## 2023-06-20, Version 16.20.1 ‘Gallium’ (LTS), @RafaelGSS This is a security release. ### Notable Changes The following CVEs are fixed in this release: * [CVE-2023-30581](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30581): `mainModule.__proto__` Bypass Experimental Policy Mechanism (High) * [CVE-2023-30585](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30585):
Archive for Fedora Linux Distribution – Security Advisories
Security fix for CVE-2023-33204
**Redis 7.0.12** – Released Mon July 10 12:00:00 IDT 2023 Upgrade urgency SECURITY: See security fixes below. Security Fixes: * (**CVE-2022-24834**) A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson and cmsgpack libraries, and result in heap corruption and potentially remote code execution. The problem exists in all versions of
## 2023-06-20, Version 18.16.1 ‘Hydrogen’ (LTS), @RafaelGSS This is a security release. ### Notable Changes The following CVEs are fixed in this release: * [CVE-2023-30581](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30581): `mainModule.__proto__` Bypass Experimental Policy Mechanism (High) * [CVE-2023-30585](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30585):
**Redis 7.0.12** – Released Mon July 10 12:00:00 IDT 2023 Upgrade urgency SECURITY: See security fixes below. Security Fixes: * (**CVE-2022-24834**) A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson and cmsgpack libraries, and result in heap corruption and potentially remote code execution. The problem exists in all versions of
Fedora 37: java-1.8.0-openjdk 2023-cb5feb5602
feature complete repack of jdk8 portable
Fedora 38: java-1.8.0-openjdk 2023-cccfdd62d2
feature complete repack of jdk8 portable
rebase to bugfix release 10.01.2 (rhbz#2182090)
Update to 3.09, fixes CVE-2023-37378.
Update to 3.09, fixes CVE-2023-37378.
Update to 102.13.0 ; https://www.mozilla.org/en- US/security/advisories/mfsa2023-24/ ; https://www.thunderbird.net/en- US/thunderbird/102.13.0/releasenotes/
rebase to rizin 0.5.2 and cutter 2.2.1
The 6.3.12 stable kernel update contains a number of important fixes across the tree. —- The 6.3.11 stable kernel update contains a number of important fixes across the tree. —- The 6.3.10 stable kernel update contains a number of important fixes across the tree.
rebase to rizin 0.5.2 and cutter 2.2.1
Update to 2023.07.06. Mitigates CVE-2023-35934 / GHSA-v8mc-9377-rwjj. —- Update to 2023.06.22. Fixes rhbz#2216612. —- Update to 2023.06.21. Fixes rhbz#2216612.
Update to 2023.07.06. Mitigates CVE-2023-35934 / GHSA-v8mc-9377-rwjj
Security fix for CVE-2023-31484 CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS. CPAN 2.35 – Add verify_SSL=>1 to https::Tiny to verify https server identity
Security fix for CVE-2023-31484 CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS. CPAN 2.35 – Add verify_SSL=>1 to https::Tiny to verify https server identity
Update to version 1.2.1. This version includes a fix for CVE-2023-32570 (race condition that can lead to an application crash).
– New upstream update (115.0) – Built with PGO
Update to version 4.7.4 Security fix for CVE-2022-41854
The 6.3.11 stable kernel update contains a number of important fixes across the tree. —- The 6.3.10 stable kernel update contains a number of important fixes across the tree.
Fedora 37: python-reportlab 2023-3b82f4aa86
– Release 4.0.4
– New upstream update (115.0) – Built with PGO
Update to 114.0.5735.198. Fixes the following security issues: CVE-2023-3420 CVE-2023-3421 CVE-2023-3422 CVE-2023-36191
Update to 2.40.3: * Make memory pressure monitor honor memory.memsw.usage_in_bytes if exists. * Include key modifiers in wheel events. * Apply cookie blocking policy to WebSocket handshakes. * Fix several crashes and rendering issues. * Security fixes: CVE-2023-32439
Fedora 38: golang-github-schollz-croc 2023-ac4651c9b2
croc 9.6.4
Update to 114.0.5735.198. Fixes the following security issues: CVE-2023-3420 CVE-2023-3421 CVE-2023-3422 CVE-2023-36191
– Rebased to the latest upstream sources (see CHANGELOG.md) – Updated pcs-web-ui – Removed dependency fedora-logos – favicon is now correctly provided by pcs- web-ui – Resolves: rhbz#2109852 rhbz#2170648
Update to 2.40.3: * Make memory pressure monitor honor memory.memsw.usage_in_bytes if exists. * Include key modifiers in wheel events. * Apply cookie blocking policy to WebSocket handshakes. * Fix several crashes and rendering issues. * Security fixes: CVE-2023-32439