Aggregator

FEDORA-EPEL-2024-76d6941f10 Packages in this update:

• python-django3-3.2.25-1.el9

Update description:

Security fixes for

• CVE-2024-27351 Potential regular expression DOS in django.utils.text.Truncator.words()
• CVE-2023-41164 Potential DOS vulnerability in django.utils.encoding.uri_to_iri()

FEDORA-2024-a56a47ef1b Packages in this update:

• kernel-6.8.5-101.fc38

Update description:

The 6.8.5 stable kernel update contains a number of important fixes across the tree.

FEDORA-2024-33a9ea72d1 Packages in this update:

• kernel-6.8.5-201.fc39

Update description:

The 6.8.5 stable kernel update contains a number of important fixes across the tree.

FEDORA-2024-6d35739db7 Packages in this update:

• kernel-6.8.5-301.fc40

Update description:

The 6.8.5 stable kernel update contains a number of important fixes across the tree.

FEDORA-2024-a676697123 Packages in this update:

• xen-4.17.4-1.fc38

Update description:

x86: Native Branch History Injection [XSA-456, CVE-2024-2201] update to xen 4.17.4, remove patches now included upstream rebase xen.gcc12.fixes.patch x86 HVM hypercalls may trigger Xen bug check [XSA-454, CVE-2023-46842] x86: Incorrect logic for BTC/SRSO mitigations [XSA-455, CVE-2024-31142]

Joshua Rogers discovered that Squid incorrectly handled collapsed forwarding. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2023-49288) Joshua Rogers discovered that Squid incorrectly handled certain structural elements. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. (CVE-2023-5824) Joshua Rogers discovered that Squid incorrectly handled Cache Manager error responses. A remote trusted client can possibly use this issue to cause Squid to crash, resulting in a denial of service. (CVE-2024-23638) Joshua Rogers discovered that Squid incorrectly handled the HTTP Chunked decoder. A remote attacker could possibly use this issue to cause Squid to stop responding, resulting in a denial of service. (CVE-2024-25111) Joshua Rogers discovered that Squid incorrectly handled HTTP header parsing. A remote trusted client can possibly use this issue to cause Squid to crash, resulting in a denial of service. (CVE-2024-25617)

FEDORA-2024-74c4c65ff6 Packages in this update:

• google-guest-agent-20240314.00-4.fc41

Update description:

Automatic update for google-guest-agent-20240314.00-4.fc41.

Changelog * Wed Apr 10 2024 Major Hayden <major@redhat.com> - 20240314.00-4 - Skip events test * Wed Apr 10 2024 Major Hayden <major@redhat.com> - 20240314.00-3 - Fix typo in License filename * Wed Apr 10 2024 Major Hayden <major@redhat.com> - 20240314.00-2 - Sync packit config with other GCP pkgs * Wed Apr 10 2024 Major Hayden <major@redhat.com> - 20240314.00-1 - Update to 20240314.00 rhbz#2274184 * Wed Apr 10 2024 Fedora Release Engineering <releng@fedoraproject.org> - 20230726.00-8 - Unretirement Releng Request: https://pagure.io/releng/issue/12057 * Sun Feb 11 2024 Maxwell G <maxwell@gtmx.me> - 20230726.00-7 - Rebuild for golang 1.22.0 * Wed Jan 24 2024 Fedora Release Engineering <releng@fedoraproject.org> - 20230726.00-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Sat Jan 20 2024 Fedora Release Engineering <releng@fedoraproject.org> - 20230726.00-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Wed Sep 6 2023 Major Hayden <major@redhat.com> - 20230726.00-4 - PRs to rawhide only * Fri Jul 28 2023 Major Hayden <major@redhat.com> - 20230726.00-3 - Fix typo on ppc64le * Fri Jul 28 2023 Major Hayden <major@redhat.com> - 20230726.00-2 - Disable ppc64/s390x arches * Fri Jul 28 2023 Packit <hello@packit.dev> - 20230726.00-1 - [packit] 20230726.00 upstream release * Tue Jul 25 2023 Major Hayden <major@redhat.com> - 20230725.00-2 - Disable koji auto build with packit * Tue Jul 25 2023 Packit <hello@packit.dev> - 20230725.00-1 - [packit] 20230725.00 upstream release * Thu Jul 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 20230711.00-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild * Wed Jul 12 2023 Major Hayden <major@redhat.com> - 20230711.00-1 - Update to 20230711.00 rhbz#2222161 * Wed Jul 12 2023 Major Hayden <major@redhat.com> - 20230707.00-2 - Add packit config 🤖 * Tue Jul 11 2023 Major Hayden <major@redhat.com> - 20230707.00-1 - Update to 20230707.00 rhbz#2221432 * Mon Jul 3 2023 Major Hayden <major@redhat.com> - 20230628.00-1 - Update to 20230628.00 rhbz#2218708 * Wed Jun 28 2023 Major Hayden <major@redhat.com> - 20230626.00-1 - Update to 20230626.00 rhbz#2218220 * Mon Jun 12 2023 Major Hayden <major@redhat.com> - 20230601.00-1 - Update to 20230601.00 rhbz#2211674 * Thu May 18 2023 Major Hayden <major@redhat.com> - 20230517.00-1 - Update to 20230517.00 rhbz#2208103 * Mon May 15 2023 Major Hayden <major@redhat.com> - 20230510.00-1 - Update to 20230510.00 rhbz#2198979 * Mon May 1 2023 Major Hayden <major@redhat.com> - 20230426.00-1 - Update to 20230426.00 rhbz#2190065 * Thu Apr 6 2023 Major Hayden <major@redhat.com> - 20230403.00-1 - Update to 20230403.00 rhbz#2183053 * Tue Mar 28 2023 Major Hayden <major@redhat.com> - 20230221.00-2 - Bump revision for rebuild rhbz#2178465 * Tue Feb 28 2023 Major Hayden <major@redhat.com> - 20230221.00-1 - Update to 20230221.00 rhbz#2172749 * Wed Feb 22 2023 Major Hayden <major@redhat.com> - 20230207.00-2 - Set SPDX license * Mon Feb 13 2023 Major Hayden <major@redhat.com> - 20230207.00-1 - Update to 20230207.00 rhbz#2160637 * Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 20221109.00-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild * Mon Nov 14 2022 Major Hayden <major@redhat.com> - 20221109.00-1 - Update to 20221109.00 rhbz#2140412 * Wed Oct 26 2022 Major Hayden <major@redhat.com> - 20221025.00-1 - Update to 20221025.00 rhbz#2136314 * Wed Oct 12 2022 Major Hayden <major@redhat.com> - 20220927.00-1 - Update to 20220927.00 rhbz#2130931 * Thu Aug 25 2022 Major Hayden <major@redhat.com> - 20220824.00-1 - Update to 20220824.00 rhbz#2120895 * Thu Aug 18 2022 Major Hayden <major@redhat.com> - 20220816.01-1 - Update to 20220816.01 rhbz#2119456 * Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 20201217.02-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild * Tue Jul 19 2022 Maxwell G <gotmax@e.email> - 20201217.02-5 - Rebuild for CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang * Sat Jun 18 2022 Robert-André Mauchin <zebob.m@gmail.com> - 20201217.02-4 - Rebuilt for CVE-2022-1996, CVE-2022-24675, CVE-2022-28327, CVE-2022-27191, CVE-2022-29526, CVE-2022-30629

FEDORA-EPEL-2024-f060b59d26 Packages in this update:

• perl-Clipboard-0.29-1.el8

Update description:

Update to 0.29 - Fixes 'clipbrowse command execution with multi-line clipboard text including "| sh"'

FEDORA-EPEL-2024-a8b1cd8e52 Packages in this update:

• perl-Clipboard-0.29-1.el7

Update description:

Update to 0.29 - Fixes 'clipbrowse command execution with multi-line clipboard text including "| sh"'

FEDORA-EPEL-2024-6ebc36e81d Packages in this update:

• perl-Clipboard-0.29-1.el9

Update description:

Update to 0.29 - Fixes 'clipbrowse command execution with multi-line clipboard text including "| sh"'

FEDORA-2024-43a0920f12 Packages in this update:

• perl-Clipboard-0.29-1.fc39

Update description:

Update to 0.29 - Fixes 'clipbrowse command execution with multi-line clipboard text including "| sh"'

FEDORA-2024-2843f37353 Packages in this update:

• perl-Clipboard-0.29-1.fc40

Update description:

Update to 0.29 - Fixes 'clipbrowse command execution with multi-line clipboard text including "| sh"'

Version:6.8.5 (stable) Released:2024-04-10 Source:linux-6.8.5.tar.xz PGP Signature:linux-6.8.5.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-6.8.5

Version:6.6.26 (longterm) Released:2024-04-10 Source:linux-6.6.26.tar.xz PGP Signature:linux-6.6.26.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-6.6.26

Version:6.1.85 (longterm) Released:2024-04-10 Source:linux-6.1.85.tar.xz PGP Signature:linux-6.1.85.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-6.1.85

FEDORA-2024-966c267928 Packages in this update:

• perl-Clipboard-0.29-1.fc41

Update description:

Automatic update for perl-Clipboard-0.29-1.fc41.

Changelog * Wed Apr 10 2024 Xavier Bachelot <xavier@bachelot.org> - 0.29-1 - Update to 0.29 (RHBZ#2273832) - Fixes RHBZ#2257224 and RHBZ#2257225 - Convert License: to SPDX

Version:5.15.154 (longterm) Released:2024-04-10 Source:linux-5.15.154.tar.xz PGP Signature:linux-5.15.154.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-5.15.154

It was discovered that NSS incorrectly handled padding when checking PKCS#1 certificates. A remote attacker could possibly use this issue to perform Bleichenbacher-like attacks and recover private data. This issue only affected Ubuntu 20.04 LTS. (CVE-2023-4421) It was discovered that NSS had a timing side-channel when performing RSA decryption. A remote attacker could possibly use this issue to recover private data. (CVE-2023-5388) It was discovered that NSS had a timing side-channel when using certain NIST curves. A remote attacker could possibly use this issue to recover private data. (CVE-2023-6135) The NSS package contained outdated CA certificates. This update refreshes the NSS package to version 3.98 which includes the latest CA certificate bundle and other security improvements.

FEDORA-2024-8ffb095abb Packages in this update:

• wordpress-6.5.2-1.fc39

Update description:

Upstream annoucement: WordPress 6.5.2 Maintenance and Security Release

Security updates included in this release

• A cross-site scripting (XSS) vulnerability affecting the Avatar block type; reported by John Blackbourn of the WordPress security team. Many thanks to Mat Rollings for assisting with the research.

Upstream announcement: WordPress 6.5 “Regina”

FEDORA-2024-e6d3143991 Packages in this update:

• wordpress-6.5.2-1.fc40

Update description:

Upstream annoucement: WordPress 6.5.2 Maintenance and Security Release

Security updates included in this release

• A cross-site scripting (XSS) vulnerability affecting the Avatar block type; reported by John Blackbourn of the WordPress security team. Many thanks to Mat Rollings for assisting with the research.

Upstream announcement: WordPress 6.5 “Regina”