Update to 109.0.5414.119. Fixes the following security issues: CVE-2023-0471 CVE-2023-0472 CVE-2023-0473 CVE-2023-0474
Posts Tagged Fedora Linux Distribution – Security Advisories
Fix CVE-2022-47021
Rebuild for CVE-2022-41717 in golang.
new upstream version
Rebuild for CVE-2022-41717 in golang.
Update to 2.53.15
Update to 2.53.15
# New in release [OpenJDK 17.0.6](https://bit.ly/openjdk1706) (2023-01-17) ## CVEs Fixed – CVE-2023-21835 – CVE-2023-21843 ## Security Fixes – JDK-8286070: Improve UTF8 representation – JDK-8286496: Improve Thread labels – JDK-8287411: Enhance DTLS performance – JDK-8288516: Enhance font creation – JDK-8289350: Better media supports – JDK-8293554: Enhanced DH Key Exchanges
This update contains rebuilds of all Rust applications against versions of the libgit2-sys crate that ship fixes for CVE-2022-24765 and CVE-2022-29187 in the bundled copies of libgit2. —- Updates `pore` to 0.1.8 – Speed up `update_remote_refs` – Fall back to `/etc/pore.toml` if it exists.
Update to 1.3.2 (CVE-2022-29187, CVE-2022-24765)
* CVE-2022-47318
Update to version 0.13.5 (includes bundled libgit2 v1.4.5 with the latest security fixes).
Update bundled libgit2 to version 1.3.2 for the latest security fixes. Neither the 0.12 branch libgit2-sys nor the 1.3 branch of libgit2 branch are still supported upstream, so this is the best we can do until packages are ported to newer versions of the libgit2-sys crate.
Update to version 0.13.5 (includes bundled libgit2 v1.4.5 with the latest security fixes).
Update bundled libgit2 to version 1.3.2 for the latest security fixes. Neither the 0.12 branch libgit2-sys nor the 1.3 branch of libgit2 branch are still supported upstream, so this is the best we can do until packages are ported to newer versions of the libgit2-sys crate.
Update to 1.3.2 (CVE-2022-29187, CVE-2022-24765)
https://www.mediawiki.org/wiki/Release_notes/1.38 https://lists.wikimedia.org/hyperkitty/list/mediawiki- [email protected]/message/UEMW64LVEH3BEXCJV43CVS6XPYURKWU3/
**Redis 7.0.8** Released Mon Jan 16 12:00:00 IDT 2023 Security Fixes: * (**CVE-2022-35977**) Integer overflow in the Redis SETRANGE and SORT/SORT_RO commands can drive Redis to OOM panic * (**CVE-2023-22458**) Integer overflow in the Redis HRANDFIELD and ZRANDMEMBER commands can lead to denial-of- service Bug Fixes * Avoid possible hang when client issues long KEYS,
libXpm 3.5.15, fixes CVE-2022-46285, CVE-2022-44617, CVE-2022-4883
Update to 42.6
The 6.1.7 stable kernel update contains a number of important fixes across the tree.
The 6.1.7 stable kernel update contains a number of important fixes across the tree.
Rebase to sudo-1.9.12p2 – security fix for CVE-2023-22809
libXpm 3.5.15, fixes CVE-2022-46285, CVE-2022-44617, CVE-2022-4883
– Update to 109.0
This updates .NET 6 to the January 2023 security release. The updated versions are SDK 6.0.113 and Runtime 6.0.13 This include a fix for CVE-2023-21538
Patches for CVE-2023-23456 and CVE-2023-23457
Security fix for CVE-2022-46176: Cargo did not perform SSH host key verification when cloning indexes and dependencies via SSH. For more details, see the upstream [security advisory](https://blog.rust- lang.org/2023/01/10/cve-2022-46176.html).
Update to 2.39.1 (CVE-2022-41903, CVE-2022-23521) Refer to the [upstream release notes](https://github.com/git/git/raw/v2.39.1/Documentation/RelNotes/2.30.7.txt) and the security advisories ([CVE-2022- 41903](https://github.com/git/git/security/advisories/GHSA-475x-2q3q-hvwq),
ati-vga: out-of-bounds write in ati_2d_blt (CVE-2021-3638) (rhbz#1979882) qxl: qxl_phys2virt unsafe address translation (CVE-2022-4144) (rhbz#2148542) linux- user: default to -cpu max (rhbz#2121700)