FEDORA-2023-ad76deb86e

Packages in this update:

llhttp-8.1.1-1.fc39
python-aiohttp-3.8.5-1.fc39

Update description:

Update llhttp to 8.1.1 and python-aiohttp to 3.8.5. Fixes CVE-2023-30589.

Read More

FEDORA-EPEL-2023-1a8a33f65f

Packages in this update:

kitty-0.26.5-9.el8

Update description:

fix CVE

Read More

A security issue was discovered in Thunderbird, which could result in
spoofing of filenames of email attachments.

Read More

Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or information
leaks.

Read More

Tavis Ormandy discovered that under specific microarchitectural
circumstances, a vector register in AMD Zen 2 CPUs may not be
written to 0 correctly. This flaw allows an attacker to leak
sensitive information across concurrent processes, hyper threads
and virtualized guests.

Read More

A vulnerability has been discovered in Ivanti Endpoint Manager (EPMM), formerly known as MobileIron Core; which could allow for arbitrary code execution. Ivanti Endpoint Manager Mobile is a mobile management software engine that enables IT to set policies for mobile devices, applications and content. If successfully exploited, an attacker could perform arbitrary file writes to the EPMM server.

Read More

Use after free in DevTools in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Chromium security severity: Medium)

Read More

Policy bypass in Blink in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)

Read More

Use after free in Blink in Google Chrome prior to 92.0.4515.107 allowed a remote attacker who had compromised the renderer process to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)

Read More