– update to 1.26.2 – fix security security advisory
Comment
Archive for Fedora Linux Distribution – Security Advisories
2746 results.
This is the January 2024 update for .NET 8. Release Notes: https://github.com/dotnet/core/blob/main/release-notes/8.0/8.0.1/8.0.1.md
– Updated to new upstream (122.0)
This is the January 2024 update for .NET 7. Release Notes: https://github.com/dotnet/core/blob/main/release-notes/7.0/7.0.15/7.0.15.md
Mitigate CVE-2024-0690
Backport fix for CVE-2023-51257.
Security fix for CVE-2023-39325
update to 120.0.6099.224 – High CVE-2024-0517: Out of bounds write in V8 – High CVE-2024-0518: Type Confusion in V8 – High CVE-2024-0519: Out of bounds memory access in V8
Cumulative bug-fix update. This update includes fixes for multiple security issues found by Talos in which specially crafted input files could lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.
update to v0.14.0, address CVE-2023-39325
Update to 6.0.25
Update to 6.0.25
Update to 1.4.16. Fixes CVE-2023-6277 (in bundled libtiff).
Backport fix for CVE-2023-49438.
Update to 1.4.16. Fixes CVE-2023-6277 (in bundled libtiff).
update to 120.0.6099.216 – High CVE-2024-0333: Insufficient data validation in Extensions
Forbid shell metasymbols in username/hostname Resolve Terrapin attack Apply destination constraints to all PKCS#11 keys
Bugfix release. Includes security fixes for CVE-2021-42260 and CVE-2023-34194 and a fix for incorrect text element encoding (upstream isssue #51).
CVE fix for: CVE-2023-6377, CVE-2023-6478
CVE fix for: CVE-2023-6377, CVE-2023-6478
Terrapin fix
Fix regression in IPv6 hosntames parsing —- New upstream release fixing (CVE-2023-48795, CVE-2023-6004, CVE-2023-6918)
Automatic update for podman-4.8.3-1.fc39. ##### **Changelog for podman** “` * Wed Jan 03 2024 Packit
Fix for CVE-2023-7101 (unvalidated input can lead to arbitrary code execution vulnerability).
Security fix for CVE-2023-49081, CVE-2023-49082. Update `python-aiohttp` to 3.9.1. Patch `python-pysqeezebox` and `python-wled` so they do not have an implicit dependency on `python-async-timeout` via `python-aiohttp`. https://github.com/aio-libs/aiohttp/releases/tag/v3.9.0 https://github.com/aio- libs/aiohttp/releases/tag/v3.9.1
Bugfix release. Includes security fixes for CVE-2021-42260 and CVE-2023-34194 and a fix for incorrect text element encoding (upstream isssue #51).
Security fix for CVE-2023-49081, CVE-2023-49082. Update `python-aiohttp` to 3.9.1. Patch `python-pysqeezebox` and `python-wled` so they do not have an implicit dependency on `python-async-timeout` via `python-aiohttp`. https://github.com/aio-libs/aiohttp/releases/tag/v3.9.0 https://github.com/aio- libs/aiohttp/releases/tag/v3.9.1
update to 120.0.6099.199 – CVE-2023-6879 aom: heap-buffer-overflow on frame size change – CVE-2023-7104 sqlite: heap-buffer-overflow at sessionfuzz – CVE-2024-0222: Use after free in ANGLE – CVE-2024-0223: Heap buffer overflow in ANGLE – CVE-2024-0224: Use after free in WebAudio – CVE-2024-0225: Use after free in WebGPU
update to 120.0.6099.199 – CVE-2023-6879 aom: heap-buffer-overflow on frame size change – CVE-2023-7104 sqlite: heap-buffer-overflow at sessionfuzz – CVE-2024-0222: Use after free in ANGLE – CVE-2024-0223: Heap buffer overflow in ANGLE – CVE-2024-0224: Use after free in WebAudio – CVE-2024-0225: Use after free in WebGPU
– Update to 22.05.11 – Closes CVE-2023-49933 through CVE-2023-49938