 2.fc41
URL : http://corosync.github.io/corosync/
Summary : The Corosync Cluster Engine and Application Programming Interfaces
Description :
This package contains the Corosync Cluster Engine Executive, several default
APIs and libraries, default configuration files, and an init script.

--------------------------------------------------------------------------------
Update Information:

Security fix for CVE-2025-30472
--------------------------------------------------------------------------------
ChangeLog:

* Wed Mar 26 2025 Jan Friesse [jfriesse@redhat.com] - 3.1.9-2
- totemsrp: Check size of orf_token msg
(fixes CVE-2025-30472)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2354384 - CVE-2025-30472 corosync: Stack buffer overflow from 'orf_token_endian_convert' [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2354384
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-c55f39aeb3' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--

[SECURITY] Fedora 41 Update: nextcloud-31.0.2-1.fc41

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-9e6b55e70b
2025-04-03 01:35:58.156021+00:00
--------------------------------------------------------------------------------

Name : nextcloud
Product : Fedora 41
Version : 31.0.2
Release : 1.fc41
URL : http://nextcloud.com
Summary : Private file sync and share server
Description :
NextCloud gives you universal access to your files through a web interface or
WebDAV. It also provides a platform to easily view & sync your contacts,
calendars and bookmarks across all your devices and enables basic editing right
on the web. NextCloud is extendable via a simple but powerful API for
applications and plugins.

--------------------------------------------------------------------------------
Update Information:

31.0.2 release RHBZ#2345769 RHBZ#2345775 RHBZ#2350414
--------------------------------------------------------------------------------
ChangeLog:

* Tue Mar 25 2025 Andrew Bauer [zonexpertconsulting@outlook.com] - 31.0.2-1
- 31.0.2 release RHBZ#2345769 RHBZ#2345775 RHBZ#2350414
* Sun Mar 2 2025 Andrew Bauer [zonexpertconsulting@outlook.com] - 31.0.0-1
- 31.0.0 release RHBZ#2324262 RHBZ#2336564
* Fri Feb 7 2025 Andrew Bauer [zonexpertconsulting@outlook.com] - 30.0.5-4
- escape period
* Mon Feb 3 2025 Andrew Bauer [zonexpertconsulting@outlook.com] - 30.0.5-3
- use composer-generators to autogenerate php-composer provides
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2345769 - CVE-2025-26791 nextcloud: Mutation XSS in DOMPurify Due to Improper Template Literal Handling [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2345769
[ 2 ] Bug #2345775 - CVE-2025-26791 nextcloud: Mutation XSS in DOMPurify Due to Improper Template Literal Handling [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2345775
[ 3 ] Bug #2350414 - nextcloud-31.0.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2350414
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-9e6b55e70b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--

[SECURITY] Fedora 41 Update: suricata-7.0.10-1.fc41

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-5fa61dc843
2025-04-03 01:35:58.156027+00:00
--------------------------------------------------------------------------------

Name : suricata
Product : Fedora 41
Version : 7.0.10
Release : 1.fc41
URL : https://suricata-ids.org/
Summary : Intrusion Detection System
Description :
The Suricata Engine is an Open Source Next Generation Intrusion
Detection and Prevention Engine. This engine is not intended to
just replace or emulate the existing tools in the industry, but
will bring new ideas and technologies to the field. This new Engine
supports Multi-threading, Automatic Protocol Detection (IP, TCP,
UDP, ICMP, HTTP, TLS, FTP and SMB! ), Gzip Decompression, Fast IP
Matching, and GeoIP identification.

--------------------------------------------------------------------------------
Update Information:

This is an extra release to address a critical issue in 7.0.9 affecting
AF_PACKET users: setting a BPF would cause Suricata to fail to start up. This
has been fixed.
Various security, performance, accuracy, and stability issues have been fixed.
LibHTP has been updated to version 0.5.50 which is bundled with this new
release. This fixes:
CVE-2025-29915: HIGH
CVE-2025-29917: HIGH
CVE-2025-29918: HIGH
CVE-2025-29916: Moderate
--------------------------------------------------------------------------------
ChangeLog:

* Tue Mar 25 2025 Steve Grubb [sgrubb@redhat.com] 7.0.10-1
- New bugfix release
* Tue Mar 18 2025 Steve Grubb [sgrubb@redhat.com] 7.0.9-1
- New security and bugfix release
* Tue Feb 11 2025 Zbigniew J??drzejewski-Szmek [zbyszek@in.waw.pl] - 7.0.8-3
- Add sysusers.d config file to allow rpm to create users/groups automatically
* Sun Jan 19 2025 Fedora Release Engineering [releng@fedoraproject.org] - 7.0.8-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-5fa61dc843' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------