curl-8.6.0-8.fc40

Read Time:10 Second

FEDORA-2024-a09456b7a9

Packages in this update:

curl-8.6.0-8.fc40

Update description:

fix Usage of disabled protocol (CVE-2024-2004)
fix HTTP/2 push headers memory-leak (CVE-2024-2398)

Read More

chromium-123.0.6312.105-1.fc40

Read Time:15 Second

FEDORA-2024-f92626814d

Packages in this update:

chromium-123.0.6312.105-1.fc40

Update description:

update to 123.0.6312.105

High CVE-2024-3156: Inappropriate implementation in V8
High CVE-2024-3158: Use after free in Bookmarks
High CVE-2024-3159: Out of bounds memory access in V8

Read More

USN-6710-2: Firefox regressions

Read Time:30 Second

USN-6710-1 fixed vulnerabilities in Firefox. The update introduced
several minor regressions. This update fixes the problem.

Original advisory details:

Manfred Paul discovered that Firefox did not properly perform bounds
checking during range analysis, leading to an out-of-bounds write
vulnerability. A attacker could use this to cause a denial of service,
or execute arbitrary code. (CVE-2024-29943)

Manfred Paul discovered that Firefox incorrectly handled MessageManager
listeners under certain circumstances. An attacker who was able to inject
an event handler into a privileged object may have been able to execute
arbitrary code. (CVE-2024-29944)

Read More