FEDORA-2024-b0fc600c3c
Packages in this update:
yarnpkg-1.22.22-4.fc41
Update description:
Update bundled elliptic to fix CVE-2024-48949.
yarnpkg-1.22.22-4.fc41
Update bundled elliptic to fix CVE-2024-48949.
yarnpkg-1.22.22-4.fc40
Update bundled elliptic to fix CVE-2024-48949.
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– GPU drivers;
– Network drivers;
– SCSI drivers;
– F2FS file system;
– BPF subsystem;
– IPv4 networking;
(CVE-2024-42228, CVE-2024-42154, CVE-2024-42160, CVE-2024-42159,
CVE-2024-41009, CVE-2024-42224)
A CVSS score 8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative’ was reported to the affected vendor on: 2024-10-11, 0 days ago. The vendor is given until 2025-02-08 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
This vulnerability allows local attackers to create a denial-of-service condition on affected installations of SonicWALL Connect Tunnel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.1. The following CVEs are assigned: CVE-2024-45315.
This vulnerability allows local attackers to escalate privileges on affected installations of SonicWALL Connect Tunnel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-45316.
firefox-flatpak-131.0.2-2
Update to 131.0.2
kernel-6.11.3-300.fc41
kernel-headers-6.11.3-300.fc41
The 6.11.3 stable kernel update contains a number of important bugfixes across the tree.
rust-hyper-rustls-0.27.3-1.fc39
rust-reqwest-0.12.8-1.fc39
rust-rustls-native-certs0.7-0.7.3-1.fc39
rust-rustls-native-certs-0.8.0-1.fc39
rust-tonic-0.12.3-1.fc39
rust-tonic-build-0.12.3-1.fc39
rust-tonic-types-0.12.3-1.fc39
rust-tower0.4-0.4.13-1.fc39
rust-tower-0.5.1-1.fc39
rust-tower-http0.5-0.5.2-1.fc39
rust-tower-http-0.6.1-1.fc39
Update the hyper-rustls crate to version 0.27.3.
Update the reqwest crate to version 0.12.8.
Update the rustls-native-certs crate to version 0.8.0 and add a compat package for version 0.7.
Update the tonic, tonic-build, and tonic-types crates to version 0.12.3.
Update the tower crate to version 0.5.1 and add a compat package for version 0.4.
Update the tower-http crate to version 0.6.1 and add a compat package for version 0.5.
rust-hyper-rustls-0.27.3-1.fc40
rust-reqwest-0.12.8-1.fc40
rust-rustls-native-certs0.7-0.7.3-1.fc40
rust-rustls-native-certs-0.8.0-1.fc40
rust-tonic-0.12.3-1.fc40
rust-tonic-build-0.12.3-1.fc40
rust-tonic-types-0.12.3-1.fc40
rust-tower0.4-0.4.13-1.fc40
rust-tower-0.5.1-1.fc40
rust-tower-http0.5-0.5.2-1.fc40
rust-tower-http-0.6.1-1.fc40
Update the hyper-rustls crate to version 0.27.3.
Update the reqwest crate to version 0.12.8.
Update the rustls-native-certs crate to version 0.8.0 and add a compat package for version 0.7.
Update the tonic, tonic-build, and tonic-types crates to version 0.12.3.
Update the tower crate to version 0.5.1 and add a compat package for version 0.4.
Update the tower-http crate to version 0.6.1 and add a compat package for version 0.5.