Ubuntu 6750-1: Thunderbird Security Advisory Updates
Several security issues were fixed in Thunderbird.
Several security issues were fixed in Thunderbird.
Fix for CVE-2024-31497
fix Usage of disabled protocol (CVE-2024-2004) fix HTTP/2 push headers memory-leak (CVE-2024-2398)
x86: Native Branch History Injection [XSA-456, CVE-2024-2201] update to xen 4.17.4, remove patches now included upstream rebase xen.gcc12.fixes.patch x86 HVM hypercalls may trigger Xen bug check [XSA-454, CVE-2023-46842] x86: Incorrect logic for BTC/SRSO mitigations [XSA-455, CVE-2024-31142]
Update to 1.15.8 Fix CVE-2024-32462
Fix for CVE-2024-31497
Updates Fedora 30 to Kubernetes 1.27.13. Resolves CVE-2024-3177: Bypassing mountable secrets policy imposed by the ServiceAccount admission plugin. In addition, a few bug and regression fixes.
Update to 115.10.1 https://www.thunderbird.net/en-US/thunderbird/115.10.1/releasenotes/ Fix https://bugzilla.redhat.com/show_bug.cgi?id=2276078 Including security update to 115.10.0 https://www.mozilla.org/en-US/security/advisories/mfsa2024-20/
Several security issues were fixed in the Linux kernel.
Several security issues were fixed in Dnsmasq.
Several security issues were fixed in FreeRDP.
Several security issues were fixed in Sanitize.
Several security issues were fixed in Firefox.
CVE fix for CVE-2024-31080, CVE-2024-31081, CVE-2024-31083, and a fix for a regression introduced with the fix for CVE-2024-31083
Update to 20240116.2: fixes possible out-of-bounds string access as described in https://github.com/abseil/abseil-cpp/pull/1650.
Squid could be made to crash if it received specially crafted network traffic.
Charles Fol discovered that the iconv() function in the GNU C library is prone to a buffer overflow vulnerability when converting strings to the ISO-2022-CN-EXT character set, which may lead to denial of service (application crash) or the execution of arbitrary code.
Update to idna-3.7.
Security fix for CVE-2023-4692 Security fix for CVE-2023-4693 Fri Apr 12 2024 Nicolas Frayer [email protected] – 2.06-121 fs/xfs: Handle non-continuous data blocks in directory extents Related: #2254370
Update to latest upstream version 1.7.17 (closes rhbz#2255953)
update to 124.0.6367.60 High CVE-2024-3832: Object corruption in V8 High CVE-2024-3833: Object corruption in WebAssembly High CVE-2024-3914: Use after free in V8 High CVE-2024-3834: Use after free in Downloads
Several security issues were fixed in the Linux kernel.
Pillow could be made to crash or run programs as an administrator if it opened a specially crafted file.
Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in denial of service or information disclosure. For the oldstable distribution (bullseye), these problems have been fixed
Pillow could be made to crash or run programs as an administrator if it opened a specially crafted file.
Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in denial of service or information disclosure. For the oldstable distribution (bullseye), these problems have been fixed
Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code. For the oldstable distribution (bullseye), this problem has been fixed
It was discovered that insufficient restriction of unix daemon sockets in the GNU Guix functional package manager could result in sandbox bypass.
update to 124.0.6367.60 High CVE-2024-3832: Object corruption in V8 High CVE-2024-3833: Object corruption in WebAssembly High CVE-2024-3914: Use after free in V8 High CVE-2024-3834: Use after free in Downloads
New upstream release (125.0)
58 queries. 8.75 mb Memory usage. 1.318 seconds.