FEDORA-2024-c6a1d4e0ec

Packages in this update:

firefox-125.0-1.fc40

Update description:

New upstream release (125.0)

Read More

The update of cockpit released in DSA 5655-1 did not correctly built
binary packages due to unit test failures when building against libssh
0.10.6. This update corrects that problem.

https://security-tracker.debian.org/tracker/DSA-5655-2

Read More

Multiple vulnerabilities have been discovered in the Apache HTTP server,
which may result in HTTP response splitting or denial of service.

https://security-tracker.debian.org/tracker/DSA-5662-1

Read More

Alexander Kuznetsov discovered that libvirt incorrectly handled certain API
calls. An attacker could possibly use this issue to cause libvirt to crash,
resulting in a denial of service. (CVE-2024-1441)

It was discovered that libvirt incorrectly handled certain RPC library API
calls. An attacker could possibly use this issue to cause libvirt to crash,
resulting in a denial of service. (CVE-2024-2494)

It was discovered that libvirt incorrectly handled detaching certain host
interfaces. An attacker could possibly use this issue to cause libvirt to
crash, resulting in a denial of service. (CVE-2024-2496)

Read More

It was discovered that GnuTLS had a timing side-channel when performing
certain ECDSA operations. A remote attacker could possibly use this issue
to recover sensitive information. (CVE-2024-28834)

It was discovered that GnuTLS incorrectly handled verifying certain PEM
bundles. A remote attacker could possibly use this issue to cause GnuTLS to
crash, resulting in a denial of service. This issue only affected Ubuntu
22.04 LTS and Ubuntu 23.10. (CVE-2024-28835)

Read More

Several security issues were discovered in the WebKitGTK Web and JavaScript
engines. If a user were tricked into viewing a malicious website, a remote
attacker could exploit a variety of issues related to web browser security,
including cross-site scripting attacks, denial of service attacks, and
arbitrary code execution.

Read More