Aggregator

FEDORA-FLATPAK-2024-263720b59d Packages in this update:

• foliate-flatpak-3.1.0-2

Update description:

Update espeak-ng for CVE-2023-49990, CVE-2023-49991, CVE-2023-49992, CVE-2023-49993, CVE-2023-49994

FEDORA-EPEL-2024-7a1c939a17 Packages in this update:

• editorconfig-0.12.7-1.el8

Update description:

Update to 0.12.7: fix pointer overflow in STRING_CAT; fix a few more stack buffer overflows.

FEDORA-EPEL-2024-3412a9098b Packages in this update:

• editorconfig-0.12.7-1.el9

Update description:

Update to 0.12.7: fix pointer overflow in STRING_CAT; fix a few more stack buffer overflows.

FEDORA-2024-0f08e59f25 Packages in this update:

• editorconfig-0.12.7-1.fc38

Update description:

Update to 0.12.7: fix pointer overflow in STRING_CAT; fix a few more stack buffer overflows.

FEDORA-2024-deddae25dd Packages in this update:

• editorconfig-0.12.7-1.fc39

Update description:

Update to 0.12.7: fix pointer overflow in STRING_CAT; fix a few more stack buffer overflows.

FEDORA-2024-86d287b270 Packages in this update:

• editorconfig-0.12.7-1.fc40

Update description:

Update to 0.12.7: fix pointer overflow in STRING_CAT; fix a few more stack buffer overflows.

FEDORA-2024-77fd3b2f2a Packages in this update:

• tigervnc-1.13.1-13.fc39
• xorg-x11-server-1.20.14-34.fc39

Update description:

CVE fix for: CVE-2024-31080, CVE-2024-31081, CVE-2024-31082 and CVE-2024-31083

FEDORA-2024-7985b5f326 Packages in this update:

• emacs-29.3-2.fc40

Update description:

Obsolete the newer emacs-nox now in F39, fixing system upgrades

New upstream release 29.3, fixes rhbz#2271287

FEDORA-2024-39b249a59c Packages in this update:

• chromium-123.0.6312.105-1.fc39

Update description:

update to 123.0.6312.105

* High CVE-2024-3156: Inappropriate implementation in V8 * High CVE-2024-3158: Use after free in Bookmarks * High CVE-2024-3159: Out of bounds memory access in V8

FEDORA-2024-5e32ce95a3 Packages in this update:

• chromium-123.0.6312.105-1.fc38

Update description:

update to 123.0.6312.105

* High CVE-2024-3156: Inappropriate implementation in V8 * High CVE-2024-3158: Use after free in Bookmarks * High CVE-2024-3159: Out of bounds memory access in V8

FEDORA-2024-f98bdff610 Packages in this update:

• jose-13-1.fc38

Update description:

Security fix for CVE-2023-50967

FEDORA-2024-a94b67a7b2 Packages in this update:

• jose-13-1.fc39

Update description:

Security fix for CVE-2023-50967

FEDORA-2024-2cface5aba Packages in this update:

• jose-13-1.fc40

Update description:

Security fix for CVE-2023-50967

Version:6.8.3 (stable) Released:2024-04-03 Source:linux-6.8.3.tar.xz PGP Signature:linux-6.8.3.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-6.8.3

Version:6.6.24 (longterm) Released:2024-04-03 Source:linux-6.6.24.tar.xz PGP Signature:linux-6.6.24.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-6.6.24

Version:6.1.84 (longterm) Released:2024-04-03 Source:linux-6.1.84.tar.xz PGP Signature:linux-6.1.84.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-6.1.84

Version:6.7.12 (EOL) (stable) Released:2024-04-03 Source:linux-6.7.12.tar.xz PGP Signature:linux-6.7.12.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-6.7.12

It was discovered that a race condition existed in the io_uring subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.(CVE-2023-1872) Lonial Con discovered that the netfilter subsystem in the Linux kernel contained a memory leak when handling certain element flush operations. A local attacker could use this to expose sensitive information (kernel memory).(CVE-2023-4569) It was discovered that the TLS subsystem in the Linux kernel did not properly perform cryptographic operations in some situations, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.(CVE-2023-6176) It was discovered that a race condition existed in the AppleTalk networking subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.(CVE-2023-51781) Jann Horn discovered that the TLS subsystem in the Linux kernel did not properly handle spliced messages, leading to an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.(CVE-2024-0646) Notselwyn discovered that the netfilter subsystem in the Linux kernel did not properly handle verdict parameters in certain cases, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.(CVE-2024-1086)

FEDORA-EPEL-2024-d9102d9191 Packages in this update:

• clojure-1.8.0-3.el7

Update description:

Security fix for CVE-2024-22871