Multiple vulnerabilities have been discovered in Oracle products, the most severe of which could allow for remote code execution.

Read More

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– x86 architecture;
– Cryptographic API;
– CPU frequency scaling framework;
– HW tracing;
– ISDN/mISDN subsystem;
– Media drivers;
– Network drivers;
– NVME drivers;
– S/390 drivers;
– SCSI drivers;
– USB subsystem;
– VFIO drivers;
– Watchdog drivers;
– JFS file system;
– IRQ subsystem;
– Core kernel;
– Memory management;
– Amateur Radio drivers;
– IPv4 networking;
– IPv6 networking;
– IUCV driver;
– Network traffic control;
– TIPC protocol;
– XFRM subsystem;
– Integrity Measurement Architecture(IMA) framework;
– SoC Audio for Freescale CPUs drivers;
– USB sound devices;
(CVE-2024-36971, CVE-2024-42271, CVE-2024-38630, CVE-2024-38602,
CVE-2024-42223, CVE-2024-44940, CVE-2023-52528, CVE-2024-41097,
CVE-2024-27051, CVE-2024-42157, CVE-2024-46673, CVE-2024-39494,
CVE-2024-42089, CVE-2024-41073, CVE-2024-26810, CVE-2024-26960,
CVE-2024-38611, CVE-2024-31076, CVE-2024-26754, CVE-2023-52510,
CVE-2024-40941, CVE-2024-45016, CVE-2024-38627, CVE-2024-38621,
CVE-2024-39487, CVE-2024-27436, CVE-2024-40901, CVE-2024-26812,
CVE-2024-42244, CVE-2024-42229, CVE-2024-43858, CVE-2024-42280,
CVE-2024-26641, CVE-2024-42284, CVE-2024-26602)

Read More

FEDORA-2024-8f1374ecfb

Packages in this update:

mbedtls3.6-3.6.2-1.fc41

Update description:

Update to 3.6.2

Release notes: https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.6.2

Read More

FEDORA-2024-f1615b58e6

Packages in this update:

python-fastapi-0.111.1-7.fc40
python-openapi-core-0.19.4-3.fc40
python-platformio-6.1.14-7.fc40
python-starlette-0.40.0-1.fc40

Update description:

Security fix for CVE-2024-47874.

Starlette 0.40.0 (October 15, 2024)

This release fixes a Denial of service (DoS) via multipart/form-data requests.

You can view the full security advisory:
GHSA-f96h-pmfr-66vw

Fixed

Add max_part_size to MultiPartParser to limit the size of parts in multipart/form-data
requests fd038f3.

Read More

FEDORA-2024-05dedb1a53

Packages in this update:

python-fastapi-0.115.2-1.fc41
python-openapi-core-0.19.4-4.fc41
python-platformio-6.1.14-7.fc41
python-starlette-0.40.0-1.fc41

Update description:

Security fix for CVE-2024-47874.

Starlette 0.40.0 (October 15, 2024)

This release fixes a Denial of service (DoS) via multipart/form-data requests.

You can view the full security advisory:
GHSA-f96h-pmfr-66vw

Fixed

Add max_part_size to MultiPartParser to limit the size of parts in multipart/form-data
requests fd038f3.

FastAPI 0.115.2

https://github.com/fastapi/fastapi/releases/tag/0.115.2
https://github.com/fastapi/fastapi/releases/tag/0.115.1

Read More

FEDORA-2024-466c574575

Packages in this update:

python-openapi-core-0.19.4-4.fc42
python-platformio-6.1.16-2.fc42
python-starlette-0.40.0-1.fc42

Update description:

Security fix for CVE-2024-47874.

Starlette 0.40.0 (October 15, 2024)

This release fixes a Denial of service (DoS) via multipart/form-data requests.

You can view the full security advisory:
GHSA-f96h-pmfr-66vw

Fixed

Add max_part_size to MultiPartParser to limit the size of parts in multipart/form-data
requests fd038f3.

Read More

FEDORA-EPEL-2024-78df19aaf3

Packages in this update:

yarnpkg-1.22.22-5.el9

Update description:

Sync with fedora package.

Read More