FEDORA-2024-698737a3c5
Packages in this update:
espeak-ng-1.51.1-6.fc38
Update description:
Security fix for CVE-2023-49990, CVE-2023-49991, CVE-2023-49992, CVE-2023-49993, CVE-2023-49994.
espeak-ng-1.51.1-6.fc38
Security fix for CVE-2023-49990, CVE-2023-49991, CVE-2023-49992, CVE-2023-49993, CVE-2023-49994.
espeak-ng-1.51.1-6.fc39
Security fix for CVE-2023-49990, CVE-2023-49991, CVE-2023-49992, CVE-2023-49993, CVE-2023-49994.
exim-4.97.1-1.el8
Security fix for CVE-2023-51766.
exim-4.97.1-1.el7
Security fix for CVE-2023-51766.
exim-4.97.1-1.el9
Security fix for CVE-2023-51766.
It was discovered that SQLite incorrectly handled certain protection
mechanisms when using a CLI script with the –safe option, contrary to
expectations. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-46908)
It was discovered that SQLite incorrectly handled certain memory operations
in the sessions extension. A remote attacker could possibly use this issue
to cause SQLite to crash, resulting in a denial of service. (CVE-2023-7104)
It was discovered that OpenSSH incorrectly handled supplemental groups when
running helper programs for AuthorizedKeysCommand and
AuthorizedPrincipalsCommand as a different user. An attacker could possibly
use this issue to escalate privileges. This issue only affected Ubuntu
20.04 LTS. (CVE-2021-41617)
It was discovered that OpenSSH incorrectly added destination constraints
when PKCS#11 token keys were added to ssh-agent, contrary to expectations.
This issue only affected Ubuntu 22.04 LTS, and Ubuntu 23.04.
(CVE-2023-51384)
It was discovered that OpenSSH incorrectly handled user names or host names
with shell metacharacters. An attacker could possibly use this issue to
perform OS command injection. (CVE-2023-51385)
exim-4.97.1-1.fc38
Security fix for CVE-2023-51766.
exim-4.97.1-1.fc39
=Security fix for CVE-2023-51766.
Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Successful exploitation of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.