Latest updates
Archive for Fedora Linux Distribution – Security Advisories
Latest updates
– Release 115.3.1
Fixes an issue in configobj: CVE-2023-26112
– fix cookie injection with none file (CVE-2023-38546) – fix SOCKS5 heap buffer overflow (CVE-2023-38545)
fix for CVE-2023-43115 (#2241112)
Security fix for CVE-2023-43665, CVE-2023-41164, and CVE-2023-36053
– fix HTTP/2 Rapid Reset (CVE-2023-44487)
Security fix for CVE-2023-43665, CVE-2023-41164, and CVE-2023-36053
– Update to 2.28.5 – CVE-2023-43615 Release notes: https://github.com/Mbed- TLS/mbedtls/releases/tag/mbedtls-2.28.5 Security Advisory: https://mbed- tls.readthedocs.io/en/latest/security-advisories/mbedtls-security- advisory-2023-10-1/
Move location of plugin from /usr/share/… to /usr/libexec/… because there is a binary executable
Update cacti and cacti-spine to version 1.2.25. This includes the upstream fixes for many CVEs. https://github.com/Cacti/cacti/releases/tag/release%2F1.2.25
Update to version 4.18.8 – Security fixes for CVE-2023-3961, CVE-2023-4091, CVE-2023-4154, CVE-2023-42669 and CVE-2023-42670
This update backports the fix for a serious security issue that could cause arbitrary code execution, tracked as CVE-2023-43641. See [this write-up by Kevin Backhouse](https://github.blog/2023-10-09-coordinated-disclosure-1-click-rce-on- gnome-cve-2023-43641/) for details. Thanks to Kevin for discovering the issue and writing the fix.
Update oneVPL and oneVPL-intel-gpu to latest releases. Fixes CVE-2023-22338 and CVE-2023-22840. No ABI changes.
Seccomp jail improvements (CVE-2023-43641)
Update oneVPL and oneVPL-intel-gpu to latest releases. Fixes CVE-2023-22338 and CVE-2023-22840. No ABI changes.
This update is intended to fix all the issues with broken launchers and KDE crashes that were caused by changes to the .desktop files in recent Firefox updates. Please report any remaining issues. —- This update provides the latest release of Firefox, with an important security fix. We highly recommend you install this update immediately and restart all Firefox instances.
The 6.5.6 stable kernel update contains a number of important fixes across the tree.
This release adds the following features: * Add a launchd agent for macOS * Add a new security attribute for BIOS capsule updates to be enabled * Add functionality to fix specific host security attributes * Add global information from the context into the report data * Add support for coSWID payload sections * Add support for parsing the EDID * Allow adding only-quirk instance IDs from
Patch CVE-2023-42118, plus some other fixes.
patchlevel 1984
Downstream fixes for CVE-2021-40266 CVE-2020-24292 CVE-2020-24293 CVE-2020-24295 CVE-2021-40263
Rebase / Update to 115.3.1 ; https://www.thunderbird.net/en- US/thunderbird/115.0/whatsnew/ ; https://support.mozilla.org/en- US/kb/thunderbird-115-supernova-faq ; https://www.thunderbird.net/en- US/thunderbird/115.2.3/releasenotes/ ; https://www.thunderbird.net/en- US/thunderbird/115.3.0/releasenotes/ ; https://www.thunderbird.net/en-
Downstream fixes for CVE-2021-40266 CVE-2020-24292 CVE-2020-24293 CVE-2020-24295 CVE-2021-40263
Upstream release
Package new upstream version of open-vm-tools-12.3.0-22234872. Security fix for CVE-2023-20900, CVE-2023-20867
Upstream release
Security fix for CVE-2022-46146, update to v0.10.0
Security fix for CVE-2022-46146, update to v0.10.0