Update matrix-synapse to v1.80.0 to fix CVE-2022-39374, CVE-2023-32323
Comment
Archive for Fedora Linux Distribution – Security Advisories
2746 results.
Update matrix-synapse to v1.80.0 to fix CVE-2022-39374, CVE-2023-32323
Update matrix-synapse to v1.80.0 to fix CVE-2022-39374, CVE-2023-32323
update to 117.0.5938.62. Fixes following security issues: CVE-2023-4900 CVE-2023-4901 CVE-2023-4902 CVE-2023-4903 CVE-2023-4904 CVE-2023-4905 CVE-2023-4906 CVE-2023-4907 CVE-2023-4908 CVE-2023-4909 —- update to 116.0.5845.187. Fixes following security issue: CVE-2023-4863 —- update to 116.0.5845.179. Fixes following security issues: CVE-2023-4427 CVE-2023-4428
This update provides Firefox 117.0.1, with a significant security fix (for [CVE-2023-4863](https://access.redhat.com/security/cve/CVE-2023-4863)) and various bug fixes.
**Redis 7.0.13** Released Wed 06 Sep 2023 15:00:00 IDT Upgrade urgency SECURITY: See security fixes below. Security Fixes * (**CVE-2023-41053**) Redis does not correctly identify keys accessed by SORT_RO and as a result may grant users executing this command access to keys that are not explicitly authorized by the ACL configuration. Bug Fixes * Cluster: fix a race condition
Backport fix for CVE-2023-4863.
Security fix for CVE-2020-22219
– Updated to latest upstream (117.0.1)
Backport fix for CVE-2023-4863.
Package new upstream version of open-vm-tools-12.3.0-22234872. Security fix for CVE-2023-20900, CVE-2023-20867
Fixes for CVE-2023-20897 and CVE-2023-20898
Rebase to 0.5.2 to fix CVE-2023-22652 and CVE-2023-30079
Release notes for xrdp v0.9.23 (2023/08/31) General announcements – Running xrdp and xrdp-sesman on separate hosts is still supported by this release, but is now deprecated. This is not secure. A future v1.0 release will replace the TCP socket used between these processes with a Unix Domain Socket, and then cross-host running will not be possible. Security fixes – CVE-2023-40184:
Security fix for CVE-2023-37464
– patchlevel 1872 —- The newest upstream commit Security fixes for CVE-2023-4733, CVE-2023-4752, CVE-2023-4750
Release notes for xrdp v0.9.23 (2023/08/31) General announcements – Running xrdp and xrdp-sesman on separate hosts is still supported by this release, but is now deprecated. This is not secure. A future v1.0 release will replace the TCP socket used between these processes with a Unix Domain Socket, and then cross-host running will not be possible. Security fixes – CVE-2023-40184:
Security fix for CVE-2023-37464
New version 4.0.8. Includes fixes for CVE-2023-2906, CVE-2023-4511, CVE-2023-4512, CVE-2023-4513.
Security fix for CVE-2022-45061
Security fix for CVE-2022-45061
New version 4.0.8. Includes fixes for CVE-2023-2906, CVE-2023-4511, CVE-2023-4512, CVE-2023-4513.
Update to prevent invalid fragment values from leading to a buffer overrun
This release fixes a heap buffer overwrite in search_brace() (CVE-2023-40305) and a heap overread in lexi().
Minor security note * The DSN support added in 6.8.0 reflects the DSN back to the user in an error message if it is invalid. If a DSN uses user-supplied input (a very bad idea), it opens a distant possibility of XSS if the host app does not escape output. In an abundance of caution, malformed DSNs are no longer reflected in error messages. Changes * Don’t reflect malformed DSNs in
Update to prevent invalid fragment values from leading to a buffer overrun
Update to latest svn revision.
Update to latest svn revision.
Update to latest version (#2228145) Security fix for CVE-2022-3064, CVE-2022-41717
– Update moby-engine to 24.0.5 – Security fix for CVE-2021-41803 – Security fix for CVE-2023-28842 – Security fix for CVE-2023-28841 – Security fix for CVE-2023-28840 – Security fix for CVE-2023-0845 – Security fix for CVE-2023-26054 – Security fix for CVE-2022-3064 – Security fix for CVE-2022-40716 – Security fix for CVE-2023-25173 —- Update moby-engine to