– fix HSTS long file name clears contents (CVE-2023-46219) – fix cookie mixed case PSL bypass (CVE-2023-46218)
Archive for Fedora Linux Distribution – Security Advisories
Update to 120.0.6099.62, upstream release fixes follow security issues: * High CVE-2023-6508: Use after free in Media Stream * High CVE-2023-6509: Use after free in Side Panel Search * Medium CVE-2023-6510: Use after free in Media Capture * Low CVE-2023-6511: Inappropriate implementation in Autofill * Low CVE-2023-6512: Inappropriate implementation in Web Browser UI
* Install default input.conf/network.conf * Add mitigation for CVE-2023-45866
Update to 120.0.6099.62, upstream release fixes follow security issues: * High CVE-2023-6508: Use after free in Media Stream * High CVE-2023-6509: Use after free in Side Panel Search * Medium CVE-2023-6510: Use after free in Media Capture * Low CVE-2023-6511: Inappropriate implementation in Autofill * Low CVE-2023-6512: Inappropriate implementation in Web Browser UI
upgrade to v0.10.7, CVE-2023-39325
upgrade to v0.10.7, close rhbz#2249798
Fedora 38: rust-fedora-update-feedback 2023-6215ea423b
Affected applications were rebuilt against version 0.10.60 of the the `openssl` crate (the Rust bindings for OpenSSL) to address two security advisories: – https://rustsec.org/advisories/RUSTSEC-2023-0044.html – https://rustsec.org/advisories/RUSTSEC-2023-0072.html
Fedora 38: rust-tealdeer 2023-6215ea423b
Affected applications were rebuilt against version 0.10.60 of the the `openssl` crate (the Rust bindings for OpenSSL) to address two security advisories: – https://rustsec.org/advisories/RUSTSEC-2023-0044.html – https://rustsec.org/advisories/RUSTSEC-2023-0072.html
Fedora 38: rust-sevctl 2023-6215ea423b
Affected applications were rebuilt against version 0.10.60 of the the `openssl` crate (the Rust bindings for OpenSSL) to address two security advisories: – https://rustsec.org/advisories/RUSTSEC-2023-0044.html – https://rustsec.org/advisories/RUSTSEC-2023-0072.html
– Updated to latest upstream (120.0.1) —- – Fixed freezes on Google Maps —- – Updated to latest upstream (120.0)
update to 119.0.6045.199, upstream security release * High CVE-2023-6345: Integer overflow in Skia * High CVE-2023-6346: Use after free in WebAudio * High CVE-2023-6347: Use after free in Mojo * High CVE-2023-6348: Type Confusion in Spellcheck * High CVE-2023-6350: Out of bounds memory access in libavif * High CVE-2023-6351: Use after free in libavif
Update to 4.18.9 – Security fix for CVE-2018-14628
The 6.6.3 stable kernel update contains a number of important fixes across the tree.
Update to version 4.19.3 – Security fix for CVE-2018-14628
Fedora 37: golang-github-openprinting-ipp-usb 2023-ce2836acfa
Security fix for CVE-2022-41717
Fedora 39: java-17-openjdk 2023-b6612f3819
updated to OpenJDK 17.0.9 (2023-10-17)
x86/AMD: mismatch in IOMMU quarantine page table levels [XSA-445, CVE-2023-46835] x86: BTC/SRSO fixes not fully effective [XSA-446, CVE-2023-46836]
Backport fix for CVE-2023-2602 and CVE-2023-2603
Fedora 38: qbittorrent 2023-185f3e8ad7
– Update
update to 119.0.6045.199, upstream security release High CVE-2023-6345: Integer overflow in Skia High CVE-2023-6347: Use after free in Mojo High CVE-2023-6346: Use after free in WebAudio High CVE-2023-6350: Out of bounds memory access in libavif High CVE-2023-6351: Use after free in libavif High CVE-2023-6345: Integer overflow in Skia
Fedora 38: mingw-poppler 2023-4eff9e2cd6
Backport fix for CVE-2023-34872.
Fedora 37: python-geopandas 2023-8857bdcd95
Update to latest version; fix CVE-2023-47248
Backport fix for CVE-2023-2602 and CVE-2023-2603
Fedora 39: thunderbird 2023-985a025a03
Update to 115.5.0 * https://www.mozilla.org/en- US/security/advisories/mfsa2023-52/ * https://www.thunderbird.net/en- US/thunderbird/115.5.0/releasenotes/
Fedora 39: kubernetes 2023-fbdb7e13df
Resolves CVE-2023-5528: Insufficient input sanitization in in-tree storage plugin leads to privilege escalation on Windows nodes. Additional bug and regression fixes.
**MariaDB 10.5.23 & Galera 26.4.16** Release notes: https://mariadb.com/kb/en/mariadb-10-5-23-release-notes/
Includes security fixes to the path/filepath package, as well as bug fixes to the linker, the runtime, the compiler, and the go/types, net/http, and runtime/cgo packages. [See the whole changelog here](https://go.dev/doc/devel/release).
**MariaDB 10.5.23 & Galera 26.4.16** Release notes: https://mariadb.com/kb/en/mariadb-10-5-23-release-notes/
The newest upstream commit Security fixes for CVE-2023-48233, CVE-2023-48231, CVE-2023-48232, CVE-2023-48234, CVE-2023-48235, CVE-2023-48236, CVE-2023-48237.
Fedora 37: kubernetes 2023-6ad09ef90b
Resolves CVE-2023-5528: Insufficient input sanitization in in-tree storage plugin leads to privilege escalation on Windows nodes. Upstream change log at: https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG- 1.25.md#changelog-since-v12515