Several security issues were fixed in nghttp2.
Archive for April 25th, 2024
CryptoJS could be made to expose sensitive information.
It was discovered that PDNS Recursor, a resolving name server, was susceptible to denial of service if recursive forwarding is configured. For the stable distribution (bookworm), this problem has been fixed in
Zabbix could allow reflected cross-site scripting (XSS) attacks.
Several security issues were fixed in FreeRDP.
Several security issues were fixed in Thunderbird.
Fix for CVE-2024-31497
fix Usage of disabled protocol (CVE-2024-2004) fix HTTP/2 push headers memory-leak (CVE-2024-2398)
x86: Native Branch History Injection [XSA-456, CVE-2024-2201] update to xen 4.17.4, remove patches now included upstream rebase xen.gcc12.fixes.patch x86 HVM hypercalls may trigger Xen bug check [XSA-454, CVE-2023-46842] x86: Incorrect logic for BTC/SRSO mitigations [XSA-455, CVE-2024-31142]
Update to 1.15.8 Fix CVE-2024-32462
Fix for CVE-2024-31497
Updates Fedora 30 to Kubernetes 1.27.13. Resolves CVE-2024-3177: Bypassing mountable secrets policy imposed by the ServiceAccount admission plugin. In addition, a few bug and regression fixes.
Update to 115.10.1 https://www.thunderbird.net/en-US/thunderbird/115.10.1/releasenotes/ Fix https://bugzilla.redhat.com/show_bug.cgi?id=2276078 Including security update to 115.10.0 https://www.mozilla.org/en-US/security/advisories/mfsa2024-20/