Mitigate CVE-2024-0690
Posts Tagged Fedora Linux Distribution – Security Advisories
Backport fix for CVE-2023-51257.
Security fix for CVE-2023-39325
update to 120.0.6099.224 – High CVE-2024-0517: Out of bounds write in V8 – High CVE-2024-0518: Type Confusion in V8 – High CVE-2024-0519: Out of bounds memory access in V8
Cumulative bug-fix update. This update includes fixes for multiple security issues found by Talos in which specially crafted input files could lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.
update to v0.14.0, address CVE-2023-39325
Update to 6.0.25
Update to 6.0.25
Update to 1.4.16. Fixes CVE-2023-6277 (in bundled libtiff).
Backport fix for CVE-2023-49438.
Update to 1.4.16. Fixes CVE-2023-6277 (in bundled libtiff).
update to 120.0.6099.216 – High CVE-2024-0333: Insufficient data validation in Extensions
Forbid shell metasymbols in username/hostname Resolve Terrapin attack Apply destination constraints to all PKCS#11 keys
Bugfix release. Includes security fixes for CVE-2021-42260 and CVE-2023-34194 and a fix for incorrect text element encoding (upstream isssue #51).
CVE fix for: CVE-2023-6377, CVE-2023-6478
CVE fix for: CVE-2023-6377, CVE-2023-6478
Terrapin fix
Fix regression in IPv6 hosntames parsing —- New upstream release fixing (CVE-2023-48795, CVE-2023-6004, CVE-2023-6918)
Automatic update for podman-4.8.3-1.fc39. ##### **Changelog for podman** “` * Wed Jan 03 2024 Packit
Fix for CVE-2023-7101 (unvalidated input can lead to arbitrary code execution vulnerability).
Security fix for CVE-2023-49081, CVE-2023-49082. Update `python-aiohttp` to 3.9.1. Patch `python-pysqeezebox` and `python-wled` so they do not have an implicit dependency on `python-async-timeout` via `python-aiohttp`. https://github.com/aio-libs/aiohttp/releases/tag/v3.9.0 https://github.com/aio- libs/aiohttp/releases/tag/v3.9.1
Bugfix release. Includes security fixes for CVE-2021-42260 and CVE-2023-34194 and a fix for incorrect text element encoding (upstream isssue #51).
Security fix for CVE-2023-49081, CVE-2023-49082. Update `python-aiohttp` to 3.9.1. Patch `python-pysqeezebox` and `python-wled` so they do not have an implicit dependency on `python-async-timeout` via `python-aiohttp`. https://github.com/aio-libs/aiohttp/releases/tag/v3.9.0 https://github.com/aio- libs/aiohttp/releases/tag/v3.9.1
update to 120.0.6099.199 – CVE-2023-6879 aom: heap-buffer-overflow on frame size change – CVE-2023-7104 sqlite: heap-buffer-overflow at sessionfuzz – CVE-2024-0222: Use after free in ANGLE – CVE-2024-0223: Heap buffer overflow in ANGLE – CVE-2024-0224: Use after free in WebAudio – CVE-2024-0225: Use after free in WebGPU
update to 120.0.6099.199 – CVE-2023-6879 aom: heap-buffer-overflow on frame size change – CVE-2023-7104 sqlite: heap-buffer-overflow at sessionfuzz – CVE-2024-0222: Use after free in ANGLE – CVE-2024-0223: Heap buffer overflow in ANGLE – CVE-2024-0224: Use after free in WebAudio – CVE-2024-0225: Use after free in WebGPU
– Update to 22.05.11 – Closes CVE-2023-49933 through CVE-2023-49938
– Update to 22.05.11 – Closes CVE-2023-49933 through CVE-2023-49938
Update to 3.2.5, fixing CVE-2018-1311 and CVE-2023-37536
Update to 3.2.5, fixing CVE-2018-1311 and CVE-2023-37536
Security fix for CVE-2023-48795 (Terrapin SSH protocol attack), affecting mod_sftp.