FEDORA-2024-93e88b1c0d

Packages in this update:

subversion-1.14.5-1.fc41

Update description:

This release contains a fix for a security issue: CVE-2024-46901

See https://subversion.apache.org/security/CVE-2024-46901-advisory.txt for more information.

Changes in this release are:

Fix printf-format build warnings in swig-rb (r1921264)
Add a regression test for CVE-2024-45720 (r1921266)
Make swig-py compatible with SWIG 4.3.0 (r1921505)

Read More

It was discovered that PHP incorrectly handled long string inputs
in two database drivers. An attacker could possibly use this
issue to write files in locations they would not normally have
access to. (CVE-2024-11236)

Read More

FEDORA-EPEL-2024-d21693152c

Packages in this update:

retsnoop-0.10.1-1.el8

Update description:

Update retsnoop to the latest version and build against the fixed ruzstd

Read More

FEDORA-2024-846e191001

Packages in this update:

glibc-2.40-14.fc41

Update description:

This update addresses a security vulnerability in the getrandom and arc4random implementation (CVE-2024-12455) on POWER systems (pcpc64le). Other architectures are not affected.

Read More

FEDORA-EPEL-2024-306ebea6f6

Packages in this update:

chromium-131.0.6778.139-1.el9

Update description:

Update to 131.0.6778.139

High CVE-2024-12381: Type Confusion in V8
High CVE-2024-12382: Use after free in Translate

Read More

FEDORA-EPEL-2024-ed082ef765

Packages in this update:

chromium-131.0.6778.139-1.el10_0

Update description:

Update to 131.0.6778.139

High CVE-2024-12381: Type Confusion in V8
High CVE-2024-12382: Use after free in Translate

Read More

FEDORA-2024-ccaff13d21

Packages in this update:

chromium-131.0.6778.139-1.fc41

Update description:

Update to 131.0.6778.139

High CVE-2024-12381: Type Confusion in V8
High CVE-2024-12382: Use after free in Translate

Read More

FEDORA-EPEL-2024-60f7d4fb00

Packages in this update:

chromium-131.0.6778.139-1.el8

Update description:

Update to 131.0.6778.139

High CVE-2024-12381: Type Confusion in V8
High CVE-2024-12382: Use after free in Translate

Read More

FEDORA-2024-162a4dfe4f

Packages in this update:

chromium-131.0.6778.139-1.fc40

Update description:

Update to 131.0.6778.139

High CVE-2024-12381: Type Confusion in V8
High CVE-2024-12382: Use after free in Translate

Read More

USN-7108-1 fixed vulnerabilities in AysncSSH. This update provides the
corresponding update for Ubuntu 18.04 LTS.

Original advisory details:

Fabian Bäumer, Marcus Brinkmann, and Jörg Schwenk discovered that AsyncSSH
did not properly handle the extension info message. An attacker able to
intercept communications could possibly use this issue to downgrade
the algorithm used for client authentication. (CVE-2023-46445)

Fabian Bäumer, Marcus Brinkmann, and Jörg Schwenk discovered that AsyncSSH
did not properly handle the user authentication request message. An
attacker could possibly use this issue to control the remote end of an SSH
client session via packet injection/removal and shell emulation.
(CVE-2023-46446)

Read More