FEDORA-2024-2705241461
Packages in this update:
golang-x-crypto-0.18.0-1.fc38
Update description:
Update golang-x-crypto to v0.18.0, fix for CVE-2023-48795
golang-x-crypto-0.18.0-1.fc38
Update golang-x-crypto to v0.18.0, fix for CVE-2023-48795
golang-x-crypto-0.18.0-1.fc39
Update golang-x-crypto to v0.18.0, fix for CVE-2023-48795
zbar-0.23.93-1.fc38
0.23.93, fixes for two CVEs
zbar-0.23.93-1.fc39
0.23.93, fixes for two CVEs
The figure comes from XM Cyber’s 2024 State of Security Posture Report, exploring how organizations approach cybersecurity challenges
golang-x-crypto-0.18.0-1.fc40
Automatic update for golang-x-crypto-0.18.0-1.fc40.
* Tue Jan 9 2024 Mark E. Fuller <mark.e.fuller@gmx.de> – 0.18.0-1
– update to v0.18.0, close rhbz#2255095 – CVE-2023-48795 golang-x-crypto:
ssh: Prefix truncation attack on Binary Packet Protocol
Youssef Rebahi-Gilbert discovered that Monit did not properly process
credentials for disabled accounts. An attacker could possibly use this
issue to login to the platform with an expired account and a valid
password.
redis-7.2.4-1.fc39
Redis 7.2.4 Released Tue 09 Jan 2024 10:45:52 IST
Upgrade urgency SECURITY: See security fixes below.
Security fixes
(CVE-2023-41056) In some cases, Redis may incorrectly handle resizing of memory
buffers which can result in incorrect accounting of buffer sizes and lead to
heap overflow and potential remote code execution.
Bug fixes
Fix crashes of cluster commands clusters with mixed versions of 7.0 and 7.2 (#12805, #12832)
Fix slot ownership not being properly handled when deleting a slot from a node (#12564)
Fix atomicity issues with the RedisModuleEvent_Key module API event (#12733)
2023 saw an increased number of deals in the cybersecurity industry, but the overall investment in the sector dropped, Pinpoint revealed
redis-7.0.15-1.fc38
Redis 7.0.15 Released Tue 09 Jan 2024 10:45:52 IST
Upgrade urgency SECURITY: See security fixes below.
Security fixes
(CVE-2023-41056) In some cases, Redis may incorrectly handle resizing of memory
buffers which can result in incorrect accounting of buffer sizes and lead to
heap overflow and potential remote code execution.