update to 120.0.6099.216 – High CVE-2024-0333: Insufficient data validation in Extensions
Archive for Fedora Linux Distribution – Security Advisories
Forbid shell metasymbols in username/hostname Resolve Terrapin attack Apply destination constraints to all PKCS#11 keys
Bugfix release. Includes security fixes for CVE-2021-42260 and CVE-2023-34194 and a fix for incorrect text element encoding (upstream isssue #51).
Fedora 38: xorg-x11-server 2023-ec02e360af
CVE fix for: CVE-2023-6377, CVE-2023-6478
CVE fix for: CVE-2023-6377, CVE-2023-6478
Fedora 38: python-paramiko 2024-39a8c72ea9
Terrapin fix
Fix regression in IPv6 hosntames parsing —- New upstream release fixing (CVE-2023-48795, CVE-2023-6004, CVE-2023-6918)
Automatic update for podman-4.8.3-1.fc39. ##### **Changelog for podman** “` * Wed Jan 03 2024 Packit
Fedora 38: perl-Spreadsheet-ParseExcel 2023-84d3cc47b1
Fix for CVE-2023-7101 (unvalidated input can lead to arbitrary code execution vulnerability).
Fedora 38: python-aiohttp 2023-1f06098c71
Security fix for CVE-2023-49081, CVE-2023-49082. Update `python-aiohttp` to 3.9.1. Patch `python-pysqeezebox` and `python-wled` so they do not have an implicit dependency on `python-async-timeout` via `python-aiohttp`. https://github.com/aio-libs/aiohttp/releases/tag/v3.9.0 https://github.com/aio- libs/aiohttp/releases/tag/v3.9.1
Bugfix release. Includes security fixes for CVE-2021-42260 and CVE-2023-34194 and a fix for incorrect text element encoding (upstream isssue #51).
Fedora 38: python-pysqueezebox 2023-1f06098c71
Security fix for CVE-2023-49081, CVE-2023-49082. Update `python-aiohttp` to 3.9.1. Patch `python-pysqeezebox` and `python-wled` so they do not have an implicit dependency on `python-async-timeout` via `python-aiohttp`. https://github.com/aio-libs/aiohttp/releases/tag/v3.9.0 https://github.com/aio- libs/aiohttp/releases/tag/v3.9.1
update to 120.0.6099.199 – CVE-2023-6879 aom: heap-buffer-overflow on frame size change – CVE-2023-7104 sqlite: heap-buffer-overflow at sessionfuzz – CVE-2024-0222: Use after free in ANGLE – CVE-2024-0223: Heap buffer overflow in ANGLE – CVE-2024-0224: Use after free in WebAudio – CVE-2024-0225: Use after free in WebGPU
update to 120.0.6099.199 – CVE-2023-6879 aom: heap-buffer-overflow on frame size change – CVE-2023-7104 sqlite: heap-buffer-overflow at sessionfuzz – CVE-2024-0222: Use after free in ANGLE – CVE-2024-0223: Heap buffer overflow in ANGLE – CVE-2024-0224: Use after free in WebAudio – CVE-2024-0225: Use after free in WebGPU
– Update to 22.05.11 – Closes CVE-2023-49933 through CVE-2023-49938
– Update to 22.05.11 – Closes CVE-2023-49933 through CVE-2023-49938
Update to 3.2.5, fixing CVE-2018-1311 and CVE-2023-37536
Update to 3.2.5, fixing CVE-2018-1311 and CVE-2023-37536
Security fix for CVE-2023-48795 (Terrapin SSH protocol attack), affecting mod_sftp.
Fedora 39: python-asyncssh 2023-e77300e4b5
Security fix for CVE-2023-48795
Security fix for CVE-2023-48795 (Terrapin SSH protocol attack), affecting mod_sftp.
Fedora 38: podman-tui 2023-cb8c606fbb
release v0.15.0 includes security fix for [CVE-2023-48795]
– New version 6.6 – Important security fixes – Removed gopher support
Fedora 39: podman-tui 2023-20feb865d8
release v0.15.0 includes security fix for [CVE-2023-48795]
– New version 6.6 – Important security fixes – Removed gopher support
Fedora 38: minizip-ng 2023-2ca76c3aae
Fix for CVE-2023-48107
Fix for Terrapin vulnerability
Fedora 39: minizip-ng 2023-5aa1ebc5e9
Fix for CVE-2023-48107
Fedora 39: unrealircd 2023-7c6c696102
# UnrealIRCd 6.1.4 This release fixes a crash issue with websockets in UnrealIRCd 6.1.0 – 6.1.3. The full advisory with all details is available at: https://forums.unrealircd.org/viewtopic.php?t=9340 ## Fixes * Crash that can be triggered by users when [Websockets](https://www.unrealircd.org/docs/WebSocket_support) are in use (a
Fedora 38: unrealircd 2023-41f41fbb69
# UnrealIRCd 6.1.4 This release fixes a crash issue with websockets in UnrealIRCd 6.1.0 – 6.1.3. The full advisory with all details is available at: https://forums.unrealircd.org/viewtopic.php?t=9340 ## Fixes * Crash that can be triggered by users when [Websockets](https://www.unrealircd.org/docs/WebSocket_support) are in use (a