The 6.4.13 stable kernel updates contain a number of important fixes across the tree.
Comment
Posts Tagged Fedora Linux Distribution – Security Advisories
2746 results.
The 6.4.13 stable kernel updates contain a number of important fixes across the tree.
https://lists.wikimedia.org/hyperkitty/list/mediawiki- [email protected]/thread/H46H5ZYZG2PYUQ5STK7NWKF7GXYW7H6B/
– New upstream version (117.0)
Update to version 0.100.2. This includes a fix for RUSTSEC-2023-0053 (denial- of-service via crafted certificate chains).
– New upstream version (117.0)
Rebase to 0.5.2 to fix CVE-2023-22652 and CVE-2023-30079
2.0.17 Broker: * Fix `max_queued_messages 0` stopping clients from receiving messages * Fix `max_inflight_messages` not being set correctly. Apps: * Fix `mosquitto_passwd -U` backup file creation. 2.0.16 Security: * CVE-2023-28366: Fix memory leak in broker when clients send multiple QoS 2 messages with the same message ID, but then never respond to the PUBREC
Backport fix for CVE-2023-37369.
Backport fix for CVE-2023-37369.
– Update moby-engine to 24.0.5 – Security fix for CVE-2021-41803 – Security fix for CVE-2023-28842 – Security fix for CVE-2023-28841 – Security fix for CVE-2023-28840 – Security fix for CVE-2023-0845 – Security fix for CVE-2023-26054 – Security fix for CVE-2022-3064 – Security fix for CVE-2022-40716 – Security fix for CVE-2023-25173 —- Update moby-engine to
Rebase to qemu 7.2.5
This update takes caddy from 2.5.2 to 2.6.4. The primary purpose is to resolve CVE-2022-41721. This is a fairly significant upgrade with lots of new features and fixes, but after reviewing the upstream release notes I believe it should comply with the Fedora updates policy. The upgrade warnings in the release notes are described as either backwards compatible, marking a directive as deprecated
update to 116.0.5845.96. Fixes following security issues: CVE-2023-2312 CVE-2023-4349 CVE-2023-4350 CVE-2023-4351 CVE-2023-4352 CVE-2023-4353 CVE-2023-4354 CVE-2023-4355 CVE-2023-4356 CVE-2023-4357 CVE-2023-4358 CVE-2023-4359 CVE-2023-4360 CVE-2023-4361 CVE-2023-4362
update to xen-4.16.5 which includes x86/AMD: Speculative Return Stack Overflow [XSA-434, CVE-2023-20569] x86/Intel: Gather Data Sampling [XSA-435, CVE-2022-40982] remove patches now included upstream —- arm: Guests can trigger a deadlock on Cortex-A77 [XSA-436, CVE-2023-34320] (#2228238) —- bugfix for x86/AMD: Zenbleed [XSA-433, CVE-2023-20593] —- x86/AMD: Zenbleed
This update takes caddy from 2.5.2 to 2.6.4. The primary purpose is to resolve a long standing FTBFS related to golang 1.20. The current F38 package is actually a carried-foward F37 build because of that reason. It also resolves CVE-2022-41721. This is a fairly significant upgrade with lots of new features and fixes, but after reviewing the upstream release notes I believe it should
Update to latest upstream git snapshot. Various changes, including bug fix for cookie leak vulnerability.
Update to latest upstream git snapshot. Various changes, including bug fix for cookie leak vulnerability.
Update libqb for CVE-2023-39976
New firmware for AMD Zen CPUs to mitigate the AMD ‘Inception’ attack. Only needed for affected AMD users. —- Update to upstream 20230804 release: * Split out QCom Arm IP firmware * Merge Marvell libertas WiFi firmware * Mellanox: Add new mlxsw_spectrum firmware xx.2012.1012 * Add URL for latest FW binaries for NXP BT chipsets * rtw89: 8851b: update firmware to v0.29.41.1 *
updated to security 17.0.8.0.7
Update to 0.2.28
CVE-2023-20197 ClamAV File Scanning Infinite Loop Denial of Service Vulnerability
Possible buffer overflow in ‘ps’ (CVE-2023-4016)
This release mainly focuses on the detection of the new Zenbleed (CVE-2023-20593) vulnerability, among few other changes that were in line waiting for a release: * feat: detect the vulnerability and mitigation of Zenbleed (CVE-2023-20593) * feat: add the linux-firmware repository as another source for CPU microcode versions * feat: arm: add Neoverse-N2, Neoverse-V1 and
This is the August 2023 update for .NET 6 and .NET 7. Release Notes: – 7.0 SDK: https://github.com/dotnet/core/blob/main/release- notes/7.0/7.0.10/7.0.110.md – 7.0 Runtime: https://github.com/dotnet/core/blob/main/release-notes/7.0/7.0.10/7.0.10.md – 6.0 SDK: https://github.com/dotnet/core/blob/main/release-
Update to 4.12 for CVE-2023-38710, CVE-2023-38711 and CVE-2023-38712 addressing post-authentication denial of service attacks
update to 116.0.5845.96. Fixes following security issues: CVE-2023-2312 CVE-2023-4349 CVE-2023-4350 CVE-2023-4351 CVE-2023-4352 CVE-2023-4353 CVE-2023-4354 CVE-2023-4355 CVE-2023-4356 CVE-2023-4357 CVE-2023-4358 CVE-2023-4359 CVE-2023-4360 CVE-2023-4361 CVE-2023-4362
This is the August 2023 update for .NET 6 and .NET 7. Release Notes: – 7.0 SDK: https://github.com/dotnet/core/blob/main/release- notes/7.0/7.0.10/7.0.110.md – 7.0 Runtime: https://github.com/dotnet/core/blob/main/release-notes/7.0/7.0.10/7.0.10.md – 6.0 SDK: https://github.com/dotnet/core/blob/main/release-
respin of security cpu due to uninstallable sources subpkg —- updatet to july security update 382.b05