FEDORA-2023-b082504356

Packages in this update:

python-starlette-0.20.4-3.fc37

Update description:

Backport patch for GHSA-v5gw-mw7f-84px “Path traversal vulnerability in StaticFiles”.

Read More

It was discovered that some AMD x86-64 processors with SMT enabled could
speculatively execute instructions using a return address from a sibling
thread. A local attacker could possibly use this to expose sensitive
information. (CVE-2022-27672)

Zheng Wang discovered that the Intel i915 graphics driver in the Linux
kernel did not properly handle certain error conditions, leading to a
double-free. A local attacker could possibly use this to cause a denial of
service (system crash). (CVE-2022-3707)

Jordy Zomer and Alexandra Sandulescu discovered that the Linux kernel did
not properly implement speculative execution barriers in usercopy functions
in certain situations. A local attacker could use this to expose sensitive
information (kernel memory). (CVE-2023-0459)

It was discovered that the TLS subsystem in the Linux kernel contained a
type confusion vulnerability in some situations. A local attacker could use
this to cause a denial of service (system crash) or possibly expose
sensitive information. (CVE-2023-1075)

It was discovered that the Reliable Datagram Sockets (RDS) protocol
implementation in the Linux kernel contained a type confusion vulnerability
in some situations. An attacker could use this to cause a denial of service
(system crash). (CVE-2023-1078)

Xingyuan Mo discovered that the x86 KVM implementation in the Linux kernel
did not properly initialize some data structures. A local attacker could
use this to expose sensitive information (kernel memory). (CVE-2023-1513)

It was discovered that the Android Binder IPC subsystem in the Linux kernel
did not properly validate inputs in some situations, leading to a use-
after-free vulnerability. A local attacker could use this to cause a denial
of service (system crash) or possibly execute arbitrary code.
(CVE-2023-20938)

It was discovered that a use-after-free vulnerability existed in the iSCSI
TCP implementation in the Linux kernel. A local attacker could possibly use
this to cause a denial of service (system crash). (CVE-2023-2162)

It was discovered that the NET/ROM protocol implementation in the Linux
kernel contained a race condition in some situations, leading to a use-
after-free vulnerability. A local attacker could use this to cause a denial
of service (system crash) or possibly execute arbitrary code.
(CVE-2023-32269)

Duoming Zhou discovered that a race condition existed in the infrared
receiver/transceiver driver in the Linux kernel, leading to a use-after-
free vulnerability. A privileged attacker could use this to cause a denial
of service (system crash) or possibly execute arbitrary code.
(CVE-2023-1118)

Read More

FEDORA-2023-2f35633034

Packages in this update:

kernel-6.3.3-100.fc37
kernel-headers-6.3.3-100.fc37
kernel-tools-6.3.3-100.fc37

Update description:

The 6.3.3 stable kernel rebase contains a several new features, additional hardware support, and a number of important fixes across the tree.

Read More

FEDORA-2023-514965dd8a

Packages in this update:

kernel-6.3.3-200.fc38
kernel-headers-6.3.3-200.fc38
kernel-tools-6.3.3-200.fc38

Update description:

The 6.3.3 stable kernel rebase contains a several new features, additional hardware support, and a number of important fixes across the tree.

Read More

FEDORA-2023-9329cee69d

Packages in this update:

python-fastapi-0.95.2-1.fc38
python-starlette-0.27.0-1.fc38

Update description:

Update python-starlette to 0.27.0 and python-fastapi to 0.95.2. Fixes GHSA-v5gw-mw7f-84px “Path traversal vulnerability in StaticFiles”.

Read More

FEDORA-2023-a96ec52457

Packages in this update:

python-fastapi-0.95.2-1.fc39
python-starlette-0.27.0-1.fc39

Update description:

Update python-starlette to 0.27.0 and python-fastapi to 0.95.2. Fixes GHSA-v5gw-mw7f-84px “Path traversal vulnerability in StaticFiles”.

Read More

Jordy Zomer and Alexandra Sandulescu discovered that the Linux kernel did
not properly implement speculative execution barriers in usercopy functions
in certain situations. A local attacker could use this to expose sensitive
information (kernel memory). (CVE-2023-0459)

Xingyuan Mo discovered that the x86 KVM implementation in the Linux kernel
did not properly initialize some data structures. A local attacker could
use this to expose sensitive information (kernel memory). (CVE-2023-1513)

It was discovered that a use-after-free vulnerability existed in the iSCSI
TCP implementation in the Linux kernel. A local attacker could possibly use
this to cause a denial of service (system crash). (CVE-2023-2162)

It was discovered that the NET/ROM protocol implementation in the Linux
kernel contained a race condition in some situations, leading to a use-
after-free vulnerability. A local attacker could use this to cause a denial
of service (system crash) or possibly execute arbitrary code.
(CVE-2023-32269)

Duoming Zhou discovered that a race condition existed in the infrared
receiver/transceiver driver in the Linux kernel, leading to a use-after-
free vulnerability. A privileged attacker could use this to cause a denial
of service (system crash) or possibly execute arbitrary code.
(CVE-2023-1118)

Read More

FEDORA-2023-31cf6a7a1e

Packages in this update:

cups-filters-1.28.16-3.fc37

Update description:

2207970 – CVE-2023-24805 cups-filters: remote code execution in cups-filters, beh CUPS backend

Read More

It was discovered that cups-filters incorrectly handled the beh CUPS
backend. A remote attacker could possibly use this issue to cause the
backend to stop responding or to execute arbitrary code.

Read More

FEDORA-2023-4b892d116d

Packages in this update:

cutter-re-2.2.1-1.fc37
rizin-0.5.2-1.fc37

Update description:

rebase to rizin 0.5.2 and cutter 2.2.1

rebase rizin to v0.5.1 and cutter-re to 0.2.0

Read More