Added upstream patch to fix out-of-bounds access due to multiple backspaces to address incomplete fix for CVE-2022-38223 (#2222775, #2222780, #2255207)
Comment
Posts Tagged Fedora Linux Distribution – Security Advisories
2746 results.
Added upstream patch to fix out-of-bounds access due to multiple backspaces to address incomplete fix for CVE-2022-38223 (#2222775, #2222780, #2255207)
Security fix for CVE-2024-1753 Automatic update for podman-5.0.0-1.fc40. Changelog for podman * Tue Mar 19 2024 Packit
Security fix for CVE-2024-1753 Automatic update for podman-5.0.0-1.fc40. Changelog for podman * Tue Mar 19 2024 Packit
Update to 2.44.0 CVE-2024-23263, CVE-2024-23280, CVE-2024-23284
New upstream version (124.0.1)
Patch CVE-2023-4256 and CVE-2023-43279
Updates google.golang.org/protobuf to v1.33.0 to resolve CVE-2024-24786. Kubernetes is now built with go 1.21.8.
Update to version 2.13.1 Fix CVE-2024-28054
update to xen-4.18.1 rebase xen.gcc12.fixes.patch remove patches now included or superceded upstream x86: Register File Data Sampling [XSA-452, CVE-2023-28746] GhostRace: Speculative Race Conditions [XSA-453, CVE-2024-2193]
Security fix for CVE-2024-2182 ovn: insufficient validation of BFD packets may lead to denial of service [fedora-all]
Update to 123.0.6312.58 * High CVE-2024-2625: Object lifecycle issue in V8 * Medium CVE-2024-2626: Out of bounds read in Swiftshader * Medium CVE-2024-2627: Use after free in Canvas * Medium CVE-2024-2628: Inappropriate implementation in Downloads
Upgrade to 2.44.0: Make the DOM accessibility tree reachable from UI process with GTK4. Removed the X11 and WPE renderers in favor of DMA-BUF. Improved vblank synchronization when rendering. Removed key event reinjection in GTK4 to make keyboard shortcuts work in web
Update to upstream 1.3.0, and security fixes for CVE-2024-28176 and CVE-2024-28180
Updated to 124.0
Updated to 124.0
Add downstream fixes for CVE-2023-47995 and CVE-2023-47997.
Add downstream fixes for CVE-2023-47995 and CVE-2023-47997.
Update to shim-15.8
Update to shim-15.8
Security fix for CVE-2007-4559.
New upstream release with security fixes for CVE-2023-5992 and CVE-2024-1454
upstream security release 122.0.6261.128 High CVE-2024-2400: Use after free in Performance Manager
Security fix for CVE-2007-4559.
Baresip v3.10.1 (2024-03-12) Security Release (possible Denial of Service): A wrong or manipulated incoming RTP Timestamp can cause the baresip process to hang forever, for details see: #2954 aureceiver: fix mtx_unlock on discard
Baresip v3.10.1 (2024-03-12) Security Release (possible Denial of Service): A wrong or manipulated incoming RTP Timestamp can cause the baresip process to hang forever, for details see: #2954 aureceiver: fix mtx_unlock on discard
python-multipart 0.0.7 (2024-02-03) Refactor header option parser to use the standard library instead of a custom RegEx #75. Fixes a denial of service vulnerability, GHSA-qf9m-vfgh-m389, initially reported in FastAPI but applicable to other libraries and applications.
Update to 115.8.1 https://www.mozilla.org/en-US/security/advisories/mfsa2024-11/ read that if you have mails with encrypted email subjects https://www.thunderbird.net/en-US/thunderbird/115.8.1/releasenotes/
The 6.7.9 stable kernel update contains a number of important fixes across the tree.
Update to git f1da555, fixes CVE-2024-27507.