FEDORA-2024-a09456b7a9
Packages in this update:
curl-8.6.0-8.fc40
Update description:
fix Usage of disabled protocol (CVE-2024-2004)
fix HTTP/2 push headers memory-leak (CVE-2024-2398)
curl-8.6.0-8.fc40
fix Usage of disabled protocol (CVE-2024-2004)
fix HTTP/2 push headers memory-leak (CVE-2024-2398)
nghttp2-1.55.1-5.fc39
fix CONTINUATION frames DoS (CVE-2024-28182)
nghttp2-1.59.0-3.fc40
fix CONTINUATION frames DoS (CVE-2024-28182)
New research has found that ransomware remediation costs can explode when backups have been compromised by malicious hackers – with overall recovery costs eight times higher than for those whose backups are not impacted.
Read more in my article on th Exponential-e blog.
Threat actor IntelBroker claims to have classified intelligence stolen from US government tech supplier Acuity
chromium-123.0.6312.105-1.fc40
update to 123.0.6312.105
High CVE-2024-3156: Inappropriate implementation in V8
High CVE-2024-3158: Use after free in Bookmarks
High CVE-2024-3159: Out of bounds memory access in V8
Privacy regulator the ICO urges social media and video sharing firms to do more to protect children’s data
xorg-x11-server-Xwayland-22.1.9-6.fc38
CVE fix for: CVE-2024-31080, CVE-2024-31081, CVE-2024-31083
kernel-6.8.3-200.fc39
kernel-headers-6.8.3-200.fc39
The 6.8.3 stable kernel rebase contains improved hardware support, new features, and a number of important fixes across the tree.
USN-6710-1 fixed vulnerabilities in Firefox. The update introduced
several minor regressions. This update fixes the problem.
Original advisory details:
Manfred Paul discovered that Firefox did not properly perform bounds
checking during range analysis, leading to an out-of-bounds write
vulnerability. A attacker could use this to cause a denial of service,
or execute arbitrary code. (CVE-2024-29943)
Manfred Paul discovered that Firefox incorrectly handled MessageManager
listeners under certain circumstances. An attacker who was able to inject
an event handler into a privileged object may have been able to execute
arbitrary code. (CVE-2024-29944)