Update to WebKitGTK 2.28.0. * Add API to enable Process Swap on (Cross-site) Navigation. * Add user messages API for the communication with the web extension. * Add support for same-site cookies. * Service workers are enabled by default. * Add support for Pointer Lock API. * Add flatpak sandbox support. * Make ondemand hardware acceleration policy never leave accelerated compositing
Posts Tagged Fedora Linux Distribution – Security Advisories
Update Fedora 32 to the final release version of 8u242 (https://bitly.com/oj8u242), bringing in the last security updates, in line with packages already in Fedora 30 & 31 This also resolves RHBZ#1813550 which was seen with the previous attempt at this update.
Security fix for CVE-2020-9359
Update to 80.0.3987.149. Upstream says it fixes “13” security issues, but only lists these CVEs: * CVE-2020-6422: Use after free in WebGL * CVE-2020-6424: Use after free in media * CVE-2020-6425: Insufficient policy enforcement in extensions. * CVE-2020-6426: Inappropriate implementation in V8 * CVE-2020-6427: Use after free in audio * CVE-2020-6428: Use after free in audio
Update to 80.0.3987.132. Lots of security fixes here. VAAPI re-enabled by default except on NVIDIA. List of CVEs fixed (since last update): * CVE-2019-20446 * CVE-2020-6381 * CVE-2020-6382 * CVE-2020-6383 * CVE-2020-6384 * CVE-2020-6385 * CVE-2020-6386 * CVE-2020-6387 * CVE-2020-6388 * CVE-2020-6389 * CVE-2020-6390 * CVE-2020-6391 * CVE-2020-6392 *
Update to WebKitGTK 2.28.0. * Add API to enable Process Swap on (Cross-site) Navigation. * Add user messages API for the communication with the web extension. * Add support for same-site cookies. * Service workers are enabled by default. * Add support for Pointer Lock API. * Add flatpak sandbox support. * Make ondemand hardware acceleration policy never leave accelerated compositing
Automatic update for libarchive-3.4.2-1.fc32.
Update to NetHack 3.6.6
Update to NetHack 3.6.6
Update to NetHack 3.6.6
Security and performance fixes.
**Horde_Form 2.0.20** * [mjr] SECURITY: Prevent ability to specify temporary filename (CVE-2020-8866, Reported By: Andrea Cardaci working with Trend Micro Zero Day Initiative).
**Horde_Form 2.0.20** * [mjr] SECURITY: Prevent ability to specify temporary filename (CVE-2020-8866, Reported By: Andrea Cardaci working with Trend Micro Zero Day Initiative).
Update to 2.9.6 bugfix release and 2 CVE fixes: CVE-2020-1737, CVE-2020-1739
https://lists.wikimedia.org/pipermail/mediawiki- announce/2019-December/000243.html
https://lists.wikimedia.org/pipermail/mediawiki- announce/2019-December/000243.html
CouchDB 3.0.0
– update to latest development version 1.9.0b1 – added sudo_logsrvd and sudo_sendlog to files and their appropriate man pages Resolves: rhbz#1787823 – Stack based buffer overflow in when pwfeedback is enabled Resolves: rhbz#1796945 – fixes: CVE-2019-18634 – By using ! character in the shadow file instead of a password hash can access to a run as all sudoer account Resolves: rhbz#1786709 –
Release 6.6.4p1 (2020-02-24) — – An out of bounds read in smtpd allows an attacker to inject arbitrary commands into the envelope file which are then executed as root. Separately, missing privilege revocation in smtpctl allows arbitrary commands to be run with the _smtpq group. Release 6.6.3p1 (2020-02-10) — – Following the 6.6.2p1 release, various improvements were
Update to latest upstream version
Release 6.6.4p1 (2020-02-24) — – An out of bounds read in smtpd allows an attacker to inject arbitrary commands into the envelope file which are then executed as root. Separately, missing privilege revocation in smtpctl allows arbitrary commands to be run with the _smtpq group. Release 6.6.3p1 (2020-02-10) — – Following the 6.6.2p1 release, various improvements were
The 5.5.7 stable kernel update contains a number of important fixes across the tree.
The 5.5.7 stable kernel update contains a number of important fixes across the tree.
The 5.5.6 stable kernel update contains a number of important fixes across the tree.
The 5.5.6 stable kernel update contains a number of important fixes across the tree.
The 5.5.6 stable kernel update contains a number of important fixes across the tree.
This update backports a patch for CVE-2020-8112.
**PHP version 7.3.15** (20 Feb 2020) **Core:** * Fixed bug php#71876 (Memory corruption htmlspecialchars(): charset `*’ not supported). (Nikita) * Fixed bug #php#79146 (cscript can fail to run on some systems). (clarodeus) * Fixed bug php#78323 (Code 0 is returned on invalid options). (Ivan Mikheykin) * Fixed bug php#76047 (Use-after-free when accessing already destructed backtrace
Rebase to version 0.9.62
This update, to the current upstream stable release version, is a cumulative bug-fix release including a security fix for a use-after-free vulnerability (CVE-2020-9273): successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.