Aggregator

Version:6.8.4 (stable) Released:2024-04-04 Source:linux-6.8.4.tar.xz PGP Signature:linux-6.8.4.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-6.8.4

Version:6.6.25 (longterm) Released:2024-04-04 Source:linux-6.6.25.tar.xz PGP Signature:linux-6.6.25.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-6.6.25

It was discovered that X.Org X Server incorrectly handled certain data. An attacker could possibly use this issue to expose sensitive information. (CVE-2024-31080, CVE-2024-31081, CVE-2024-31082) It was discovered that X.Org X Server incorrectly handled certain glyphs. An attacker could possibly use this issue to cause a crash or expose sensitive information. (CVE-2024-31083)

FEDORA-EPEL-2024-a224e708a6 Packages in this update:

• rust-h2-0.3.26-1.el9

Update description:

Update to version 0.3.26. Addresses RUSTSEC-2024-0332.

FEDORA-2024-c5b42e6462 Packages in this update:

• rust-h2-0.3.26-1.fc38

Update description:

Update to version 0.3.26. Addresses RUSTSEC-2024-0332.

FEDORA-2024-638f25a317 Packages in this update:

• rust-h2-0.3.26-1.fc39

Update description:

Update to version 0.3.26. Addresses RUSTSEC-2024-0332.

FEDORA-2024-f99ee6bf95 Packages in this update:

• rust-h2-0.3.26-1.fc40

Update description:

Update to version 0.3.26. Addresses RUSTSEC-2024-0332.

FEDORA-EPEL-2024-866ac60917 Packages in this update:

• nghttp2-1.33.0-1.3.el7

Update description:

• fix CONTINUATION frames DoS (CVE-2024-28182)

FEDORA-2024-ec22e51ec2 Packages in this update:

• nghttp2-1.52.0-3.fc38

Update description:

• fix CONTINUATION frames DoS (CVE-2024-28182)

FEDORA-2024-a09456b7a9 Packages in this update:

• curl-8.6.0-8.fc40

Update description:

• fix Usage of disabled protocol (CVE-2024-2004)
• fix HTTP/2 push headers memory-leak (CVE-2024-2398)

FEDORA-2024-a00de83de9 Packages in this update:

• nghttp2-1.55.1-5.fc39

Update description:

• fix CONTINUATION frames DoS (CVE-2024-28182)

FEDORA-2024-da8cdd8414 Packages in this update:

• nghttp2-1.59.0-3.fc40

Update description:

• fix CONTINUATION frames DoS (CVE-2024-28182)

FEDORA-2024-f92626814d Packages in this update:

• chromium-123.0.6312.105-1.fc40

Update description:

update to 123.0.6312.105

• High CVE-2024-3156: Inappropriate implementation in V8
• High CVE-2024-3158: Use after free in Bookmarks
• High CVE-2024-3159: Out of bounds memory access in V8

FEDORA-2024-dd905788c4 Packages in this update:

• xorg-x11-server-Xwayland-22.1.9-6.fc38

Update description:

CVE fix for: CVE-2024-31080, CVE-2024-31081, CVE-2024-31083

Version:next-20240404 (linux-next) Released:2024-04-04

FEDORA-2024-7dd4b3b9a4 Packages in this update:

• kernel-6.8.3-200.fc39
• kernel-headers-6.8.3-200.fc39

Update description:

The 6.8.3 stable kernel rebase contains improved hardware support, new features, and a number of important fixes across the tree.

USN-6710-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Original advisory details: Manfred Paul discovered that Firefox did not properly perform bounds checking during range analysis, leading to an out-of-bounds write vulnerability. A attacker could use this to cause a denial of service, or execute arbitrary code. (CVE-2024-29943) Manfred Paul discovered that Firefox incorrectly handled MessageManager listeners under certain circumstances. An attacker who was able to inject an event handler into a privileged object may have been able to execute arbitrary code. (CVE-2024-29944)

FEDORA-2024-a1d440af5c Packages in this update:

• xorg-x11-server-Xwayland-23.2.5-1.fc39

Update description:

CVE fix for: CVE-2024-31080, CVE-2024-31081, CVE-2024-31082 and CVE-2024-31083

FEDORA-2024-d0acf8d109 Packages in this update:

• trafficserver-9.2.4-1.fc38

Update description:

Update to upstream 9.2.4, resolves CVE-2024-31309 (CONTINUATION frames DoS)