Aggregator

FEDORA-2024-292aa2c246 Packages in this update:

• chromium-131.0.6778.85-1.fc40

Update description:

Update to 131.0.6778.85

* High CVE-2024-11395: Type Confusion in V8 * High CVE-2024-11110: Inappropriate implementation in Blink * Medium CVE-2024-11111: Inappropriate implementation in Autofill * Medium CVE-2024-11112: Use after free in Media * Medium CVE-2024-11113: Use after free in Accessibility * Medium CVE-2024-11114: Inappropriate implementation in Views * Medium CVE-2024-11115: Insufficient policy enforcement in Navigation * Medium CVE-2024-11116: Inappropriate implementation in Paint * Low CVE-2024-11117: Inappropriate implementation in FileSystem

FEDORA-EPEL-2024-7a7d342b23 Packages in this update:

• chromium-131.0.6778.85-1.el9

Update description:

Update to 131.0.6778.85

* High CVE-2024-11395: Type Confusion in V8 * High CVE-2024-11110: Inappropriate implementation in Blink * Medium CVE-2024-11111: Inappropriate implementation in Autofill * Medium CVE-2024-11112: Use after free in Media * Medium CVE-2024-11113: Use after free in Accessibility * Medium CVE-2024-11114: Inappropriate implementation in Views * Medium CVE-2024-11115: Insufficient policy enforcement in Navigation * Medium CVE-2024-11116: Inappropriate implementation in Paint * Low CVE-2024-11117: Inappropriate implementation in FileSystem

FEDORA-EPEL-2024-63b3a88151 Packages in this update:

• chromium-131.0.6778.85-1.el10_0

Update description:

Update to 131.0.6778.85

* High CVE-2024-11395: Type Confusion in V8 * High CVE-2024-11110: Inappropriate implementation in Blink * Medium CVE-2024-11111: Inappropriate implementation in Autofill * Medium CVE-2024-11112: Use after free in Media * Medium CVE-2024-11113: Use after free in Accessibility * Medium CVE-2024-11114: Inappropriate implementation in Views * Medium CVE-2024-11115: Insufficient policy enforcement in Navigation * Medium CVE-2024-11116: Inappropriate implementation in Paint * Low CVE-2024-11117: Inappropriate implementation in FileSystem

FEDORA-2024-582d2a7648 Packages in this update:

• chromium-131.0.6778.85-1.fc41

Update description:

Update to 131.0.6778.85

* High CVE-2024-11395: Type Confusion in V8 * High CVE-2024-11110: Inappropriate implementation in Blink * Medium CVE-2024-11111: Inappropriate implementation in Autofill * Medium CVE-2024-11112: Use after free in Media * Medium CVE-2024-11113: Use after free in Accessibility * Medium CVE-2024-11114: Inappropriate implementation in Views * Medium CVE-2024-11115: Insufficient policy enforcement in Navigation * Medium CVE-2024-11116: Inappropriate implementation in Paint * Low CVE-2024-11117: Inappropriate implementation in FileSystem

FEDORA-2024-ecfbcfce86 Packages in this update:

• chromium-131.0.6778.85-1.fc39

Update description:

Update to 131.0.6778.85

* High CVE-2024-11395: Type Confusion in V8 * High CVE-2024-11110: Inappropriate implementation in Blink * Medium CVE-2024-11111: Inappropriate implementation in Autofill * Medium CVE-2024-11112: Use after free in Media * Medium CVE-2024-11113: Use after free in Accessibility * Medium CVE-2024-11114: Inappropriate implementation in Views * Medium CVE-2024-11115: Insufficient policy enforcement in Navigation * Medium CVE-2024-11116: Inappropriate implementation in Paint * Low CVE-2024-11117: Inappropriate implementation in FileSystem

FEDORA-2024-0b563ad294 Packages in this update:

• wireshark-4.2.9-1.fc40

Update description:

New version 4.2.9

FEDORA-2024-f9f740bc60 Packages in this update:

• wireshark-4.4.2-1.fc41

Update description:

New version 4.4.2

Version:next-20241122 (linux-next) Released:2024-11-22

USN-7015-5 fixed vulnerabilities in python2.7. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that the Python email module incorrectly parsed email addresses that contain special characters. A remote attacker could possibly use this issue to bypass certain protection mechanisms. (CVE-2023-27043) It was discovered that Python allowed excessive backtracking while parsing certain tarfile headers. A remote attacker could possibly use this issue to cause Python to consume resources, leading to a denial of service. (CVE-2024-6232) It was discovered that the Python email module incorrectly quoted newlines for email headers. A remote attacker could possibly use this issue to perform header injection. (CVE-2024-6923) It was discovered that the Python http.cookies module incorrectly handled parsing cookies that contained backslashes for quoted characters. A remote attacker could possibly use this issue to cause Python to consume resources, leading to a denial of service. (CVE-2024-7592) It was discovered that the Python zipfile module incorrectly handled certain malformed zip files. A remote attacker could possibly use this issue to cause Python to stop responding, resulting in a denial of service. (CVE-2024-8088)

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - File systems infrastructure; - Network traffic control; (CVE-2024-46800, CVE-2024-43882)

It was discovered that ZBar did not properly handle certain QR codes. If a user or automated system using ZBar were tricked into opening a specially crafted file, an attacker could possibly use this to obtain sensitive information. (CVE-2023-40889) It was discovered that ZBar did not properly handle certain QR codes. If a user or automated system using ZBar were tricked into opening a specially crafted file, an attacker could possibly use this to obtain sensitive information. This issue only affected Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2023-40890)

Version:next-20241121 (linux-next) Released:2024-11-21

USN-7091-1 fixed several vulnerabilities in Ruby. This update provides the corresponding update for ruby2.7 in Ubuntu 20.04 LTS. Original advisory details: It was discovered that Ruby incorrectly handled parsing of an XML document that has specific XML characters in an attribute value using REXML gem. An attacker could use this issue to cause Ruby to crash, resulting in a denial of service. This issue only affected in Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2024-35176, CVE-2024-39908, CVE-2024-41123) It was discovered that Ruby incorrectly handled parsing of an XML document that has many entity expansions with SAX2 or pull parser API. An attacker could use this issue to cause Ruby to crash, resulting in a denial of service. (CVE-2024-41946) It was discovered that Ruby incorrectly handled parsing of an XML document that has many digits in a hex numeric character reference. An attacker could use this issue to cause Ruby to crash, resulting in a denial of service. (CVE-2024-49761)

FEDORA-EPEL-2024-3672733748 Packages in this update:

• rust-rustls-0.23.17-1.el9
• rust-zlib-rs-0.4.0-1.el9

Update description:

• Update the rustls crate to version 0.23.17.
• Update the zlib-rs crate to version 0.4.0.

The update to zlib-rs v0.4.0 also addresses CVE-2024-11249 (stack overflow during decompression with malicious input). This issue had no actual impact in Fedora, because no applications yet use the the zlib-rs feature of rustls and rustls is the only dependent package of zlib-rs.

FEDORA-EPEL-2024-21e104619e Packages in this update:

• rust-rustls-0.23.17-1.el10_0
• rust-zlib-rs-0.4.0-1.el10_0

Update description:

• Update the rustls crate to version 0.23.17.
• Update the zlib-rs crate to version 0.4.0.

The update to zlib-rs v0.4.0 also addresses CVE-2024-11249 (stack overflow during decompression with malicious input). This issue had no actual impact in Fedora, because no applications yet use the the zlib-rs feature of rustls and rustls is the only dependent package of zlib-rs.

FEDORA-2024-632b468c59 Packages in this update:

• rust-rustls-0.23.17-1.fc40
• rust-zlib-rs-0.4.0-1.fc40

Update description:

• Update the rustls crate to version 0.23.17.
• Update the zlib-rs crate to version 0.4.0.

The update to zlib-rs v0.4.0 also addresses CVE-2024-11249 (stack overflow during decompression with malicious input). This issue had no actual impact in Fedora, because no applications yet use the the zlib-rs feature of rustls and rustls is the only dependent package of zlib-rs.

FEDORA-2024-41e6e2fc74 Packages in this update:

• rust-rustls-0.23.17-1.fc41
• rust-zlib-rs-0.4.0-1.fc41

Update description:

• Update the rustls crate to version 0.23.17.
• Update the zlib-rs crate to version 0.4.0.

The update to zlib-rs v0.4.0 also addresses CVE-2024-11249 (stack overflow during decompression with malicious input). This issue had no actual impact in Fedora, because no applications yet use the the zlib-rs feature of rustls and rustls is the only dependent package of zlib-rs.

FEDORA-2024-6bcc5bbd5f Packages in this update:

• rust-rustls-0.23.17-1.fc42
• rust-zlib-rs-0.4.0-1.fc42

Update description:

• Update the rustls crate to version 0.23.17.
• Update the zlib-rs crate to version 0.4.0.

The update to zlib-rs v0.4.0 also addresses CVE-2024-11249 (stack overflow during decompression with malicious input). This issue had no actual impact in Fedora, because no applications yet use the the zlib-rs feature of rustls and rustls is the only dependent package of zlib-rs.

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - File systems infrastructure; - Network traffic control; (CVE-2024-46800, CVE-2024-43882)