This update is intended to fix all the issues with broken launchers and KDE crashes that were caused by changes to the .desktop files in recent Firefox updates. Please report any remaining issues. —- This update provides the latest release of Firefox, with an important security fix. We highly recommend you install this update immediately and restart all Firefox instances.
Archive for Fedora Linux Distribution – Security Advisories
The 6.5.6 stable kernel update contains a number of important fixes across the tree.
This release adds the following features: * Add a launchd agent for macOS * Add a new security attribute for BIOS capsule updates to be enabled * Add functionality to fix specific host security attributes * Add global information from the context into the report data * Add support for coSWID payload sections * Add support for parsing the EDID * Allow adding only-quirk instance IDs from
Patch CVE-2023-42118, plus some other fixes.
patchlevel 1984
Fedora 38: mingw-freeimage 2023-604a7d56b0
Downstream fixes for CVE-2021-40266 CVE-2020-24292 CVE-2020-24293 CVE-2020-24295 CVE-2021-40263
Rebase / Update to 115.3.1 ; https://www.thunderbird.net/en- US/thunderbird/115.0/whatsnew/ ; https://support.mozilla.org/en- US/kb/thunderbird-115-supernova-faq ; https://www.thunderbird.net/en- US/thunderbird/115.2.3/releasenotes/ ; https://www.thunderbird.net/en- US/thunderbird/115.3.0/releasenotes/ ; https://www.thunderbird.net/en-
Downstream fixes for CVE-2021-40266 CVE-2020-24292 CVE-2020-24293 CVE-2020-24295 CVE-2021-40263
Fedora 38: libpano13 2023-90ed807e04
Upstream release
Fedora 37: open-vm-tools 2023-9b1a1023ac
Package new upstream version of open-vm-tools-12.3.0-22234872. Security fix for CVE-2023-20900, CVE-2023-20867
Fedora 37: libpano13 2023-f5a6136ac8
Upstream release
Fedora 39: golang-github-xhit-str2duration 2023-cf176d02d8
Security fix for CVE-2022-46146, update to v0.10.0
Fedora 39: golang-gopkg-alecthomas-kingpin-2 2023-cf176d02d8
Security fix for CVE-2022-46146, update to v0.10.0
Add patch for CVE-2023.39742.
Fedora 37: libtommath 2023-f5680e3b4b
Security fix for CVE-2023-36328
Fedora 37: matrix-synapse 2023-c0696d7b53
Update matrix-synapse to v1.80.0 to fix CVE-2022-39374, CVE-2023-32323
Fedora 37: rust-pythonize 2023-c0696d7b53
Update matrix-synapse to v1.80.0 to fix CVE-2022-39374, CVE-2023-32323
Fedora 37: python-matrix-common 2023-c0696d7b53
Update matrix-synapse to v1.80.0 to fix CVE-2022-39374, CVE-2023-32323
update to 117.0.5938.62. Fixes following security issues: CVE-2023-4900 CVE-2023-4901 CVE-2023-4902 CVE-2023-4903 CVE-2023-4904 CVE-2023-4905 CVE-2023-4906 CVE-2023-4907 CVE-2023-4908 CVE-2023-4909 —- update to 116.0.5845.187. Fixes following security issue: CVE-2023-4863 —- update to 116.0.5845.179. Fixes following security issues: CVE-2023-4427 CVE-2023-4428
This update provides Firefox 117.0.1, with a significant security fix (for [CVE-2023-4863](https://access.redhat.com/security/cve/CVE-2023-4863)) and various bug fixes.
**Redis 7.0.13** Released Wed 06 Sep 2023 15:00:00 IDT Upgrade urgency SECURITY: See security fixes below. Security Fixes * (**CVE-2023-41053**) Redis does not correctly identify keys accessed by SORT_RO and as a result may grant users executing this command access to keys that are not explicitly authorized by the ACL configuration. Bug Fixes * Cluster: fix a race condition
Backport fix for CVE-2023-4863.
Security fix for CVE-2020-22219
– Updated to latest upstream (117.0.1)
Backport fix for CVE-2023-4863.
Fedora 38: open-vm-tools 2023-df375d0634
Package new upstream version of open-vm-tools-12.3.0-22234872. Security fix for CVE-2023-20900, CVE-2023-20867
Fixes for CVE-2023-20897 and CVE-2023-20898
Rebase to 0.5.2 to fix CVE-2023-22652 and CVE-2023-30079
Release notes for xrdp v0.9.23 (2023/08/31) General announcements – Running xrdp and xrdp-sesman on separate hosts is still supported by this release, but is now deprecated. This is not secure. A future v1.0 release will replace the TCP socket used between these processes with a Unix Domain Socket, and then cross-host running will not be possible. Security fixes – CVE-2023-40184:
Security fix for CVE-2023-37464