Fedora Security Advisories

kernel-6.8.5-301.fc40

Fedora Security Advisories
2 weeks 1 day ago
FEDORA-2024-6d35739db7 Packages in this update:
  • kernel-6.8.5-301.fc40
Update description:

The 6.8.5 stable kernel update contains a number of important fixes across the tree.

xen-4.17.4-1.fc38

Fedora Security Advisories
2 weeks 1 day ago
FEDORA-2024-a676697123 Packages in this update:
  • xen-4.17.4-1.fc38
Update description:

x86: Native Branch History Injection [XSA-456, CVE-2024-2201] update to xen 4.17.4, remove patches now included upstream rebase xen.gcc12.fixes.patch x86 HVM hypercalls may trigger Xen bug check [XSA-454, CVE-2023-46842] x86: Incorrect logic for BTC/SRSO mitigations [XSA-455, CVE-2024-31142]

google-guest-agent-20240314.00-4.fc41

Fedora Security Advisories
2 weeks 1 day ago
FEDORA-2024-74c4c65ff6 Packages in this update:
  • google-guest-agent-20240314.00-4.fc41
Update description:

Automatic update for google-guest-agent-20240314.00-4.fc41.

Changelog * Wed Apr 10 2024 Major Hayden <major@redhat.com> - 20240314.00-4 - Skip events test * Wed Apr 10 2024 Major Hayden <major@redhat.com> - 20240314.00-3 - Fix typo in License filename * Wed Apr 10 2024 Major Hayden <major@redhat.com> - 20240314.00-2 - Sync packit config with other GCP pkgs * Wed Apr 10 2024 Major Hayden <major@redhat.com> - 20240314.00-1 - Update to 20240314.00 rhbz#2274184 * Wed Apr 10 2024 Fedora Release Engineering <releng@fedoraproject.org> - 20230726.00-8 - Unretirement Releng Request: https://pagure.io/releng/issue/12057 * Sun Feb 11 2024 Maxwell G <maxwell@gtmx.me> - 20230726.00-7 - Rebuild for golang 1.22.0 * Wed Jan 24 2024 Fedora Release Engineering <releng@fedoraproject.org> - 20230726.00-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Sat Jan 20 2024 Fedora Release Engineering <releng@fedoraproject.org> - 20230726.00-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Wed Sep 6 2023 Major Hayden <major@redhat.com> - 20230726.00-4 - PRs to rawhide only * Fri Jul 28 2023 Major Hayden <major@redhat.com> - 20230726.00-3 - Fix typo on ppc64le * Fri Jul 28 2023 Major Hayden <major@redhat.com> - 20230726.00-2 - Disable ppc64/s390x arches * Fri Jul 28 2023 Packit <hello@packit.dev> - 20230726.00-1 - [packit] 20230726.00 upstream release * Tue Jul 25 2023 Major Hayden <major@redhat.com> - 20230725.00-2 - Disable koji auto build with packit * Tue Jul 25 2023 Packit <hello@packit.dev> - 20230725.00-1 - [packit] 20230725.00 upstream release * Thu Jul 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 20230711.00-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild * Wed Jul 12 2023 Major Hayden <major@redhat.com> - 20230711.00-1 - Update to 20230711.00 rhbz#2222161 * Wed Jul 12 2023 Major Hayden <major@redhat.com> - 20230707.00-2 - Add packit config 🤖 * Tue Jul 11 2023 Major Hayden <major@redhat.com> - 20230707.00-1 - Update to 20230707.00 rhbz#2221432 * Mon Jul 3 2023 Major Hayden <major@redhat.com> - 20230628.00-1 - Update to 20230628.00 rhbz#2218708 * Wed Jun 28 2023 Major Hayden <major@redhat.com> - 20230626.00-1 - Update to 20230626.00 rhbz#2218220 * Mon Jun 12 2023 Major Hayden <major@redhat.com> - 20230601.00-1 - Update to 20230601.00 rhbz#2211674 * Thu May 18 2023 Major Hayden <major@redhat.com> - 20230517.00-1 - Update to 20230517.00 rhbz#2208103 * Mon May 15 2023 Major Hayden <major@redhat.com> - 20230510.00-1 - Update to 20230510.00 rhbz#2198979 * Mon May 1 2023 Major Hayden <major@redhat.com> - 20230426.00-1 - Update to 20230426.00 rhbz#2190065 * Thu Apr 6 2023 Major Hayden <major@redhat.com> - 20230403.00-1 - Update to 20230403.00 rhbz#2183053 * Tue Mar 28 2023 Major Hayden <major@redhat.com> - 20230221.00-2 - Bump revision for rebuild rhbz#2178465 * Tue Feb 28 2023 Major Hayden <major@redhat.com> - 20230221.00-1 - Update to 20230221.00 rhbz#2172749 * Wed Feb 22 2023 Major Hayden <major@redhat.com> - 20230207.00-2 - Set SPDX license * Mon Feb 13 2023 Major Hayden <major@redhat.com> - 20230207.00-1 - Update to 20230207.00 rhbz#2160637 * Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 20221109.00-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild * Mon Nov 14 2022 Major Hayden <major@redhat.com> - 20221109.00-1 - Update to 20221109.00 rhbz#2140412 * Wed Oct 26 2022 Major Hayden <major@redhat.com> - 20221025.00-1 - Update to 20221025.00 rhbz#2136314 * Wed Oct 12 2022 Major Hayden <major@redhat.com> - 20220927.00-1 - Update to 20220927.00 rhbz#2130931 * Thu Aug 25 2022 Major Hayden <major@redhat.com> - 20220824.00-1 - Update to 20220824.00 rhbz#2120895 * Thu Aug 18 2022 Major Hayden <major@redhat.com> - 20220816.01-1 - Update to 20220816.01 rhbz#2119456 * Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 20201217.02-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild * Tue Jul 19 2022 Maxwell G <gotmax@e.email> - 20201217.02-5 - Rebuild for CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang * Sat Jun 18 2022 Robert-André Mauchin <zebob.m@gmail.com> - 20201217.02-4 - Rebuilt for CVE-2022-1996, CVE-2022-24675, CVE-2022-28327, CVE-2022-27191, CVE-2022-29526, CVE-2022-30629

perl-Clipboard-0.29-1.el8

Fedora Security Advisories
2 weeks 1 day ago
FEDORA-EPEL-2024-f060b59d26 Packages in this update:
  • perl-Clipboard-0.29-1.el8
Update description:

Update to 0.29 - Fixes 'clipbrowse command execution with multi-line clipboard text including "| sh"'

perl-Clipboard-0.29-1.el7

Fedora Security Advisories
2 weeks 1 day ago
FEDORA-EPEL-2024-a8b1cd8e52 Packages in this update:
  • perl-Clipboard-0.29-1.el7
Update description:

Update to 0.29 - Fixes 'clipbrowse command execution with multi-line clipboard text including "| sh"'

perl-Clipboard-0.29-1.el9

Fedora Security Advisories
2 weeks 1 day ago
FEDORA-EPEL-2024-6ebc36e81d Packages in this update:
  • perl-Clipboard-0.29-1.el9
Update description:

Update to 0.29 - Fixes 'clipbrowse command execution with multi-line clipboard text including "| sh"'

perl-Clipboard-0.29-1.fc39

Fedora Security Advisories
2 weeks 1 day ago
FEDORA-2024-43a0920f12 Packages in this update:
  • perl-Clipboard-0.29-1.fc39
Update description:

Update to 0.29 - Fixes 'clipbrowse command execution with multi-line clipboard text including "| sh"'

perl-Clipboard-0.29-1.fc40

Fedora Security Advisories
2 weeks 1 day ago
FEDORA-2024-2843f37353 Packages in this update:
  • perl-Clipboard-0.29-1.fc40
Update description:

Update to 0.29 - Fixes 'clipbrowse command execution with multi-line clipboard text including "| sh"'

perl-Clipboard-0.29-1.fc41

Fedora Security Advisories
2 weeks 1 day ago
FEDORA-2024-966c267928 Packages in this update:
  • perl-Clipboard-0.29-1.fc41
Update description:

Automatic update for perl-Clipboard-0.29-1.fc41.

Changelog * Wed Apr 10 2024 Xavier Bachelot <xavier@bachelot.org> - 0.29-1 - Update to 0.29 (RHBZ#2273832) - Fixes RHBZ#2257224 and RHBZ#2257225 - Convert License: to SPDX

wordpress-6.5.2-1.fc39

Fedora Security Advisories
2 weeks 1 day ago
FEDORA-2024-8ffb095abb Packages in this update:
  • wordpress-6.5.2-1.fc39
Update description:

Upstream annoucement: WordPress 6.5.2 Maintenance and Security Release

Security updates included in this release

  • A cross-site scripting (XSS) vulnerability affecting the Avatar block type; reported by John Blackbourn of the WordPress security team. Many thanks to Mat Rollings for assisting with the research.

Upstream announcement: WordPress 6.5 “Regina”

wordpress-6.5.2-1.fc40

Fedora Security Advisories
2 weeks 1 day ago
FEDORA-2024-e6d3143991 Packages in this update:
  • wordpress-6.5.2-1.fc40
Update description:

Upstream annoucement: WordPress 6.5.2 Maintenance and Security Release

Security updates included in this release

  • A cross-site scripting (XSS) vulnerability affecting the Avatar block type; reported by John Blackbourn of the WordPress security team. Many thanks to Mat Rollings for assisting with the research.

Upstream announcement: WordPress 6.5 “Regina”

wordpress-6.5.2-1.el9

Fedora Security Advisories
2 weeks 1 day ago
FEDORA-EPEL-2024-7c7a65fa6c Packages in this update:
  • wordpress-6.5.2-1.el9
Update description:

Upstream annoucement: WordPress 6.5.2 Maintenance and Security Release

Security updates included in this release

  • A cross-site scripting (XSS) vulnerability affecting the Avatar block type; reported by John Blackbourn of the WordPress security team. Many thanks to Mat Rollings for assisting with the research.

Upstream announcement: WordPress 6.5 “Regina”

wordpress-6.4.4-1.fc38

Fedora Security Advisories
2 weeks 1 day ago
FEDORA-2024-0a2f144348 Packages in this update:
  • wordpress-6.4.4-1.fc38
Update description:

WordPress 6.4.4 Security Release

Security updates included in this release

  • A cross-site scripting (XSS) vulnerability affecting the Avatar block type; reported by John Blackbourn of the WordPress security team. Many thanks to Mat Rollings for assisting with the research.

php-8.2.18-1.fc38

Fedora Security Advisories
2 weeks 1 day ago
FEDORA-2024-39d50cc975 Packages in this update:
  • php-8.2.18-1.fc38
Update description:

PHP version 8.2.18 (11 Apr 2024)

Core:

  • Fixed bug GH-13612 (Corrupted memory in destructor with weak references). (nielsdos)
  • Fixed bug GH-13784 (AX_GCC_FUNC_ATTRIBUTE failure). (Remi)
  • Fixed bug GH-13670 (GC does not scale well with a lot of objects created in destructor). (Arnaud)

DOM:

  • Add some missing ZPP checks. (nielsdos)
  • Fix potential memory leak in XPath evaluation results. (nielsdos)
  • Fix phpdoc for DOMDocument load methods. (VincentLanglet)

FPM

  • Fix incorrect check in fpm_shm_free(). (nielsdos)

GD:

  • Fixed bug GH-12019 (add GDLIB_CFLAGS in feature tests). (Michael Orlitzky)

Gettext:

  • Fixed sigabrt raised with dcgettext/dcngettext calls with gettext 0.22.5 with category set to LC_ALL. (David Carlier)

MySQLnd:

  • Fix GH-13452 (Fixed handshake response [mysqlnd]). (Saki Takamachi)
  • Fix incorrect charset length in check_mb_eucjpms(). (nielsdos)

Opcache:

  • Fixed GH-13508 (JITed QM_ASSIGN may be optimized out when op1 is null). (Arnaud, Dmitry)
  • Fixed GH-13712 (Segmentation fault for enabled observers when calling trait method of internal trait when opcache is loaded). (Bob)

PDO:

  • Fix various PDORow bugs. (Girgias)

Random:

  • Fixed bug GH-13544 (Pre-PHP 8.2 compatibility for mt_srand with unknown modes). (timwolla)
  • Fixed bug GH-13690 (Global Mt19937 is not properly reset in-between requests when MT_RAND_PHP is used). (timwolla)

Session:

  • Fixed bug GH-13680 (Segfault with session_decode and compilation error). (nielsdos)

Sockets:

  • Fixed bug GH-13604 (socket_getsockname returns random characters in the end of the socket name). (David Carlier)

SPL:

  • Fixed bug GH-13531 (Unable to resize SplfixedArray after being unserialized in PHP 8.2.15). (nielsdos)
  • Fixed bug GH-13685 (Unexpected null pointer in zend_string.h). (nielsdos)

Standard:

  • Fixed bug GH-11808 (Live filesystem modified by tests). (nielsdos)
  • Fixed GH-13402 (Added validation of \n in $additional_headers of mail()). (SakiTakamachi)
  • Fixed bug GH-13203 (file_put_contents fail on strings over 4GB on Windows). (divinity76)
  • Fixed bug GHSA-pc52-254m-w9w7 (Command injection via array-ish $command parameter of proc_open). (CVE-2024-1874) (Jakub Zelenka)
  • Fixed bug GHSA-wpj3-hf5j-x4v4 (__Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix). (CVE-2024-2756) (nielsdos)
  • Fixed bug GHSA-h746-cjrr-wfmr (password_verify can erroneously return true, opening ATO risk). (CVE-2024-3096) (Jakub Zelenka)

XML:

  • Fixed bug GH-13517 (Multiple test failures when building with --with-expat). (nielsdos)

php-8.2.18-1.fc39

Fedora Security Advisories
2 weeks 1 day ago
FEDORA-2024-b46619f761 Packages in this update:
  • php-8.2.18-1.fc39
Update description:

PHP version 8.2.18 (11 Apr 2024)

Core:

  • Fixed bug GH-13612 (Corrupted memory in destructor with weak references). (nielsdos)
  • Fixed bug GH-13784 (AX_GCC_FUNC_ATTRIBUTE failure). (Remi)
  • Fixed bug GH-13670 (GC does not scale well with a lot of objects created in destructor). (Arnaud)

DOM:

  • Add some missing ZPP checks. (nielsdos)
  • Fix potential memory leak in XPath evaluation results. (nielsdos)
  • Fix phpdoc for DOMDocument load methods. (VincentLanglet)

FPM

  • Fix incorrect check in fpm_shm_free(). (nielsdos)

GD:

  • Fixed bug GH-12019 (add GDLIB_CFLAGS in feature tests). (Michael Orlitzky)

Gettext:

  • Fixed sigabrt raised with dcgettext/dcngettext calls with gettext 0.22.5 with category set to LC_ALL. (David Carlier)

MySQLnd:

  • Fix GH-13452 (Fixed handshake response [mysqlnd]). (Saki Takamachi)
  • Fix incorrect charset length in check_mb_eucjpms(). (nielsdos)

Opcache:

  • Fixed GH-13508 (JITed QM_ASSIGN may be optimized out when op1 is null). (Arnaud, Dmitry)
  • Fixed GH-13712 (Segmentation fault for enabled observers when calling trait method of internal trait when opcache is loaded). (Bob)

PDO:

  • Fix various PDORow bugs. (Girgias)

Random:

  • Fixed bug GH-13544 (Pre-PHP 8.2 compatibility for mt_srand with unknown modes). (timwolla)
  • Fixed bug GH-13690 (Global Mt19937 is not properly reset in-between requests when MT_RAND_PHP is used). (timwolla)

Session:

  • Fixed bug GH-13680 (Segfault with session_decode and compilation error). (nielsdos)

Sockets:

  • Fixed bug GH-13604 (socket_getsockname returns random characters in the end of the socket name). (David Carlier)

SPL:

  • Fixed bug GH-13531 (Unable to resize SplfixedArray after being unserialized in PHP 8.2.15). (nielsdos)
  • Fixed bug GH-13685 (Unexpected null pointer in zend_string.h). (nielsdos)

Standard:

  • Fixed bug GH-11808 (Live filesystem modified by tests). (nielsdos)
  • Fixed GH-13402 (Added validation of \n in $additional_headers of mail()). (SakiTakamachi)
  • Fixed bug GH-13203 (file_put_contents fail on strings over 4GB on Windows). (divinity76)
  • Fixed bug GHSA-pc52-254m-w9w7 (Command injection via array-ish $command parameter of proc_open). (CVE-2024-1874) (Jakub Zelenka)
  • Fixed bug GHSA-wpj3-hf5j-x4v4 (__Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix). (CVE-2024-2756) (nielsdos)
  • Fixed bug GHSA-h746-cjrr-wfmr (password_verify can erroneously return true, opening ATO risk). (CVE-2024-3096) (Jakub Zelenka)

XML:

  • Fixed bug GH-13517 (Multiple test failures when building with --with-expat). (nielsdos)

php-8.3.6-1.fc40

Fedora Security Advisories
2 weeks 1 day ago
FEDORA-2024-5e8ae0def0 Packages in this update:
  • php-8.3.6-1.fc40
Update description:

PHP version 8.3.6 (11 Apr 2024)

Core:

  • Fixed GH-13569 (GC buffer unnecessarily grows up to GC_MAX_BUF_SIZE when scanning WeakMaps). (Arnaud)
  • Fixed bug GH-13612 (Corrupted memory in destructor with weak references). (nielsdos)
  • Fixed bug GH-13446 (Restore exception handler after it finishes). (ilutov)
  • Fixed bug GH-13784 (AX_GCC_FUNC_ATTRIBUTE failure). (Remi)
  • Fixed bug GH-13670 (GC does not scale well with a lot of objects created in destructor). (Arnaud)

DOM:

  • Add some missing ZPP checks. (nielsdos)
  • Fix potential memory leak in XPath evaluation results. (nielsdos)

FPM:

  • Fixed GH-11086 (FPM: config test runs twice in daemonised mode). (Jakub Zelenka)
  • Fix incorrect check in fpm_shm_free(). (nielsdos)

GD:

  • Fixed bug GH-12019 (add GDLIB_CFLAGS in feature tests). (Michael Orlitzky)

Gettext:

  • Fixed sigabrt raised with dcgettext/dcngettext calls with gettext 0.22.5 with category set to LC_ALL. (David Carlier)

MySQLnd:

  • Fix GH-13452 (Fixed handshake response [mysqlnd]). (Saki Takamachi)
  • Fix incorrect charset length in check_mb_eucjpms(). (nielsdos)

Opcache:

  • Fixed GH-13508 (JITed QM_ASSIGN may be optimized out when op1 is null). (Arnaud, Dmitry)
  • Fixed GH-13712 (Segmentation fault for enabled observers when calling trait method of internal trait when opcache is loaded). (Bob)

Random:

  • Fixed bug GH-13544 (Pre-PHP 8.2 compatibility for mt_srand with unknown modes). (timwolla)
  • Fixed bug GH-13690 (Global Mt19937 is not properly reset in-between requests when MT_RAND_PHP is used). (timwolla)

Session:

  • Fixed bug GH-13680 (Segfault with session_decode and compilation error). (nielsdos)

SPL:

  • Fixed bug GH-13685 (Unexpected null pointer in zend_string.h). (nielsdos)

Standard:

  • Fixed bug GH-11808 (Live filesystem modified by tests). (nielsdos)
  • Fixed GH-13402 (Added validation of \n in $additional_headers of mail()). (SakiTakamachi)
  • Fixed bug GH-13203 (file_put_contents fail on strings over 4GB on Windows). (divinity76)
  • Fixed bug GHSA-pc52-254m-w9w7 (Command injection via array-ish $command parameter of proc_open). (CVE-2024-1874) (Jakub Zelenka)
  • Fixed bug GHSA-wpj3-hf5j-x4v4 (__Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix). (CVE-2024-2756) (nielsdos)
  • Fixed bug GHSA-h746-cjrr-wfmr (password_verify can erroneously return true, opening ATO risk). (CVE-2024-3096) (Jakub Zelenka) Fixed bug GHSA-fjp9-9hwx-59fq (mb_encode_mimeheader runs endlessly for some inputs). (CVE-2024-2757) (Alex Dowad)
  • Fix bug GH-13932 (Attempt to fix mbstring on windows build) (msvc). (David Carlier)

rust-1.77.2-1.fc41

Fedora Security Advisories
2 weeks 1 day ago
FEDORA-2024-3534c44ef9 Packages in this update:
  • rust-1.77.2-1.fc41
Update description:

Automatic update for rust-1.77.2-1.fc41.

Changelog * Tue Apr 9 2024 Josh Stone <jistone@redhat.com> - 1.77.2-1 - Update to 1.77.2; Fixes RHBZ#2274248 CVE-2024-24576
Checked
20 minutes 57 seconds ago
URL
https://bodhi.fedoraproject.org/rss/updates/?type=security