An update for firefox is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
Archive for May, 2023
Several security issues were fixed in Ruby.
minimatch could be made to crash if it opened a specially crafted input file.
Several security issues were fixed in runC.
Red Hat build of MicroShift release 4.13.0 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat build of MicroShift 4.13.
Fixes CVE-2023-32762 and CVE-2023-32763.
Recent updates for the `tokio`, `h2`, and `openssl` crates addressed some (potential or confirmed) security or soundness issues: – `tokio`: [RUSTSEC-2023-0005](https://rustsec.org/advisories/RUSTSEC-2023-0005.html) – `h2`: [RUSTSEC-2023-0034](https://rustsec.org/advisories/RUSTSEC-2023-0034.html) / [CVE-2023-26964](https://nvd.nist.gov/vuln/detail/CVE-2023-26964) – `openssl`:
Several security issues were fixed in the Linux kernel.
Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
On May 3rd, Google Registry launched eight new top-level domains (TLDs) “for dads, grads and techies”, including a .zip TLD. While these new TLDs come with benefits such as automatic inclusion on the HSTS preload list, the launch of new TLDs has always presented cyber criminals with the opportunity to register domains in bad faith.
Parts of the security community, such as the SANS ISC, have already identified the potential for fraud via the potential conflation of a universally known file extension (.zip) with a TLD. TLDs overlapping with file extensions is not a new problem: .com is also an executable format, .pl represents both Poland and Perl scripts, and .sh represents Saint Helena and Unix shell scripts.
Earlier this week, we investigated existing registrations using the .zip TLD and confirmed that there is already evidence of fraudulent activity.
cups-filters could be made to crash or run programs if it received specially crafted network traffic.
EventSource could leak sensitive information if it opened a specially crafted input file.
An update for openstack-nova is now available for Red Hat OpenStack Platform 13 (Queens). Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which
An update for openstack-nova is now available for Red Hat OpenStack Platform 17.0 (Wallaby). Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which
WordPress 6.2.1 is now available! This minor release features 20 bug fixes in Core and 10 bug fixes for the block editor. You can review a summary of the maintenance updates in this release by reading the Release Candidate announcement. This release also features several security fixes. Because this is a security release, it is […]
An update for libreswan is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
An update for python-mako is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from
Several security issues were fixed in Synapse.
USN-6074-1 caused some minor regressions in Firefox.
qga/win32: Fix local privilege escalation issue (CVE-2023-0664) (rhbz#2175700)
– Update to latest 3.2 release – Security fix for CVE-2023-31047 – Provide python3-django so it can be used by dependents that do not use the python3.Xdist(django) for requesting it
USN-6060-1 introduced a regression in MySQL.
Several security issues were fixed in Thunderbird.
Patch CVE-2023-27783 – CVE-2023-27789 – CVE-2023-27783 – CVE-2023-27784 – CVE-2023-27785 – CVE-2023-27786 – CVE-2023-27787 – CVE-2023-27788 – CVE-2023-27789
Patch CVE-2023-27783 – CVE-2023-27789 – CVE-2023-27783 – CVE-2023-27784 – CVE-2023-27785 – CVE-2023-27786 – CVE-2023-27787 – CVE-2023-27788 – CVE-2023-27789
Patch CVE-2023-27783 – CVE-2023-27789 – CVE-2023-27783 – CVE-2023-27784 – CVE-2023-27785 – CVE-2023-27786 – CVE-2023-27787 – CVE-2023-27788 – CVE-2023-27789
Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code. For the stable distribution (bullseye), these problems have been fixed in
Update to 102.11.0 ; https://www.mozilla.org/en- US/security/advisories/mfsa2023-18/ ; https://www.thunderbird.net/en- US/thunderbird/102.11.0/releasenotes/
The 6.2.15 stable kernel update contains a number of important fixes across the tree.
The 6.2.15 stable kernel update contains a number of important fixes across the tree.