Aggregator

FEDORA-2023-083a5e41cd Packages in this update:

• firefox-120.0.1-1.fc37

Update description:

• Updated to latest upstream (120.0.1)

• Fixed freezes on Google Maps

• Updated to latest upstream (120.0)

Version:next-20231204 (linux-next) Released:2023-12-04

USN-6509-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. (CVE-2023-6206, CVE-2023-6210, CVE-2023-6211, CVE-2023-6212, CVE-2023-6213) It was discovered that Firefox did not properly manage memory when images were created on the canvas element. An attacker could potentially exploit this issue to obtain sensitive information. (CVE-2023-6204) It discovered that Firefox incorrectly handled certain memory when using a MessagePort. An attacker could potentially exploit this issue to cause a denial of service. (CVE-2023-6205) It discovered that Firefox incorrectly did not properly manage ownership in ReadableByteStreams. An attacker could potentially exploit this issue to cause a denial of service. (CVE-2023-6207) It discovered that Firefox incorrectly did not properly manage copy operations when using Selection API in X11. An attacker could potentially exploit this issue to obtain sensitive information. (CVE-2023-6208) Rachmat Abdul Rokhim discovered incorrectly handled parsing of relative URLS starting with "///". An attacker could potentially exploit this issue to cause a denial of service. (CVE-2023-6209)

FEDORA-2023-14a33318b8 Packages in this update:

• golang-github-prometheus-prom2json-1.3.3-1.fc40

Update description:

Automatic update for golang-github-prometheus-prom2json-1.3.3-1.fc40.

Changelog * Sun Dec 3 2023 Mikel Olasagasti Uranga <mikel@olasagasti.info> - 1.3.3-1 - Update to 1.3.3 - Closes rhbz#2076982 rhbz#2248331 rhbz#2163210 * Thu Jul 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.3.0-13 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild

FEDORA-2023-654e0ddfd8 Packages in this update:

• golang-github-prometheus-node-exporter-1.6.1-1.fc40

Update description:

Automatic update for golang-github-prometheus-node-exporter-1.6.1-1.fc40.

Changelog * Thu Nov 9 2023 Mikel Olasagasti Uranga <mikel@olasagasti.info> - 1.6.1-1 - Update to 1.6.1 - Closes rhbz#2210487 rhbz#2178447 rhbz#2163209

FEDORA-2023-d5bd6b62e4 Packages in this update:

• python-aiohttp-3.9.1-1.fc40
• python-pysqueezebox-0.5.5-11.fc40
• python-wled-0.4.4-11.fc40

Update description:

Security fix for CVE-2023-49081, CVE-2023-49082.

Update python-aiohttp to 3.9.1.

Patch python-pysqeezebox and python-wled so they do not have an implicit dependency on python-async-timeout via python-aiohttp.

https://github.com/aio-libs/aiohttp/releases/tag/v3.9.0

https://github.com/aio-libs/aiohttp/releases/tag/v3.9.1

FEDORA-2023-d4a0f2caf1 Packages in this update:

• java-1.8.0-openjdk-1.8.0.392.b08-4.fc37

Update description:

updated to jdk8u392+b08

FEDORA-2023-7f704380a0 Packages in this update:

• java-1.8.0-openjdk-1.8.0.392.b08-4.fc38

Update description:

updated to jdk8u392+b08

FEDORA-2023-6a3c2aeeee Packages in this update:

• java-1.8.0-openjdk-1.8.0.392.b08-4.fc39

Update description:

updated to jdk8u392+b08

Version:6.7-rc4 (mainline) Released:2023-12-03 Source:linux-6.7-rc4.tar.gz Patch:full (incremental)

Version:6.6.4 (stable) Released:2023-12-03 Source:linux-6.6.4.tar.xz PGP Signature:linux-6.6.4.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-6.6.4

Version:6.1.65 (longterm) Released:2023-12-03 Source:linux-6.1.65.tar.xz PGP Signature:linux-6.1.65.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-6.1.65

Version:5.15.141 (longterm) Released:2023-12-03 Source:linux-5.15.141.tar.xz PGP Signature:linux-5.15.141.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-5.15.141

FEDORA-EPEL-2023-3d9a822df5 Packages in this update:

• rust-pore-0.1.8-5.el9

Update description:

Affected applications were rebuilt against version 0.10.60 of the the openssl crate (the Rust bindings for OpenSSL) to address two security advisories:

• https://rustsec.org/advisories/RUSTSEC-2023-0044.html
• https://rustsec.org/advisories/RUSTSEC-2023-0072.html

FEDORA-2023-6215ea423b Packages in this update:

• clevis-pin-tpm2-0.5.3-2.fc38
• keyring-ima-signer-0.1.0-11.fc38
• libkrun-1.5.0-7.fc38
• rust-bodhi-cli-2.1.1-2.fc38
• rust-coreos-installer-0.18.0-2.fc38
• rust-fedora-update-feedback-2.1.3-2.fc38
• rust-gst-plugin-reqwest-0.11.1-2.fc38
• rust-pore-0.1.8-5.fc38
• rust-rpm-sequoia-1.5.0-2.fc38
• rust-sequoia-octopus-librnp-1.5.0-4.fc38
• rust-sequoia-policy-config-0.6.0-6.fc38
• rust-sequoia-sq-0.26.0-10.fc38
• rust-sequoia-wot-0.5.0-4.fc38
• rust-sevctl-0.3.2-5.fc38
• rust-tealdeer-1.6.1-5.fc38

Update description:

Affected applications were rebuilt against version 0.10.60 of the the openssl crate (the Rust bindings for OpenSSL) to address two security advisories:

• https://rustsec.org/advisories/RUSTSEC-2023-0044.html
• https://rustsec.org/advisories/RUSTSEC-2023-0072.html

FEDORA-2023-9790b327cb Packages in this update:

• clevis-pin-tpm2-0.5.3-2.fc39
• keyring-ima-signer-0.1.0-11.fc39
• rust-bodhi-cli-2.1.1-2.fc39
• rust-coreos-installer-0.18.0-2.fc39
• rust-fedora-update-feedback-2.1.3-2.fc39
• rust-gst-plugin-reqwest-0.11.1-2.fc39
• rust-pore-0.1.8-5.fc39
• rust-rpm-sequoia-1.5.0-2.fc39
• rust-sequoia-octopus-librnp-1.5.0-4.fc39
• rust-sequoia-policy-config-0.6.0-6.fc39
• rust-sequoia-sq-0.26.0-10.fc39
• rust-sequoia-wot-0.5.0-4.fc39
• rust-sevctl-0.4.3-2.fc39
• rust-snphost-0.1.2-2.fc39
• rust-tealdeer-1.6.1-5.fc39

Update description:

Affected applications were rebuilt against version 0.10.60 of the the openssl crate (the Rust bindings for OpenSSL) to address two security advisories:

• https://rustsec.org/advisories/RUSTSEC-2023-0044.html
• https://rustsec.org/advisories/RUSTSEC-2023-0072.html

FEDORA-2023-af8489dc5b Packages in this update:

• clevis-pin-tpm2-0.5.3-2.fc40
• keyring-ima-signer-0.1.0-11.fc40
• python-cryptography-41.0.5-2.fc40
• rust-bodhi-cli-2.1.1-2.fc40
• rust-coreos-installer-0.18.0-2.fc40
• rust-fedora-update-feedback-2.1.3-2.fc40
• rust-gst-plugin-reqwest-0.11.1-2.fc40
• rust-pore-0.1.8-5.fc40
• rust-rpm-sequoia-1.5.0-2.fc40
• rust-sequoia-octopus-librnp-1.5.0-4.fc40
• rust-sequoia-policy-config-0.6.0-6.fc40
• rust-sequoia-sq-0.26.0-10.fc40
• rust-sequoia-wot-0.5.0-4.fc40
• rust-sevctl-0.4.3-2.fc40
• rust-snphost-0.1.2-2.fc40
• rust-tealdeer-1.6.1-5.fc40

Update description:

Affected applications were rebuilt against version 0.10.60 of the the openssl crate (the Rust bindings for OpenSSL) to address two security advisories:

• https://rustsec.org/advisories/RUSTSEC-2023-0044.html
• https://rustsec.org/advisories/RUSTSEC-2023-0072.html