x86: Cross-Thread Return Address Predictions [XSA-426, CVE-2022-27672]
Archive for Fedora Linux Distribution – Security Advisories
– fix HTTP multi-header compression denial of service (CVE-2023-23916) – share HSTS between handles (CVE-2023-23915 CVE-2023-23914)
Fedora 37: thunderbird 2023-50429a3169
Update to 102.8.0 ; https://www.mozilla.org/en- US/security/advisories/mfsa2023-07/ ; https://www.thunderbird.net/en- US/thunderbird/102.8.0/releasenotes/
ClamAV 0.103.8 is a critical patch release with the following fixes: * CVE-2023-20032
2169641 – Syntax highlight for sh files broken —- The newest upstream commit Security fixes for CVE-2022-47024, CVE-2023-0433
* Fix large memory allocation when uploading content. * Fix scrolling after a history navigation with PSON enabled. * Always update the active uri of WebKitFrame. * Fix several crashes and rendering issues. * Security fixes: CVE-2023-23529
Fedora 37: phpMyAdmin 2023-179053442b
**phpMyAdmin 5.2.1** This is a bugfix release that also contains a security fix for an XSS vulnerability in the drag-and-drop upload functionality (**PMASA-2023-01**). Changelog: – issue #17522 Fix case where the routes cache file is invalid – issue #17506 Fix error when configuring 2FA without XMLWriter or Imagick – issue Fix blank page when some error occurs – issue #17519
– New upstream release (110.0)
Update to 2.39.2 (CVE-2023-22490, CVE-2023-23946) Refer to the [upstream release notes](https://github.com/git/git/raw/v2.39.2/Documentation/RelNotes/2.30.8.txt) and the security advisories ([CVE-2023-22490](https://github.com/git/git/security/advisories/GHSA-
– New upstream release (110.0)
Security fix for CVE-2022-38725
Security fix for CVE-2022-38725
Update to 110.0.5481.77. Fixes the following security issues: CVE-2023-0696 CVE-2023-0697 CVE-2023-0698 CVE-2023-0699 CVE-2023-0700 CVE-2023-0701 CVE-2023-0702 CVE-2023-0703 CVE-2023-0704 CVE-2023-0705 CVE-2023-25193
Fedora 37: qt6-qtbase 2023-f2965f082c
Fix a possible DOS involving the Qt SQL ODBC driver plugin.
The newest upstream commit Security fixes for CVE-2023-0433, CVE-2022-47024
Fedora 37: qt5-qtbase 2023-f2965f082c
Fix a possible DOS involving the Qt SQL ODBC driver plugin.
Fedora 37: xorg-x11-server-Xwayland 2023-83b2d37c6a
xwayland 22.1.8 – Security fix for CVE-2023-0494
New version 4.0.3.
Fedora 36: php-symfony4 2023-aecde14648
**Version 4.4.50** (2023-02-01) * **security cve-2022-24895** [Security/Http] Remove CSRF tokens from storage on successful login (nicolas-grekas) * **security cve-2022-24894** [HttpKernel] Remove private headers before storing responses with HttpCache (nicolas-grekas)
Rebase to upstream version 3.0.8 Resolves: CVE-2022-4203 Resolves: CVE-2022-4304 Resolves: CVE-2022-4450 Resolves: CVE-2023-0215 Resolves: CVE-2023-0216 Resolves: CVE-2023-0217 Resolves: CVE-2023-0286 Resolves: CVE-2023-0401
Add upstream fix for CVE-2022-47021
Add upstream fix for CVE-2022-47021
* Improve GStreamer multimedia playback across the board with improved codec selection logic, better handling of latency, and improving frame discard to avoid audio/video desynchronization, among other fixes. * Disable HLS media playback by default, which makes web sites use MSE instead. If needed WEBKIT_GST_ENABLE_HLS_SUPPORT=1 can be set in the environment to enable it back.
– Fix CVE-2022-3560 – This is a privilege escalation in the pesign-authorize script, which is now deprecated. There is no impact unless you are using pesign as a daemon in a signing server.
Rebase to sudo 1.9.12p2 – security fix for CVE-2023-22809
Security fix for CVE-2022-4510
Fedora 36: java-11-openjdk 2023-327768681a
# New in release [OpenJDK 11.0.18](https://bit.ly/openjdk11018) (2023-01-17) ## CVEs Fixed – CVE-2023-21835 – CVE-2023-21843 ## Security Fixes – JDK-8286070: Improve UTF8 representation – JDK-8286496: Improve Thread labels – JDK-8287411: Enhance DTLS performance – JDK-8288516: Enhance font creation – JDK-8289350: Better media supports – JDK-8293554: Enhanced DH Key Exchanges
Security fix for CVE-2022-4510
Fedora 36: java-1.8.0-openjdk 2023-e098cdb4a1
# New in release [OpenJDK 8u362](https://bit.ly/openjdk8u362) (2023-01-17) ## CVEs Fixed – CVE-2023-21830 – CVE-2023-21843 ## Security Fixes – JDK-8285021: Improve CORBA communication – JDK-8286496: Improve Thread labels – JDK-8288516: Enhance font creation – JDK-8289350: Better media supports – JDK-8293554: Enhanced DH Key Exchanges – JDK-8293598: Enhance InetAddress
Fedora 36: java-latest-openjdk 2023-43bce108c7
# New in release OpenJDK 19.0.2 (2023-01-17) ## CVEs Fixed * CVE-2023-21835 * CVE-2023-21843 ## Security Fixes – JDK-8286070: Improve UTF8 representation – JDK-8286496: Improve Thread labels – JDK-8287411: Enhance DTLS performance – JDK-8288516: Enhance font creation – JDK-8293554: Enhanced DH Key Exchanges – JDK-8293598: Enhance InetAddress address handling – JDK-8293717: Objective