– patchlevel 1872 —- The newest upstream commit Security fixes for CVE-2023-4733, CVE-2023-4752, CVE-2023-4750
Archive for Fedora Linux Distribution – Security Advisories
Release notes for xrdp v0.9.23 (2023/08/31) General announcements – Running xrdp and xrdp-sesman on separate hosts is still supported by this release, but is now deprecated. This is not secure. A future v1.0 release will replace the TCP socket used between these processes with a Unix Domain Socket, and then cross-host running will not be possible. Security fixes – CVE-2023-40184:
Security fix for CVE-2023-37464
New version 4.0.8. Includes fixes for CVE-2023-2906, CVE-2023-4511, CVE-2023-4512, CVE-2023-4513.
Security fix for CVE-2022-45061
Security fix for CVE-2022-45061
Fedora 37: wireshark 2023-920a3ab4ee
New version 4.0.8. Includes fixes for CVE-2023-2906, CVE-2023-4511, CVE-2023-4512, CVE-2023-4513.
Update to prevent invalid fragment values from leading to a buffer overrun
This release fixes a heap buffer overwrite in search_brace() (CVE-2023-40305) and a heap overread in lexi().
Fedora 37: php-phpmailer6 2023-f2be748f28
Minor security note * The DSN support added in 6.8.0 reflects the DSN back to the user in an error message if it is invalid. If a DSN uses user-supplied input (a very bad idea), it opens a distant possibility of XSS if the host app does not escape output. In an abundance of caution, malformed DSNs are no longer reflected in error messages. Changes * Don’t reflect malformed DSNs in
Update to prevent invalid fragment values from leading to a buffer overrun
Update to latest svn revision.
Fedora 38: mingw-freeimage 2023-a8b26b910d
Update to latest svn revision.
Update to latest version (#2228145) Security fix for CVE-2022-3064, CVE-2022-41717
Fedora 37: moby-engine 2023-cf3551046d
– Update moby-engine to 24.0.5 – Security fix for CVE-2021-41803 – Security fix for CVE-2023-28842 – Security fix for CVE-2023-28841 – Security fix for CVE-2023-28840 – Security fix for CVE-2023-0845 – Security fix for CVE-2023-26054 – Security fix for CVE-2022-3064 – Security fix for CVE-2022-40716 – Security fix for CVE-2023-25173 —- Update moby-engine to
The 6.4.13 stable kernel updates contain a number of important fixes across the tree.
The 6.4.13 stable kernel updates contain a number of important fixes across the tree.
https://lists.wikimedia.org/hyperkitty/list/mediawiki- [email protected]/thread/H46H5ZYZG2PYUQ5STK7NWKF7GXYW7H6B/
– New upstream version (117.0)
Fedora 38: rust-rustls-webpki 2023-7cb316a73b
Update to version 0.100.2. This includes a fix for RUSTSEC-2023-0053 (denial- of-service via crafted certificate chains).
– New upstream version (117.0)
Rebase to 0.5.2 to fix CVE-2023-22652 and CVE-2023-30079
2.0.17 Broker: * Fix `max_queued_messages 0` stopping clients from receiving messages * Fix `max_inflight_messages` not being set correctly. Apps: * Fix `mosquitto_passwd -U` backup file creation. 2.0.16 Security: * CVE-2023-28366: Fix memory leak in broker when clients send multiple QoS 2 messages with the same message ID, but then never respond to the PUBREC
Fedora 38: mingw-qt5-qtbase 2023-0e68827d36
Backport fix for CVE-2023-37369.
Fedora 37: mingw-qt5-qtbase 2023-fd45b50121
Backport fix for CVE-2023-37369.
– Update moby-engine to 24.0.5 – Security fix for CVE-2021-41803 – Security fix for CVE-2023-28842 – Security fix for CVE-2023-28841 – Security fix for CVE-2023-28840 – Security fix for CVE-2023-0845 – Security fix for CVE-2023-26054 – Security fix for CVE-2022-3064 – Security fix for CVE-2022-40716 – Security fix for CVE-2023-25173 —- Update moby-engine to
Rebase to qemu 7.2.5
This update takes caddy from 2.5.2 to 2.6.4. The primary purpose is to resolve CVE-2022-41721. This is a fairly significant upgrade with lots of new features and fixes, but after reviewing the upstream release notes I believe it should comply with the Fedora updates policy. The upgrade warnings in the release notes are described as either backwards compatible, marking a directive as deprecated
update to 116.0.5845.96. Fixes following security issues: CVE-2023-2312 CVE-2023-4349 CVE-2023-4350 CVE-2023-4351 CVE-2023-4352 CVE-2023-4353 CVE-2023-4354 CVE-2023-4355 CVE-2023-4356 CVE-2023-4357 CVE-2023-4358 CVE-2023-4359 CVE-2023-4360 CVE-2023-4361 CVE-2023-4362
update to xen-4.16.5 which includes x86/AMD: Speculative Return Stack Overflow [XSA-434, CVE-2023-20569] x86/Intel: Gather Data Sampling [XSA-435, CVE-2022-40982] remove patches now included upstream —- arm: Guests can trigger a deadlock on Cortex-A77 [XSA-436, CVE-2023-34320] (#2228238) —- bugfix for x86/AMD: Zenbleed [XSA-433, CVE-2023-20593] —- x86/AMD: Zenbleed