next-20241119: linux-next
Version:next-20241119 (linux-next)
Released:2024-11-19
Aggregator
python-aiohttp-3.9.5-2.fc40
FEDORA-2024-04ceb82dc7
Packages in this update:
- python-aiohttp-3.9.5-2.fc40
Security fix for CVE-2024-52304
DSA-5815-1 needrestart - security update
DSA-5816-1 libmodule-scandeps-perl - security update
python-aiohttp-3.10.5-3.fc41
FEDORA-2024-49df7093ac
Packages in this update:
- python-aiohttp-3.10.5-3.fc41
Security fix for CVE-2024-52304
libsndfile-1.2.2-5.fc41
FEDORA-2024-1318318e7a
Packages in this update:
- libsndfile-1.2.2-5.fc41
fix crash in in ogg vorbis (#2322326) (CVE-2024-50612)
libsndfile-1.2.2-5.fc42
FEDORA-2024-bb1826234a
Packages in this update:
- libsndfile-1.2.2-5.fc42
Automatic update for libsndfile-1.2.2-5.fc42.
Changelog * Mon Nov 18 2024 Michal Hlavinka <mhlavink@redhat.com> - 1.2.2-5 - fix crash in in ogg vorbis (rhbz#2322326) (CVE-2024-50612)libsndfile-1.2.2-4.fc40
FEDORA-2024-3ae3a47901
Packages in this update:
- libsndfile-1.2.2-4.fc40
- fix crash in in ogg vorbis (rhbz#2322326) (CVE-2024-50612)
USN-7114-1: GLib vulnerability
It was discovered that Glib incorrectly handled certain trailing
characters. An attacker could possibly use this issue to cause
a crash or other undefined behavior.
USN-7104-1: curl vulnerability
It was discovered that curl could overwrite the HSTS expiry of the parent
domain with the subdomain's HSTS entry. This could lead to curl switching
back to insecure HTTP earlier than otherwise intended, resulting in
information exposure.
USN-7113-1: WebKitGTK vulnerabilities
Several security issues were discovered in the WebKitGTK Web and JavaScript
engines. If a user were tricked into viewing a malicious website, a remote
attacker could exploit a variety of issues related to web browser security,
including cross-site scripting attacks, denial of service attacks, and
arbitrary code execution.
mingw-python3-3.11.10-2.fc41
FEDORA-2024-e6b1e638d1
Packages in this update:
- mingw-python3-3.11.10-2.fc41
Backport fix for CVE-2024-9287
Update to python-3.11.0.
mingw-python3-3.11.10-2.fc40
FEDORA-2024-d7e2d109e2
Packages in this update:
- mingw-python3-3.11.10-2.fc40
Backport fix for CVE-2024-9287
Update to python-3.11.0.
mingw-libsoup-2.74.3-8.fc40
FEDORA-2024-8c3476dd24
Packages in this update:
- mingw-libsoup-2.74.3-8.fc40
Backport fixes for CVE-2024-52530 and CVE-2024-52532.
mingw-libsoup-2.74.3-8.fc41
FEDORA-2024-af077c1f85
Packages in this update:
- mingw-libsoup-2.74.3-8.fc41
Backport fixes for CVE-2024-52530 and CVE-2024-52532.
mingw-glib2-2.82.2-1.fc40
FEDORA-2024-1e29ad7d25
Packages in this update:
- mingw-glib2-2.82.2-1.fc40
Update to 2.82.2, fixes CVE-2024-52533.
mingw-glib2-2.82.2-1.fc41
FEDORA-2024-67869f1cb3
Packages in this update:
- mingw-glib2-2.82.2-1.fc41
Update to 2.82.2, fixes CVE-2024-52533.
next-20241118: linux-next
Version:next-20241118 (linux-next)
Released:2024-11-18
USN-7108-1: AsyncSSH vulnerabilities
Fabian Bäumer, Marcus Brinkmann, and Jörg Schwenk discovered that AsyncSSH
did not properly handle the extension info message. An attacker able to
intercept communications could possibly use this issue to downgrade
the algorithm used for client authentication. (CVE-2023-46445)
Fabian Bäumer, Marcus Brinkmann, and Jörg Schwenk discovered that AsyncSSH
did not properly handle the user authentication request message. An
attacker could possibly use this issue to control the remote end of an SSH
client session via packet injection/removal and shell emulation.
(CVE-2023-46446)
cobbler3.2-3.2.3-2.el8
FEDORA-EPEL-2024-375a09fd04
Packages in this update:
- cobbler3.2-3.2.3-2.el8
Update to 3.2.3 - CVE-2024-47533