Aggregator

FEDORA-2024-11821b16ac Packages in this update:

• gdcm-3.0.23-5.fc39

Update description: Security fixes

• TALOS-2024-1924, CVE-2024-22391: heap overflow
• TALOS-2024-1935, CVE-2024-22373: out-of-bounds write
• TALOS-2024-1944, CVE-2024-25569: out-of-bounds read

Bug fixes

• Replace deprecated PyEval_CallObject for compatibility with Python 3.13

FEDORA-EPEL-2024-f5884f808a Packages in this update:

• gdcm-3.0.12-7.el9

Update description: Security fixes

• TALOS-2024-1924, CVE-2024-22391: heap overflow
• TALOS-2024-1935, CVE-2024-22373: out-of-bounds write
• TALOS-2024-1944, CVE-2024-25569: out-of-bounds read

Bug fixes

• Replace deprecated PyEval_CallObject for compatibility with Python 3.13

FEDORA-2024-7a57842ec3 Packages in this update:

• gdcm-3.0.21-4.fc38

Update description: Security fixes

• TALOS-2024-1924, CVE-2024-22391: heap overflow
• TALOS-2024-1935, CVE-2024-22373: out-of-bounds write
• TALOS-2024-1944, CVE-2024-25569: out-of-bounds read

Bug fixes

• Replace deprecated PyEval_CallObject for compatibility with Python 3.13

FEDORA-2024-fae33e6e9f Packages in this update:

• gdcm-3.0.23-5.fc40

Update description: Security fixes

• TALOS-2024-1924, CVE-2024-22391: heap overflow
• TALOS-2024-1935, CVE-2024-22373: out-of-bounds write
• TALOS-2024-1944, CVE-2024-25569: out-of-bounds read

Bug fixes

• Replace deprecated PyEval_CallObject for compatibility with Python 3.13

FEDORA-2024-c5909efa5c Packages in this update:

• gdcm-3.0.23-5.fc41

Update description:

Automatic update for gdcm-3.0.23-5.fc41.

Changelog * Fri Apr 26 2024 Sandro <devel@penguinpee.nl> - 3.0.23-5 - Apply security patches - Fix TALOS-2024-1924, CVE-2024-22391 (RHBZ#2277288) - Fix TALOS-2024-1935, CVE-2024-22373 (RHBZ#2277292) - Fix TALOS-2024-1944, CVE-2024-25569 (RHBZ#2277296) * Fri Apr 19 2024 Sandro <devel@penguinpee.nl> - 3.0.23-4 - Replace deprecated PyEval_CallObject() (RHBZ#2245816) * Fri Mar 22 2024 Sérgio M. Basto <sergio@serjux.com> - 3.0.23-3 - Update URL

Version:next-20240426 (linux-next) Released:2024-04-26

FEDORA-2024-29120efcc4 Packages in this update:

• et-6.2.1-15.fc38

Update description:

Unbundle cpp-httlib, fixing CVE-2023-26130

FEDORA-2024-a09bfceb28 Packages in this update:

• et-6.2.1-15.fc39

Update description:

Unbundle cpp-httlib, fixing CVE-2023-26130

FEDORA-2024-cd94b2df32 Packages in this update:

• et-6.2.1-15.fc40

Update description:

Unbundle cpp-httlib, fixing CVE-2023-26130

FEDORA-2024-34474f346b Packages in this update:

• clamav-1.0.6-1.fc40

Update description:

ClamAV 1.0.6 is a critical patch release with the following fixes:

• Updated select Rust dependencies to the latest versions. This resolved Cargo audit complaints and included PNG parser bug fixes.

  • GitHub pull requesthttps://github.com/Cisco-Talos/clamav/pull/1225

  • Fixed a bug causing some text to be truncated when converting from UTF-16.

  • GitHub pull requesthttps://github.com/Cisco-Talos/clamav/pull/1232

  • Fixed assorted complaints identified by Coverity static analysis.

  • GitHub pull requesthttps://github.com/Cisco-Talos/clamav/pull/1237

  • Fixed a bug causing CVDs downloaded by the DatabaseCustomURL Freshclam config option to be pruned and then re-downloaded with every update.

  • GitHub pull requesthttps://github.com/Cisco-Talos/clamav/pull/1240

  • Added the new 'valhalla' database name to the list of optional databases in preparation for future work.

  • GitHub pull requesthttps://github.com/Cisco-Talos/clamav/pull/1240

  • Silenced a warning "Unexpected early end-of-file" that occured when scanning some PNG files.

  • GitHub pull requesthttps://github.com/Cisco-Talos/clamav/pull/1216

FEDORA-2024-1a79c2ef63 Packages in this update:

• clamav-1.0.6-1.fc39

Update description:

ClamAV 1.0.6 is a critical patch release with the following fixes:

• Updated select Rust dependencies to the latest versions. This resolved Cargo audit complaints and included PNG parser bug fixes.

  • GitHub pull requesthttps://github.com/Cisco-Talos/clamav/pull/1225

  • Fixed a bug causing some text to be truncated when converting from UTF-16.

  • GitHub pull requesthttps://github.com/Cisco-Talos/clamav/pull/1232

  • Fixed assorted complaints identified by Coverity static analysis.

  • GitHub pull requesthttps://github.com/Cisco-Talos/clamav/pull/1237

  • Fixed a bug causing CVDs downloaded by the DatabaseCustomURL Freshclam config option to be pruned and then re-downloaded with every update.

  • GitHub pull requesthttps://github.com/Cisco-Talos/clamav/pull/1240

  • Added the new 'valhalla' database name to the list of optional databases in preparation for future work.

  • GitHub pull requesthttps://github.com/Cisco-Talos/clamav/pull/1240

  • Silenced a warning "Unexpected early end-of-file" that occured when scanning some PNG files.

  • GitHub pull requesthttps://github.com/Cisco-Talos/clamav/pull/1216

FEDORA-EPEL-2024-25c9732d41 Packages in this update:

• clamav-1.0.6-1.el9

Update description:

ClamAV 1.0.6 is a critical patch release with the following fixes:

• Updated select Rust dependencies to the latest versions. This resolved Cargo audit complaints and included PNG parser bug fixes.

  • GitHub pull requesthttps://github.com/Cisco-Talos/clamav/pull/1225

  • Fixed a bug causing some text to be truncated when converting from UTF-16.

  • GitHub pull requesthttps://github.com/Cisco-Talos/clamav/pull/1232

  • Fixed assorted complaints identified by Coverity static analysis.

  • GitHub pull requesthttps://github.com/Cisco-Talos/clamav/pull/1237

  • Fixed a bug causing CVDs downloaded by the DatabaseCustomURL Freshclam config option to be pruned and then re-downloaded with every update.

  • GitHub pull requesthttps://github.com/Cisco-Talos/clamav/pull/1240

  • Added the new 'valhalla' database name to the list of optional databases in preparation for future work.

  • GitHub pull requesthttps://github.com/Cisco-Talos/clamav/pull/1240

  • Silenced a warning "Unexpected early end-of-file" that occured when scanning some PNG files.

  • GitHub pull requesthttps://github.com/Cisco-Talos/clamav/pull/1216

FEDORA-2024-92b8ac25a5 Packages in this update:

• clamav-1.0.6-1.fc38

Update description:

ClamAV 1.0.6 is a critical patch release with the following fixes:

• Updated select Rust dependencies to the latest versions. This resolved Cargo audit complaints and included PNG parser bug fixes.

  • GitHub pull requesthttps://github.com/Cisco-Talos/clamav/pull/1225

  • Fixed a bug causing some text to be truncated when converting from UTF-16.

  • GitHub pull requesthttps://github.com/Cisco-Talos/clamav/pull/1232

  • Fixed assorted complaints identified by Coverity static analysis.

  • GitHub pull requesthttps://github.com/Cisco-Talos/clamav/pull/1237

  • Fixed a bug causing CVDs downloaded by the DatabaseCustomURL Freshclam config option to be pruned and then re-downloaded with every update.

  • GitHub pull requesthttps://github.com/Cisco-Talos/clamav/pull/1240

  • Added the new 'valhalla' database name to the list of optional databases in preparation for future work.

  • GitHub pull requesthttps://github.com/Cisco-Talos/clamav/pull/1240

  • Silenced a warning "Unexpected early end-of-file" that occured when scanning some PNG files.

  • GitHub pull requesthttps://github.com/Cisco-Talos/clamav/pull/1216

It was discovered that nghttp2 incorrectly handled the HTTP/2 implementation. A remote attacker could possibly use this issue to cause nghttp2 to consume resources, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-9511, CVE-2019-9513) It was discovered that nghttp2 incorrectly handled request cancellation. A remote attacker could possibly use this issue to cause nghttp2 to consume resources, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2023-44487) It was discovered that nghttp2 could be made to process an unlimited number of HTTP/2 CONTINUATION frames. A remote attacker could possibly use this issue to cause nghttp2 to consume resources, leading to a denial of service. (CVE-2024-28182)

Thomas Neil James Shadwell discovered that CryptoJS was using an insecure cryptographic default configuration. A remote attacker could possibly use this issue to expose sensitive information.

It was discovered that Zabbix incorrectly handled input data in the discovery and graphs pages. A remote authenticated attacker could possibly use this issue to perform reflected cross-site scripting (XSS) attacks. (CVE-2022-35229, CVE-2022-35230)

It was discovered that FreeRDP incorrectly handled certain memory operations. If a user were tricked into connecting to a malicious server, a remote attacker could possibly use this issue to cause FreeRDP to crash, resulting in a denial of service.

FEDORA-2024-48bdd3abbf Packages in this update:

• ruby-3.2.4-182.fc38

Update description:

Upgrade to Ruby 3.2.4.

FEDORA-2024-31cac8b8ec Packages in this update:

• ruby-3.2.4-182.fc39

Update description:

Upgrade to Ruby 3.2.4.

FEDORA-EPEL-2024-0c24da3136 Packages in this update:

• chromium-124.0.6367.78-1.el9

Update description:

update to 124.0.6367.78

* Critical CVE-2024-4058: Type Confusion in ANGLE * High CVE-2024-4059: Out of bounds read in V8 API * High CVE-2024-4060: Use after free in Dawn

update to 124.0.6367.60

• High CVE-2024-3832: Object corruption in V8
• High CVE-2024-3833: Object corruption in WebAssembly
• High CVE-2024-3914: Use after free in V8
• High CVE-2024-3834: Use after free in Downloads
• Medium CVE-2024-3837: Use after free in QUIC
• Medium CVE-2024-3838: Inappropriate implementation in Autofill
• Medium CVE-2024-3839: Out of bounds read in Fonts
• Medium CVE-2024-3840: Insufficient policy enforcement in Site Isolation
• Medium CVE-2024-3841: Insufficient data validation in Browser Switcher
• Medium CVE-2024-3843: Insufficient data validation in Downloads
• Low CVE-2024-3844: Inappropriate implementation in Extensions
• Low CVE-2024-3845: Inappropriate implementation in Network
• Low CVE-2024-3846: Inappropriate implementation in Prompts
• Low CVE-2024-3847: Insufficient policy enforcement in WebUI

update to 123.0.6312.122

• High CVE-2024-3157: Out of bounds write in Compositing
• High CVE-2024-3516: Heap buffer overflow in ANGLE
• High CVE-2024-3515: Use after free in Dawn