The 5.6.13 stable kernel update contains a number of important fixes across the tree —- The 5.6.12 stable update contains a number of important fixes across the tree.
Comment
Posts Tagged Fedora Linux Distribution – Security Advisories
2744 results.
Latest upstream.
This package fixes a security issue that allowed for _method query parameters to be used with GET requests. The fix is backported from Mojolicious v8.42.
This package fixes a security issue that allowed for _method query parameters to be used with GET requests. The fix is backported from Mojolicious v8.42.
Update to OpenJDK 8u252 (April Critical Patch Update) – JDK-8223898, CVE-2020-2754: Forward references to Nashorn – JDK-8223904, CVE-2020-2755: Improve Nashorn matching – JDK-8224541, CVE-2020-2756: Better mapping of serial ENUMs – JDK-8224549, CVE-2020-2757: Less Blocking Array Queues – JDK-8225603: Enhancement for big integers – JDK-8227542: Manifest improved jar headers –
Update to latest upstream 8.8.8
8u252 update
Update to latest upstream 8.8.8
Version update + security fix
Version update + security fix
Fix for CVE-2020-5283. ViewVC 1.1.28 ChangeLog – security fix: escape subdir lastmod file name (#211) – fix standalone.py first request failure (#195) ViewVC 1.1.27 ChangeLog: – suppress stack traces (with option to show) (#140) – distinguish text/binary/image files by icons (#166, #175) – colorize alternating file content lines (#167) – link to the instance root from the
The 5.6.12 stable update contains a number of important fixes across the tree.
Last Upstream release, including (among others): – (security) Prevent execution of SQL injection while assigning a technician, – (security) Permit to change key used to store passwords, – (security) Improve CSRF token, – (security) Fix several possible XSS, – (security) Fix a few possible SQL injections, – Fix SCSS caching issues, – Fix inline images handling on item update, – Fix PHP 7.4
This update includes a security fix for CVE-2020-10737. Additionally, From 0.34.6: – update license on src/buffer.h – changes “/var/run” to “/run” in systemd service file (Orion Poplawski, #1834511) From 0.34.5: – apply patch from Matthias Gerstner of the SUSE security team to fix a possible race condition in the mkhomedir helper (noted above, this fixes CVE-2020-10737) –
Update to 2.53.2 If you have Lightning and/or Chatzilla extensions previously disabled, they are enabled after the update. Disable it again if needed (in about:addons), or remove completely (which can improve startup time).
Update to OpenJDK 8u252 (April Critical Patch Update) – JDK-8223898, CVE-2020-2754: Forward references to Nashorn – JDK-8223904, CVE-2020-2755: Improve Nashorn matching – JDK-8224541, CVE-2020-2756: Better mapping of serial ENUMs – JDK-8224549, CVE-2020-2757: Less Blocking Array Queues – JDK-8225603: Enhancement for big integers – JDK-8227542: Manifest improved jar headers –
update to 4.11.4 —- multiple xenoprof issues [XSA-313, CVE-2020-11740, CVE-2020-11741] (#1823912, #1823914) Missing memory barriers in read-write unlock paths [XSA-314, CVE-2020-11739] (#1823784) Bad error path in GNTTABOP_map_grant [XSA-316, CVE-2020-11743] (#1823926) Bad continuation handling in GNTTABOP_copy [XSA-318, CVE-2020-11742] (#1823943)
**MySQL 8.0.20** Release notes: https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-20.html CVEs fixed: CVE-2020-2759 CVE-2020-2761 CVE-2020-2762 CVE-2020-2763 CVE-2020-2765 CVE-2020-2770 CVE-2020-2774 CVE-2020-2779 CVE-2020-2780 CVE-2020-2804 CVE-2020-2812 CVE-2020-2814 CVE-2020-2853 CVE-2020-2892 CVE-2020-2893
**MySQL 8.0.20** Release notes: https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-20.html CVEs fixed: CVE-2020-2759 CVE-2020-2761 CVE-2020-2762 CVE-2020-2763 CVE-2020-2765 CVE-2020-2770 CVE-2020-2774 CVE-2020-2779 CVE-2020-2780 CVE-2020-2804 CVE-2020-2812 CVE-2020-2814 CVE-2020-2853 CVE-2020-2892 CVE-2020-2893
Are you ready, kids? I said, are you ready? Whoooooo has another update for you to see? Google Chromium! For browsing and tweeting (but not FTP) Google Chromium! If improved security be something you wish Google Chromium! Then run dnf while you flop like a fish! Google Chromium! Google Chromium! Google Chromium! Google Chromium! Ahem. Sorry*. This update fixes the following
**MySQL 8.0.20** Release notes: https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-20.html CVEs fixed: CVE-2020-2759 CVE-2020-2761 CVE-2020-2762 CVE-2020-2763 CVE-2020-2765 CVE-2020-2770 CVE-2020-2774 CVE-2020-2779 CVE-2020-2780 CVE-2020-2804 CVE-2020-2812 CVE-2020-2814 CVE-2020-2853 CVE-2020-2892 CVE-2020-2893
– Release 0.24.1
**Version 1.4.4** This is a **service and security update** to the stable version 1.4 of Roundcube Webmail. It contains four fixes for recently reported security vulnerabilities as well a number of general improvements from our issue tracker. – Fix bug where attachments with Content-Id were attached to the message on reply (#7122) – Fix identity selection on reply when both sender and
– Release 0.24.1
https://lists.gnupg.org/pipermail/gnutls-help/2020-March/004642.html
Update to 2.53.2 If you have Lightning and/or Chatzilla extensions previously disabled, they are enabled after the update. Disable it again if needed (in about:addons), or remove completely (which can improve startup time).
A security flaw was found on rubygem-json prior to 2.3.0 which was now assigned as CVE-2020-10663. This new rpm contains backport fixes for this issue.
Another day, another chromium update. This one fixes: CVE-2020-6458 CVE-2020-6459 CVE-2020-6460 —- Fix dependency issue introduced when switching from a “shared” build to a “static” build. —- A new major version of Chromium without any security bugs! Just kidding. Here’s the CVE list: CVE-2020-6454 CVE-2020-6423 CVE-2020-6455 CVE-2020-6430 CVE-2020-6456
Update to latest upstream OpenVPN 2.4.9 release. It contains a security fix for CVE-2020-11810. This security issue is quite hard to abuse, requiring a fairly precise timing attack combined with guessing a just assigned peer-id reference. If successful, only a single client just initiating a new connection will experience a denial of service situation. This wi why the severity is rated
A security flaw was found on rubygem-json prior to 2.3.0 which was now assigned as CVE-2020-10663. This new rpm contains backport fixes for this issue.