FEDORA-2023-d6dbdf62ad
Packages in this update:
pmix-4.1.3-1.fc38
Update description:
Security fix for CVE-2023-41915
pmix-4.1.3-1.fc38
Security fix for CVE-2023-41915
pmix-4.1.3-1.fc37
Security fix for CVE-2023-41915
pmix-4.1.3-1.fc39
Security fix for CVE-2023-41915
It was discovered that a memory leak existed in certain GNU binutils
modules. An attacker could possibly use this issue to cause a denial of
service (memory exhaustion). (CVE-2020-19724, CVE-2020-21490)
It was discovered that GNU binutils was not properly performing bounds
checks in several functions, which could lead to a buffer overflow. An
attacker could possibly use this issue to cause a denial of service,
expose sensitive information or execute arbitrary code.
(CVE-2020-19726, CVE-2021-46174, CVE-2022-45703)
It was discovered that GNU binutils was not properly initializing heap
memory when processing certain print instructions. An attacker could
possibly use this issue to expose sensitive information. (CVE-2020-35342)
It was discovered that GNU binutils was not properly handling the logic
behind certain memory management related operations, which could lead to a
buffer overflow. An attacker could possibly use this issue to cause a
denial of service or execute arbitrary code. (CVE-2022-44840)
It was discovered that GNU binutils was not properly handling the logic
behind certain memory management related operations, which could lead to
an invalid memory access. An attacker could possibly use this issue to
cause a denial of service. (CVE-2022-47695)
chromium-117.0.5938.88-1.el7
update to 117.0.5938.88
update to 117.0.5938.62. Fixes following security issues:
CVE-2023-4900 CVE-2023-4901 CVE-2023-4902 CVE-2023-4903 CVE-2023-4904
CVE-2023-4905 CVE-2023-4906 CVE-2023-4907 CVE-2023-4908 CVE-2023-4909
update to 116.0.5845.187. Fixes following security issue: CVE-2023-4863
update to 116.0.5845.179. Fixes following security issues:
CVE-2023-4427 CVE-2023-4428 CVE-2023-4429 CVE-2023-4430 CVE-2023-4431 CVE-2023-4572 CVE-2023-4761 CVE-2023-4762 CVE-2023-4763 CVE-2023-4764
chromium-117.0.5938.88-1.fc39
update to 117.0.5938.88
update to 117.0.5938.62. Fixes following security issues:
CVE-2023-4900 CVE-2023-4901 CVE-2023-4902 CVE-2023-4903 CVE-2023-4904
CVE-2023-4905 CVE-2023-4906 CVE-2023-4907 CVE-2023-4908 CVE-2023-4909
update to 116.0.5845.187. Fixes following security issue: CVE-2023-4863
chromium-117.0.5938.88-1.fc37
update to 117.0.5938.88
update to 117.0.5938.62. Fixes following security issues:
CVE-2023-4900 CVE-2023-4901 CVE-2023-4902 CVE-2023-4903 CVE-2023-4904
CVE-2023-4905 CVE-2023-4906 CVE-2023-4907 CVE-2023-4908 CVE-2023-4909
update to 116.0.5845.187. Fixes following security issue: CVE-2023-4863
update to 116.0.5845.179. Fixes following security issues:
CVE-2023-4427 CVE-2023-4428 CVE-2023-4429 CVE-2023-4430 CVE-2023-4431 CVE-2023-4572 CVE-2023-4761 CVE-2023-4762 CVE-2023-4763 CVE-2023-4764
chromium-117.0.5938.88-1.el9
update to 117.0.5938.88
update to 117.0.5938.62. Fixes following security issues:
CVE-2023-4900 CVE-2023-4901 CVE-2023-4902 CVE-2023-4903 CVE-2023-4904
CVE-2023-4905 CVE-2023-4906 CVE-2023-4907 CVE-2023-4908 CVE-2023-4909
update to 116.0.5845.187. Fixes following security issue: CVE-2023-4863
update to 116.0.5845.179. Fixes following security issues:
CVE-2023-4427 CVE-2023-4428 CVE-2023-4429 CVE-2023-4430 CVE-2023-4431 CVE-2023-4572 CVE-2023-4761 CVE-2023-4762 CVE-2023-4763 CVE-2023-4764
chromium-117.0.5938.88-1.el8
update to 117.0.5938.88
update to 117.0.5938.62. Fixes following security issues:
CVE-2023-4900 CVE-2023-4901 CVE-2023-4902 CVE-2023-4903 CVE-2023-4904
CVE-2023-4905 CVE-2023-4906 CVE-2023-4907 CVE-2023-4908 CVE-2023-4909
update to 116.0.5845.187. Fixes following security issue: CVE-2023-4863
update to 116.0.5845.179. Fixes following security issues:
CVE-2023-4427 CVE-2023-4428 CVE-2023-4429 CVE-2023-4430 CVE-2023-4431 CVE-2023-4572 CVE-2023-4761 CVE-2023-4762 CVE-2023-4763 CVE-2023-4764
It was discovered that the NTFS file system implementation in the Linux
kernel did not properly validate MFT flags in certain situations. An
attacker could use this to construct a malicious NTFS image that, when
mounted and operated on, could cause a denial of service (system crash).
(CVE-2022-48425)
Zi Fan Tan discovered that the binder IPC implementation in the Linux
kernel contained a use-after-free vulnerability. A local attacker could use
this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2023-21255)
It was discovered that a race condition existed in the f2fs file system in
the Linux kernel, leading to a null pointer dereference vulnerability. An
attacker could use this to construct a malicious f2fs image that, when
mounted and operated on, could cause a denial of service (system crash).
(CVE-2023-2898)
It was discovered that the DVB Core driver in the Linux kernel did not
properly handle locking events in certain situations. A local attacker
could use this to cause a denial of service (kernel deadlock).
(CVE-2023-31084)
Yang Lan discovered that the GFS2 file system implementation in the Linux
kernel could attempt to dereference a null pointer in some situations. An
attacker could use this to construct a malicious GFS2 image that, when
mounted and operated on, could cause a denial of service (system crash).
(CVE-2023-3212)
It was discovered that the KSMBD implementation in the Linux kernel did not
properly validate buffer sizes in certain operations, leading to an out-of-
bounds read vulnerability. A remote attacker could use this to cause a
denial of service (system crash) or possibly expose sensitive information.
(CVE-2023-38426, CVE-2023-38428)
It was discovered that the KSMBD implementation in the Linux kernel did not
properly calculate the size of certain buffers. A remote attacker could use
this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2023-38429)