Aggregator

FEDORA-2024-cba85cc558 Packages in this update:

• putty-0.81-1.fc39

Update description:

Security fix for CVE-2024-31497.

FEDORA-2024-d85c1f7450 Packages in this update:

• putty-0.81-1.fc40

Update description:

Security fix for CVE-2024-31497.

Pratyush Yadav discovered that the Xen network backend implementation in the Linux kernel did not properly handle zero length data request, leading to a null pointer dereference vulnerability. An attacker in a guest VM could possibly use this to cause a denial of service (host domain crash). (CVE-2023-46838) It was discovered that the IPv6 implementation of the Linux kernel did not properly manage route cache memory usage. A remote attacker could use this to cause a denial of service (memory exhaustion). (CVE-2023-52340) It was discovered that the device mapper driver in the Linux kernel did not properly validate target size during certain memory allocations. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-52429, CVE-2024-23851) Dan Carpenter discovered that the netfilter subsystem in the Linux kernel did not store data in properly sized memory locations. A local user could use this to cause a denial of service (system crash). (CVE-2024-0607) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Architecture specifics; - Cryptographic API; - Android drivers; - EDAC drivers; - GPU drivers; - Media drivers; - MTD block device drivers; - Network drivers; - NVME drivers; - TTY drivers; - Userspace I/O drivers; - F2FS file system; - GFS2 file system; - IPv6 Networking; - AppArmor security module; (CVE-2023-52464, CVE-2023-52448, CVE-2023-52457, CVE-2023-52443, CVE-2023-52439, CVE-2023-52612, CVE-2024-26633, CVE-2024-26597, CVE-2023-52449, CVE-2023-52444, CVE-2023-52609, CVE-2023-52469, CVE-2023-52445, CVE-2023-52451, CVE-2023-52470, CVE-2023-52454, CVE-2023-52436, CVE-2023-52438)

FEDORA-2024-01f402fae5 Packages in this update:

• grub2-2.06-118.fc38

Update description:

Security fix for CVE-2023-4692

Security fix for CVE-2023-4693

Fri Mar 08 2024 Nicolas Frayer nfrayer@redhat.com - 2.06-118

• fs/xfs: Handle non-continuous data blocks in directory extents
• Related: #2254370

Fri Mar 08 2024 Nicolas Frayer nfrayer@redhat.com - 2.06-117

• GRUB2 NTFS driver vulnerabilities
• (CVE-2023-4692)
• (CVE-2023-4693)
• Resolves: #2236613
• Resolves: #2241978
• Resolves: #2241976
• Resolves: #2238343

FEDORA-2024-d09797f550 Packages in this update:

• grub2-2.06-120.fc39

Update description:

Security fix for CVE-2023-4692

Security fix for CVE-2023-4693

Fri Apr 12 2024 Nicolas Frayer nfrayer@redhat.com - 2.06-120

• fs/xfs: Handle non-continuous data blocks in directory extents
• Related: #2254370

Fri Mar 08 2024 Nicolas Frayer nfrayer@redhat.com - 2.06-119

• GRUB2 NTFS driver vulnerabilities
• (CVE-2023-4692)
• (CVE-2023-4693)
• Resolves: #2236613
• Resolves: #2241978
• Resolves: #2241976
• Resolves: #2238343

FEDORA-2024-2b545d3085 Packages in this update:

• grub2-2.06-121.fc40

Update description:

Security fix for CVE-2023-4692

Security fix for CVE-2023-4693

Fri Apr 12 2024 Nicolas Frayer nfrayer@redhat.com - 2.06-121

• fs/xfs: Handle non-continuous data blocks in directory extents
• Related: #2254370

Fri Mar 08 2024 Nicolas Frayer nfrayer@redhat.com - 2.06-120

• GRUB2 NTFS driver vulnerabilities
• (CVE-2023-4692)
• (CVE-2023-4693)
• Resolves: #2236613
• Resolves: #2241978
• Resolves: #2241976
• Resolves: #2238343

Version:6.8.7 (stable) Released:2024-04-17 Source:linux-6.8.7.tar.xz PGP Signature:linux-6.8.7.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-6.8.7

Version:6.6.28 (longterm) Released:2024-04-17 Source:linux-6.6.28.tar.xz PGP Signature:linux-6.6.28.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-6.6.28

FEDORA-2024-050266dc33 Packages in this update:

• freerdp-3.5.0-1.fc40

Update description:

Update to 3.5.0 (CVE-2024-32039, CVE-2024-32040, CVE-2024-32041, CVE-2024-32458, CVE-2024-32459, CVE-2024-32460)

Version:6.1.87 (longterm) Released:2024-04-17 Source:linux-6.1.87.tar.xz PGP Signature:linux-6.1.87.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-6.1.87

Version:5.15.156 (longterm) Released:2024-04-17 Source:linux-5.15.156.tar.xz PGP Signature:linux-5.15.156.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-5.15.156

Version:next-20240417 (linux-next) Released:2024-04-17

FEDORA-2024-bd8c6c6926 Packages in this update:

• squid-6.9-1.fc39

Update description:

• New squid 6.9
• security update

FEDORA-2024-a414a81d47 Packages in this update:

• squid-6.9-1.fc38

Update description:

• New squid 6.9
• security update

FEDORA-2024-ce2eefc399 Packages in this update:

• kubernetes-1.29.4-1.fc40

Update description:

Update Kubernetes to v1.29.4 for Fedora 40. Resolves CVE-2024-3177: Bypassing mountable secrets policy imposed by the ServiceAccount admission plugin.

Additional bug and regression fixes include a bump to Golang.org/x/net to v0.23.0 to address CVE-2023-45288 .

Pratyush Yadav discovered that the Xen network backend implementation in the Linux kernel did not properly handle zero length data request, leading to a null pointer dereference vulnerability. An attacker in a guest VM could possibly use this to cause a denial of service (host domain crash). (CVE-2023-46838) It was discovered that the IPv6 implementation of the Linux kernel did not properly manage route cache memory usage. A remote attacker could use this to cause a denial of service (memory exhaustion). (CVE-2023-52340) It was discovered that the device mapper driver in the Linux kernel did not properly validate target size during certain memory allocations. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-52429, CVE-2024-23851) Dan Carpenter discovered that the netfilter subsystem in the Linux kernel did not store data in properly sized memory locations. A local user could use this to cause a denial of service (system crash). (CVE-2024-0607) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Architecture specifics; - Cryptographic API; - Android drivers; - EDAC drivers; - GPU drivers; - Media drivers; - MTD block device drivers; - Network drivers; - NVME drivers; - TTY drivers; - Userspace I/O drivers; - F2FS file system; - GFS2 file system; - IPv6 Networking; - AppArmor security module; (CVE-2023-52464, CVE-2023-52448, CVE-2023-52457, CVE-2023-52443, CVE-2023-52439, CVE-2023-52612, CVE-2024-26633, CVE-2024-26597, CVE-2023-52449, CVE-2023-52444, CVE-2023-52609, CVE-2023-52469, CVE-2023-52445, CVE-2023-52451, CVE-2023-52470, CVE-2023-52454, CVE-2023-52436, CVE-2023-52438)

FEDORA-2024-662a8b6005 Packages in this update:

• kubernetes-1.27.13-1.fc39

Update description:

Updates Fedora 30 to Kubernetes 1.27.13. Resolves CVE-2024-3177: Bypassing mountable secrets policy imposed by the ServiceAccount admission plugin. In addition, a few bug and regression fixes.