## 2023-10-13, Version 20.8.1 (Current), @RafaelGSS This is a security release. ### Notable Changes The following CVEs are fixed in this release: * [CVE-2023-44487](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44487): `nghttp2` Security Release (High) * [CVE-2023-45143](https://cve.mitre.org/cgi- bin/cvename.cgi?name=CVE-2023-45143): `undici` Security Release (High) *
Archive for Fedora Linux Distribution – Security Advisories
Update Folly stack to the latest 2023.10.16.00 tag proxygen: Security fix for CVE-2023-44487
Update Folly stack to the latest 2023.10.16.00 tag proxygen: Security fix for CVE-2023-44487
Update Folly stack to the latest 2023.10.16.00 tag proxygen: Security fix for CVE-2023-44487
Update Folly stack to the latest 2023.10.16.00 tag proxygen: Security fix for CVE-2023-44487
Security fix for CVE-2023-5535, CVE-2023-5441
Security fix for CVE-2023-5535, CVE-2023-5441
Fedora 37: ansible-core 2023-cdc7db366e
Update to 2.14.11. Mitigates CVE-2023-5115.
Update to 118.0.5993.70. Include following security fixes: – CVE-2023-5218: Use after free in Site Isolation. – CVE-2023-5487: Inappropriate implementation in Fullscreen. – CVE-2023-5484: Inappropriate implementation in Navigation. – CVE-2023-5475: Inappropriate implementation in DevTools. – CVE-2023-5483: Inappropriate implementation in Intents. – CVE-2023-5481:
Fedora 38: ansible-core 2023-e5d4a632a5
Update to 2.14.11. Mitigates CVE-2023-5115.
Fedora 37: trafficserver 2023-54fadada12
Update to upstream 9.2.3 Resolves CVE-2023-44487, CVE-2023-41752, CVE-2023-39456
Fedora 38: matrix-synapse 2023-c3c8cc5f8b
Update to v1.94.0 (CVE-2023-45129)
Fedora 38: trafficserver 2023-5ff7bf1dd8
Update to upstream 9.2.3 Resolves CVE-2023-44487, CVE-2023-41752, CVE-2023-39456
Latest updates
Latest updates
– Release 115.3.1
Fedora 38: python-configobj 2023-27b41bb133
Fixes an issue in configobj: CVE-2023-26112
– fix cookie injection with none file (CVE-2023-38546) – fix SOCKS5 heap buffer overflow (CVE-2023-38545)
Fedora 39: ghostscript 2023-c2665a9ff3
fix for CVE-2023-43115 (#2241112)
Fedora 38: python-django 2023-cc023fabb7
Security fix for CVE-2023-43665, CVE-2023-41164, and CVE-2023-36053
– fix HTTP/2 Rapid Reset (CVE-2023-44487)
Fedora 38: python-asgiref 2023-cc023fabb7
Security fix for CVE-2023-43665, CVE-2023-41164, and CVE-2023-36053
– Update to 2.28.5 – CVE-2023-43615 Release notes: https://github.com/Mbed- TLS/mbedtls/releases/tag/mbedtls-2.28.5 Security Advisory: https://mbed- tls.readthedocs.io/en/latest/security-advisories/mbedtls-security- advisory-2023-10-1/
Fedora 38: grafana-pcp 2023-00b3e9d551
Move location of plugin from /usr/share/… to /usr/libexec/… because there is a binary executable
Update cacti and cacti-spine to version 1.2.25. This includes the upstream fixes for many CVEs. https://github.com/Cacti/cacti/releases/tag/release%2F1.2.25
Update to version 4.18.8 – Security fixes for CVE-2023-3961, CVE-2023-4091, CVE-2023-4154, CVE-2023-42669 and CVE-2023-42670
This update backports the fix for a serious security issue that could cause arbitrary code execution, tracked as CVE-2023-43641. See [this write-up by Kevin Backhouse](https://github.blog/2023-10-09-coordinated-disclosure-1-click-rce-on- gnome-cve-2023-43641/) for details. Thanks to Kevin for discovering the issue and writing the fix.
Fedora 37: oneVPL-intel-gpu 2023-760e5eb2c6
Update oneVPL and oneVPL-intel-gpu to latest releases. Fixes CVE-2023-22338 and CVE-2023-22840. No ABI changes.
Fedora 38: tracker-miners 2023-e8f45c67f5
Seccomp jail improvements (CVE-2023-43641)
Update oneVPL and oneVPL-intel-gpu to latest releases. Fixes CVE-2023-22338 and CVE-2023-22840. No ABI changes.