Update to 1.15.8 Fix CVE-2024-32462
Comment
Archive for Fedora Linux Distribution – Security Advisories
2746 results.
Fix for CVE-2024-31497
Updates Fedora 30 to Kubernetes 1.27.13. Resolves CVE-2024-3177: Bypassing mountable secrets policy imposed by the ServiceAccount admission plugin. In addition, a few bug and regression fixes.
Update to 115.10.1 https://www.thunderbird.net/en-US/thunderbird/115.10.1/releasenotes/ Fix https://bugzilla.redhat.com/show_bug.cgi?id=2276078 Including security update to 115.10.0 https://www.mozilla.org/en-US/security/advisories/mfsa2024-20/
CVE fix for CVE-2024-31080, CVE-2024-31081, CVE-2024-31083, and a fix for a regression introduced with the fix for CVE-2024-31083
Update to 20240116.2: fixes possible out-of-bounds string access as described in https://github.com/abseil/abseil-cpp/pull/1650.
Update to idna-3.7.
Security fix for CVE-2023-4692 Security fix for CVE-2023-4693 Fri Apr 12 2024 Nicolas Frayer [email protected] – 2.06-121 fs/xfs: Handle non-continuous data blocks in directory extents Related: #2254370
Update to latest upstream version 1.7.17 (closes rhbz#2255953)
update to 124.0.6367.60 High CVE-2024-3832: Object corruption in V8 High CVE-2024-3833: Object corruption in WebAssembly High CVE-2024-3914: Use after free in V8 High CVE-2024-3834: Use after free in Downloads
update to 124.0.6367.60 High CVE-2024-3832: Object corruption in V8 High CVE-2024-3833: Object corruption in WebAssembly High CVE-2024-3914: Use after free in V8 High CVE-2024-3834: Use after free in Downloads
New upstream release (125.0)
Update llhttp to 9.2.1, fixing CVE-2024-27982. Additionally, llhttp 9.2.0 contained a number of bug fixes. Backport llhttp 9.2.1 support to python-aiohttp 3.9.3.
Update llhttp to 9.2.1, fixing CVE-2024-27982. Additionally, llhttp 9.2.0 contained a number of bug fixes. Backport llhttp 9.2.1 support to python-aiohttp 3.9.3.
New upstream release (125.0) New upstream release (124.0.2)
This update includes httpd version 2.4.59, fixing various security issues and bugs. See https://downloads.apache.org/httpd/CHANGES_2.4.59 for complete details of the changes in this release.
sosreport: Fix command injection with crafted report names [CVE-2024-2947]
Fix for CVE-2024-31497
New upstream release (125.0)
The 6.8.6 stable kernel update contains a number of important fixes across the tree.
1.28.1 fixes a significant bug in 1.28.0. Update to 1.28.0. Also fixes CVE-2024-25629.
1.28.1 fixes a significant bug in 1.28.0. Update to 1.28.0. Also fixes CVE-2024-25629.
update to 123.0.6312.122 * High CVE-2024-3157: Out of bounds write in Compositing * High CVE-2024-3516: Heap buffer overflow in ANGLE * High CVE-2024-3515: Use after free in Dawn
The 6.8.5 stable kernel update contains a number of important fixes across the tree.
update to 123.0.6312.122 * High CVE-2024-3157: Out of bounds write in Compositing * High CVE-2024-3516: Heap buffer overflow in ANGLE * High CVE-2024-3515: Use after free in Dawn
Bring all current releases from either version 0.7.3 or 0.6.12 to version 0.7.6 for more bug-fixes and also as to resolve potential security issues: https://lib.openmpt.org/libopenmpt/news/
Security fix for CVE-2024-24576 (Windows command injection)
Update to upstream 9.2.4, resolves CVE-2024-31309 (CONTINUATION frames DoS)
Update to upstream 9.2.4, resolves CVE-2024-31309 (CONTINUATION frames DoS)