## 2023-06-20, Version 18.16.1 ‘Hydrogen’ (LTS), @RafaelGSS This is a security release. ### Notable Changes The following CVEs are fixed in this release: * [CVE-2023-30581](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30581): `mainModule.__proto__` Bypass Experimental Policy Mechanism (High) * [CVE-2023-30585](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30585):
Archive for Fedora Linux Distribution – Security Advisories
**Redis 7.0.12** – Released Mon July 10 12:00:00 IDT 2023 Upgrade urgency SECURITY: See security fixes below. Security Fixes: * (**CVE-2022-24834**) A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson and cmsgpack libraries, and result in heap corruption and potentially remote code execution. The problem exists in all versions of
feature complete repack of jdk8 portable
feature complete repack of jdk8 portable
rebase to bugfix release 10.01.2 (rhbz#2182090)
Update to 3.09, fixes CVE-2023-37378.
Update to 3.09, fixes CVE-2023-37378.
Update to 102.13.0 ; https://www.mozilla.org/en- US/security/advisories/mfsa2023-24/ ; https://www.thunderbird.net/en- US/thunderbird/102.13.0/releasenotes/
rebase to rizin 0.5.2 and cutter 2.2.1
The 6.3.12 stable kernel update contains a number of important fixes across the tree. —- The 6.3.11 stable kernel update contains a number of important fixes across the tree. —- The 6.3.10 stable kernel update contains a number of important fixes across the tree.
rebase to rizin 0.5.2 and cutter 2.2.1
Update to 2023.07.06. Mitigates CVE-2023-35934 / GHSA-v8mc-9377-rwjj. —- Update to 2023.06.22. Fixes rhbz#2216612. —- Update to 2023.06.21. Fixes rhbz#2216612.
Update to 2023.07.06. Mitigates CVE-2023-35934 / GHSA-v8mc-9377-rwjj
Security fix for CVE-2023-31484 CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS. CPAN 2.35 – Add verify_SSL=>1 to https::Tiny to verify https server identity
Security fix for CVE-2023-31484 CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS. CPAN 2.35 – Add verify_SSL=>1 to https::Tiny to verify https server identity
Update to version 1.2.1. This version includes a fix for CVE-2023-32570 (race condition that can lead to an application crash).
– New upstream update (115.0) – Built with PGO
Update to version 4.7.4 Security fix for CVE-2022-41854
The 6.3.11 stable kernel update contains a number of important fixes across the tree. —- The 6.3.10 stable kernel update contains a number of important fixes across the tree.
– Release 4.0.4
– New upstream update (115.0) – Built with PGO
Update to 114.0.5735.198. Fixes the following security issues: CVE-2023-3420 CVE-2023-3421 CVE-2023-3422 CVE-2023-36191
Update to 2.40.3: * Make memory pressure monitor honor memory.memsw.usage_in_bytes if exists. * Include key modifiers in wheel events. * Apply cookie blocking policy to WebSocket handshakes. * Fix several crashes and rendering issues. * Security fixes: CVE-2023-32439
croc 9.6.4
Update to 114.0.5735.198. Fixes the following security issues: CVE-2023-3420 CVE-2023-3421 CVE-2023-3422 CVE-2023-36191
– Rebased to the latest upstream sources (see CHANGELOG.md) – Updated pcs-web-ui – Removed dependency fedora-logos – favicon is now correctly provided by pcs- web-ui – Resolves: rhbz#2109852 rhbz#2170648
Update to 2.40.3: * Make memory pressure monitor honor memory.memsw.usage_in_bytes if exists. * Include key modifiers in wheel events. * Apply cookie blocking policy to WebSocket handshakes. * Fix several crashes and rendering issues. * Security fixes: CVE-2023-32439
– Rebased to the latest upstream sources (see CHANGELOG.md) – Updated pcs-web-ui – Removed dependency fedora-logos – favicon is now correctly provided by pcs- web-ui – Resolves: rhbz#2109852 rhbz#2170648
Patch update to Kubernetes 1.25 for Fedora 37. Primarily a security fix for CVE-2023-2431: Bypass of seccomp profile enforcement.
This is a security release, additionally fixing a number of important bugs.