FEDORA-2023-083a5e41cd

Packages in this update:

firefox-120.0.1-1.fc37

Update description:

Updated to latest upstream (120.0.1)

Fixed freezes on Google Maps

Updated to latest upstream (120.0)

Read More

USN-6509-1 fixed vulnerabilities in Firefox. The update introduced
several minor regressions. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code. (CVE-2023-6206,
CVE-2023-6210, CVE-2023-6211, CVE-2023-6212, CVE-2023-6213)

It was discovered that Firefox did not properly manage memory when
images were created on the canvas element. An attacker could potentially
exploit this issue to obtain sensitive information. (CVE-2023-6204)

It discovered that Firefox incorrectly handled certain memory when using a
MessagePort. An attacker could potentially exploit this issue to cause a
denial of service. (CVE-2023-6205)

It discovered that Firefox incorrectly did not properly manage ownership
in ReadableByteStreams. An attacker could potentially exploit this issue
to cause a denial of service. (CVE-2023-6207)

It discovered that Firefox incorrectly did not properly manage copy
operations when using Selection API in X11. An attacker could potentially
exploit this issue to obtain sensitive information. (CVE-2023-6208)

Rachmat Abdul Rokhim discovered incorrectly handled parsing of relative
URLS starting with “///”. An attacker could potentially exploit this issue
to cause a denial of service. (CVE-2023-6209)

Read More

Rene Rehme discovered that roundcube, a skinnable AJAX based webmail
solution for IMAP servers, did not properly set headers when handling
attachments. This would allow an attacker to load arbitrary JavaScript
code.

https://security-tracker.debian.org/tracker/DSA-5572-1

Read More

FEDORA-2023-14a33318b8

Packages in this update:

golang-github-prometheus-prom2json-1.3.3-1.fc40

Update description:

Automatic update for golang-github-prometheus-prom2json-1.3.3-1.fc40.

Changelog

* Sun Dec 3 2023 Mikel Olasagasti Uranga <mikel@olasagasti.info> – 1.3.3-1
– Update to 1.3.3 – Closes rhbz#2076982 rhbz#2248331 rhbz#2163210
* Thu Jul 20 2023 Fedora Release Engineering <releng@fedoraproject.org> – 1.3.0-13
– Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild

Read More

FEDORA-2023-654e0ddfd8

Packages in this update:

golang-github-prometheus-node-exporter-1.6.1-1.fc40

Update description:

Automatic update for golang-github-prometheus-node-exporter-1.6.1-1.fc40.

Changelog

* Thu Nov 9 2023 Mikel Olasagasti Uranga <mikel@olasagasti.info> – 1.6.1-1
– Update to 1.6.1 – Closes rhbz#2210487 rhbz#2178447 rhbz#2163209

Read More

FEDORA-2023-d5bd6b62e4

Packages in this update:

python-aiohttp-3.9.1-1.fc40
python-pysqueezebox-0.5.5-11.fc40
python-wled-0.4.4-11.fc40

Update description:

Security fix for CVE-2023-49081, CVE-2023-49082.

Update python-aiohttp to 3.9.1.

Patch python-pysqeezebox and python-wled so they do not have an implicit dependency on python-async-timeout via python-aiohttp.

https://github.com/aio-libs/aiohttp/releases/tag/v3.9.0

https://github.com/aio-libs/aiohttp/releases/tag/v3.9.1

Read More

FEDORA-2023-d4a0f2caf1

Packages in this update:

java-1.8.0-openjdk-1.8.0.392.b08-4.fc37

Update description:

updated to jdk8u392+b08

Read More

FEDORA-2023-7f704380a0

Packages in this update:

java-1.8.0-openjdk-1.8.0.392.b08-4.fc38

Update description:

updated to jdk8u392+b08

Read More

FEDORA-2023-6a3c2aeeee

Packages in this update:

java-1.8.0-openjdk-1.8.0.392.b08-4.fc39

Update description:

updated to jdk8u392+b08

Read More