Update to 2.53.16 Langpacks are now provided in the modern form of web extensions. This may take a bit longer at startup if all languages are enabled at the same time. To avoid this, just disable unneeded languages by Add-ons Manager. (Note, langpacks are related to the language of the application menus etc., and are not related to the Web content at all).
Archive for Fedora Linux Distribution – Security Advisories
– fix SSH connection too eager reuse still (CVE-2023-27538) – fix GSS delegation too eager connection re-use (CVE-2023-27536) – fix FTP too eager connection reuse (CVE-2023-27535) – fix SFTP path ~ resolving discrepancy (CVE-2023-27534) – fix TELNET option IAC injection (CVE-2023-27533)
The 6.2.9 stable kernel update contains a number of important fixes across the tree.
Fix several low severity security bugs.
go1.19.7 (released 2023-03-07) includes a security fix to the crypto/elliptic package, as well as bug fixes to the linker, the runtime, and the crypto/x509 and syscall packages. See the [Go 1.19.7 milestone on the upstream issue tracker](https://go.dev/doc/devel/release#go1.19.7) for details.
3 security issues (#2180425) x86 shadow plus log-dirty mode use-after-free [XSA-427, CVE-2022-42332] x86/HVM pinned cache attributes mis-handling [XSA-428, CVE-2022-42333, CVE-2022-42334] x86: speculative vulnerability in 32bit SYSCALL path [XSA-429, CVE-2022-42331]
Resolves: 2183639,2183641 – use min conmon v2.1.7 —- Adjust tests for new Ansible —- auto bump to v4.4.3
Fedora 37: rubygem-activestorage 2023-7002afbbb8
Update to Ruby on Rails 7.0.4.3. https://rubyonrails.org/2023/3/13/Rails-7-0-4-3-and-6-1-7-3-have-been-released
Update to Ruby on Rails 7.0.4.3. https://rubyonrails.org/2023/3/13/Rails-7-0-4-3-and-6-1-7-3-have-been-released
The 6.2.9 stable kernel update contains a number of important fixes across the tree.
# OpenBGPD 7.9 * Include OpenBSD 7.2 errata 023: Incorrect length checks allow an out-of-bounds read in `bgpd(8)`.
Update to 2.53.16 Langpacks are now provided in the modern form of web extensions. This may take a bit longer at startup if all languages are enabled at the same time. To avoid this, just disable unneeded languages by Add-ons Manager. (Note, langpacks are related to the language of the application menus etc., and are not related to the Web content at all).
Fixes CVE-2023-1393: X.Org Server Overlay Window Use-After-Free Local Privilege Escalation Vulnerability
Update to ldb 2.7.2 and samba 4.18.1 Security fixes for CVE-2023-0225, CVE-2023-0922, CVE-2023-0614
Update to ldb 2.6.2 and samba 4.17.7 Security fixes for CVE-2023-0225, CVE-2023-0922, CVE-2023-0614
Update to ldb 2.6.2 and samba 4.17.7 Security fixes for CVE-2023-0225, CVE-2023-0922, CVE-2023-0614
Fedora 37: xorg-x11-server-Xwayland 2023-eb3c27ff25
xwayland 22.1.9 Security fix for CVE-2023-1393
Update to 102.9.1 ; https://www.mozilla.org/en- US/security/advisories/mfsa2023-12/ ; https://www.thunderbird.net/en- US/thunderbird/102.9.1/releasenotes/
Fedora 37: xorg-x11-server 2023-7d7c74b868
Fix for CVE-2023-1393
Fedora 37: mingw-python-certifi 2023-ed525aa807
Update to 2022.12.7, fixes CVE-2022-23491.
Apply fix for CVE-2022-37603.
Fedora 37: mingw-python3 2023-406c1c6ed7
Backport fix for CVE-2023-24329.
Patches for CVE-2023-28371
Patches for CVE-2023-28371
qga/win32: Fix local privilege escalation issue (CVE-2023-0664) (rhbz#2175700)
Fedora 38: rubygem-rmagick 2023-f992309b7e
– Fix missing epoch in ImageMagick-heic requires (#2181176) – Update ImageMagick to 7.1.1.4 (#2176749) – Add support to libheif and add html docs – Rebuild rubygem-rmagick
– fix SSH connection too eager reuse still (CVE-2023-27538) – fix HSTS double- free (CVE-2023-27537) – fix GSS delegation too eager connection re-use (CVE-2023-27536) – fix FTP too eager connection reuse (CVE-2023-27535) – fix SFTP path ~ resolving discrepancy (CVE-2023-27534) – fix TELNET option IAC injection (CVE-2023-27533)
update to 111.0.5563.110. Fixes the following security issues: CVE-2023-1528 CVE-2023-1529 CVE-2023-1530 CVE-2023-1531 CVE-2023-1532 CVE-2023-1533 CVE-2023-1534
3 security issues (#2180425) x86 shadow plus log-dirty mode use-after-free [XSA-427, CVE-2022-42332] x86/HVM pinned cache attributes mis-handling [XSA-428, CVE-2022-42333, CVE-2022-42334] x86: speculative vulnerability in 32bit SYSCALL path [XSA-429, CVE-2022-42331]
3 security issues (#2180425) x86 shadow plus log-dirty mode use-after-free [XSA-427, CVE-2022-42332] x86/HVM pinned cache attributes mis-handling [XSA-428, CVE-2022-42333, CVE-2022-42334] x86: speculative vulnerability in 32bit SYSCALL path [XSA-429, CVE-2022-42331]