Fix CVE-2018-19655
Comment
Posts Tagged Fedora Linux Distribution – Security Advisories
2744 results.
Fix CVE-2018-19655
* New upstream release 5.3.1 (rhbz#1814882) * Fixes CVE-2020-1747 (rhbz#1807367,1809011)
The 5.5.11 stable kernel update contains a number of important fixes across the tree.
Security and performance fixes.
**PHP version 7.3.16** (19 Mar 2020) **Core:** * Fixed bug php#63206 (restore_error_handler does not restore previous errors mask). (Mark Plomer) **DOM:** * Fixed bug php#77569: (Write Access Violation in DomImplementation). (Nikita, cmb) * Fixed bug php#79271 (DOMDocumentType::$childNodes is NULL). (cmb) **Enchant:** * Fixed bug php#79311 (enchant_dict_suggest() fails on big
**PHP version 7.3.16** (19 Mar 2020) **Core:** * Fixed bug php#63206 (restore_error_handler does not restore previous errors mask). (Mark Plomer) **DOM:** * Fixed bug php#77569: (Write Access Violation in DomImplementation). (Nikita, cmb) * Fixed bug php#79271 (DOMDocumentType::$childNodes is NULL). (cmb) **Enchant:** * Fixed bug php#79311 (enchant_dict_suggest() fails on big
**PHP version 7.4.4** (19 Mar 2020) **Core:** * Fixed bug php#79329 (get_headers() silently truncates after a null byte) (**CVE-2020-7066**) (cmb) * Fixed bug php#79244 (php crashes during parsing INI file). (Laruence) * Fixed bug php#63206 (restore_error_handler does not restore previous errors mask). (Mark Plomer) **CURL:** * Fixed bug php#79019 (Copied cURL handles upload
Update to WebKitGTK 2.28.0. * Add API to enable Process Swap on (Cross-site) Navigation. * Add user messages API for the communication with the web extension. * Add support for same-site cookies. * Service workers are enabled by default. * Add support for Pointer Lock API. * Add flatpak sandbox support. * Make ondemand hardware acceleration policy never leave accelerated compositing
Update Fedora 32 to the final release version of 8u242 (https://bitly.com/oj8u242), bringing in the last security updates, in line with packages already in Fedora 30 & 31 This also resolves RHBZ#1813550 which was seen with the previous attempt at this update.
Security fix for CVE-2020-9359
Update to 80.0.3987.149. Upstream says it fixes “13” security issues, but only lists these CVEs: * CVE-2020-6422: Use after free in WebGL * CVE-2020-6424: Use after free in media * CVE-2020-6425: Insufficient policy enforcement in extensions. * CVE-2020-6426: Inappropriate implementation in V8 * CVE-2020-6427: Use after free in audio * CVE-2020-6428: Use after free in audio
Update to 80.0.3987.132. Lots of security fixes here. VAAPI re-enabled by default except on NVIDIA. List of CVEs fixed (since last update): * CVE-2019-20446 * CVE-2020-6381 * CVE-2020-6382 * CVE-2020-6383 * CVE-2020-6384 * CVE-2020-6385 * CVE-2020-6386 * CVE-2020-6387 * CVE-2020-6388 * CVE-2020-6389 * CVE-2020-6390 * CVE-2020-6391 * CVE-2020-6392 *
Update to WebKitGTK 2.28.0. * Add API to enable Process Swap on (Cross-site) Navigation. * Add user messages API for the communication with the web extension. * Add support for same-site cookies. * Service workers are enabled by default. * Add support for Pointer Lock API. * Add flatpak sandbox support. * Make ondemand hardware acceleration policy never leave accelerated compositing
Automatic update for libarchive-3.4.2-1.fc32.
Update to NetHack 3.6.6
Update to NetHack 3.6.6
Update to NetHack 3.6.6
Security and performance fixes.
**Horde_Form 2.0.20** * [mjr] SECURITY: Prevent ability to specify temporary filename (CVE-2020-8866, Reported By: Andrea Cardaci working with Trend Micro Zero Day Initiative).
**Horde_Form 2.0.20** * [mjr] SECURITY: Prevent ability to specify temporary filename (CVE-2020-8866, Reported By: Andrea Cardaci working with Trend Micro Zero Day Initiative).
Update to 2.9.6 bugfix release and 2 CVE fixes: CVE-2020-1737, CVE-2020-1739
https://lists.wikimedia.org/pipermail/mediawiki- announce/2019-December/000243.html
https://lists.wikimedia.org/pipermail/mediawiki- announce/2019-December/000243.html
CouchDB 3.0.0
– update to latest development version 1.9.0b1 – added sudo_logsrvd and sudo_sendlog to files and their appropriate man pages Resolves: rhbz#1787823 – Stack based buffer overflow in when pwfeedback is enabled Resolves: rhbz#1796945 – fixes: CVE-2019-18634 – By using ! character in the shadow file instead of a password hash can access to a run as all sudoer account Resolves: rhbz#1786709 –
Release 6.6.4p1 (2020-02-24) — – An out of bounds read in smtpd allows an attacker to inject arbitrary commands into the envelope file which are then executed as root. Separately, missing privilege revocation in smtpctl allows arbitrary commands to be run with the _smtpq group. Release 6.6.3p1 (2020-02-10) — – Following the 6.6.2p1 release, various improvements were
Update to latest upstream version
Release 6.6.4p1 (2020-02-24) — – An out of bounds read in smtpd allows an attacker to inject arbitrary commands into the envelope file which are then executed as root. Separately, missing privilege revocation in smtpctl allows arbitrary commands to be run with the _smtpq group. Release 6.6.3p1 (2020-02-10) — – Following the 6.6.2p1 release, various improvements were
The 5.5.7 stable kernel update contains a number of important fixes across the tree.