Update to WebKitGTK 2.46.6: Fix a crash when enabling Skia CPU rendering. Fix several crashes and rendering issues. Fix CVE-2024-54543, CVE-2025-24143, CVE-2025-24150, CVE-2025-24158, CVE-2025-24162
Comment
Archive for Fedora Linux Distribution – Security Advisories
2744 results.
Changes with nginx 1.26.3 05 Feb 2025 *) Security: insufficient check in virtual servers handling with TLSv1.3 SNI allowed to reuse SSL sessions in a different virtual server, to bypass client SSL certificates verification (CVE-2025-23419). *) Bugfix: in the ngx_http_mp4_module.
Changes with nginx 1.26.3 05 Feb 2025 *) Security: insufficient check in virtual servers handling with TLSv1.3 SNI allowed to reuse SSL sessions in a different virtual server, to bypass client SSL certificates verification (CVE-2025-23419). *) Bugfix: in the ngx_http_mp4_module.
Rebase to 3.2.4, fix CVE-2024-12797
Update to 3.13.2 Statically build the _datetime module into libpython. This fixes a segfault when importing it from Python 3.13.0 updated to 3.13.1+ while running.
Security fix for CVE-2025-0938
Security fix for CVE-2025-0938
January CPU 2025
Update to 133.0.6943.53 CVE-2025-0444: Use after free in Skia CVE-2025-0445: Use after free in V8 CVE-2025-0451: Inappropriate implementation in Extensions API
Update to 20240116.3 Fix potential integer overflow in hash container create/resize
Update to 1.17.3 Fixes CVE-2024-0134 or GHSA-7jm9-xpwx-v999 Fixes CVE-2024-0135 or GHSA-9v84-cc9j-pxr6, CVE-2024-0136 or GHSA- vcfp-63cx-4h59, and CVE-2024-0137 or GHSA-frhw-w3wm-6cw4
Add code to deal with sched_setattr() not being exported in glibc 2.41 Address CVE-2024-54159 denial of services via symlink attack
New ASPA support is now always compiled in and available if enable-aspa is set. The aspa Cargo feature has been removed. (#990) If merging mutliple ASPA objects for a single customer ASN results in more than 16,380 provider ASNs, the ASPA is dropped. (Note that ASPA objects with more
Security fix for CVE-2023-52892, CVE-2024-27354
update to 1.33.0
Updated to latest upstream (135.0)
Fix CVE-2025-0781
January CPU 2025
Fix CVE-2025-0781
Fix for CVE-2025-0781
Fix for CVE-2025-0781
This release contains a number of small improvements and bugfixes, including mitigations for the LOW severity vulnerability CVE-2025-24356. Bugfixes Add mitigations for fast-reconnect amplification attacks When receiving a data packet from an unknown IP address/port combination, fastd
Rebuilt against golang-x-net 0.33.0 for CVE-2024-45338
Rebuilt against golang-x-net 0.33.0 for CVE-2024-45338
Updated to 132.0.6834.159 * Medium CVE-2025-0762: Use after free in DevTools
Update to 4.9
Update to 4.9
Updated to 132.0.6834.159 * Medium CVE-2025-0762: Use after free in DevTools
update to 0.10.4
Rebase to 20.18.2 Resolves: CVE-2025-22150 CVE-2025-23085 CVE-2025-23083