MultiBit HD before 0.1.2 allows attackers to conduct bit-flipping attacks that insert unspendable Bitcoin addresses into the list that MultiBit uses to send fees to the developers. (Attackers cannot realistically steal these fees for themselves.) This occurs because there is no message authentication code (MAC).

Read More

Matteo Memelli reported an out-of-bounds read flaw when parsing CDP
addresses in lldpd, an implementation of the IEEE 802.1ab (LLDP)
protocol. A remote attacker can take advantage of this flaw to cause a
denial of service via a specially crafted CDP PDU packet.

Read More

FEDORA-2023-e72bf7b92e

Packages in this update:

rust-axum-0.6.20-1.fc37
rust-tokio-tungstenite-0.20.1-1.fc37
rust-tungstenite-0.20.1-1.fc37
rust-warp-0.3.5-6.fc37

Update description:

Update the axum crate to version 0.6.20.
Update the tokio-tungstenite crate to version 0.20.1.
Update the tungstenite crate to version 0.20.1.
Port warp from tungstenite v0.18 to v0.20.

Version 0.20.1 of the tungstenite crate includes a fix for CVE-2023-43669. No dependent applications need to be rebuilt since none of them use the WebSocket functionality of axum or warp.

Read More

FEDORA-2023-9c4142423a

Packages in this update:

rust-axum-0.6.20-1.fc38
rust-tokio-tungstenite-0.20.1-1.fc38
rust-tungstenite-0.20.1-1.fc38
rust-warp-0.3.5-6.fc38

Update description:

Update the axum crate to version 0.6.20.
Update the tokio-tungstenite crate to version 0.20.1.
Update the tungstenite crate to version 0.20.1.
Port warp from tungstenite v0.18 to v0.20.

Version 0.20.1 of the tungstenite crate includes a fix for CVE-2023-43669. No dependent applications need to be rebuilt since none of them use the WebSocket functionality of axum or warp.

Read More

FEDORA-2023-91a66898d2

Packages in this update:

rust-axum-0.6.20-1.fc39
rust-tokio-tungstenite-0.20.1-1.fc39
rust-tungstenite-0.20.1-1.fc39
rust-warp-0.3.5-6.fc39

Update description:

Update the axum crate to version 0.6.20.
Update the tokio-tungstenite crate to version 0.20.1.
Update the tungstenite crate to version 0.20.1.
Port warp from tungstenite v0.18 to v0.20.

Version 0.20.1 of the tungstenite crate includes a fix for CVE-2023-43669. No dependent applications need to be rebuilt since none of them use the WebSocket functionality of axum or warp.

Read More

FEDORA-2023-f81c1ab1e6

Packages in this update:

rust-axum-0.6.20-1.fc40
rust-tokio-tungstenite-0.20.1-1.fc40
rust-tungstenite-0.20.1-1.fc40
rust-warp-0.3.5-6.fc40

Update description:

Update the axum crate to version 0.6.20.
Update the tokio-tungstenite crate to version 0.20.1.
Update the tungstenite crate to version 0.20.1.
Port warp from tungstenite v0.18 to v0.20.

Version 0.20.1 of the tungstenite crate includes a fix for CVE-2023-43669. No dependent applications need to be rebuilt since none of them use the WebSocket functionality of axum or warp.

Read More

FEDORA-2023-19b796e348

Packages in this update:

libcaca-0.99-0.69.beta20.fc40

Update description:

Automatic update for libcaca-0.99-0.69.beta20.fc40.

Changelog

* Sun Sep 24 2023 Xavier Bachelot <xavier@bachelot.org> – 0.99-0.69.beta20
– Fix CVE-2022-0856 (RHBZ#2081750)
– Add missing Requires: for caca-utils (RHBZ#1701685)

Read More

FEDORA-2023-c4b597d917

Packages in this update:

golang-github-onsi-ginkgo-2-2.12.1-1.fc40

Update description:

Automatic update for golang-github-onsi-ginkgo-2-2.12.1-1.fc40.

Changelog

* Sun Sep 24 2023 Mikel Olasagasti Uranga <mikel@olasagasti.info> – 2.12.1-1
– Update to 2.12.1 – Closes rhbz#2234429 rhbz#2229595

Read More

FEDORA-2023-5763445abe

Packages in this update:

emacs-28.3-0.rc1.fc38

Update description:

Upgrade to version 28.3-rc1, fixing CVE-2022-48337, CVE-2022-48338, CVE-2022-48339.

Read More