FEDORA-2023-eaf1bdd5ae
Packages in this update:
git-2.40.1-1.fc38
Update description:
update to 2.40.1 (CVE-2023-25652, CVE-2023-25815, CVE-2023-29007)
Refer to the release notes for 2.30.9 for details of each CVE as well as
the following security advisories from the git project:
https://github.com/git/git/security/advisories/GHSA-2hvf-7c8p-28fx (CVE-2023-25652)
https://github.com/git/git/security/advisories/GHSA-v48j-4xgg-4844 (CVE-2023-29007)
(At this time there is no upstream advisory for CVE-2023-25815. This
issue does not affect the Fedora packages as we do not use the runtime
prefix support.)
Release notes:
https://github.com/git/git/raw/v2.30.9/Documentation/RelNotes/2.30.9.txt
https://github.com/git/git/raw/v2.40.1/Documentation/RelNotes/2.40.1.txt
More Stories
USN-6772-1: strongSwan vulnerability
Jan Schermer discovered that strongSwan incorrectly validated client certificates in certain configurations. A remote attacker could possibly use this issue...
USN-6767-2: Linux kernel (BlueField) vulnerabilities
Chenyuan Yang discovered that the RDS Protocol implementation in the Linux kernel contained an out-of-bounds read vulnerability. An attacker could...
pgadmin4-8.6-1.fc40 python-libgravatar-1.0.4-1.fc40
FEDORA-2024-4d4ceb61f7 Packages in this update: pgadmin4-8.6-1.fc40 python-libgravatar-1.0.4-1.fc40 Update description: Update to pgadmin4-8.6 Read More
ZDI-24-450: (0Day) D-Link D-View execMonitorScript Exposed Dangerous Method Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-Link D-View. Although authentication is required to...
ZDI-24-449: (0Day) D-Link D-View queryDeviceCustomMonitorResult Exposed Dangerous Method Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-Link D-View. Although authentication is required to...
ZDI-24-448: (0Day) D-Link D-View executeWmicCmd Command Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-Link D-View. Although authentication is required to...