Two security vulnerabilities were discovered in Smarty, a template
engine for PHP, which could result in PHP code injection or cross-site
scripting.
Category Archives: Advisories
DSA-5827-1 proftpd-dfsg – security update
Brian Ristuccia discovered that in ProFTPD, a powerful modular
FTP/SFTP/FTPS server, supplemental group inheritance grants unintended
access to GID 0 because of the lack of supplemental groups from mod_sql.
USN-7141-1: oFono vulnerabilities
It was discovered that oFono incorrectly handled decoding SMS messages
leading to a stack overflow. A remote attacker could potentially use
this issue to cause a denial of service.
(CVE-2023-2794, CVE-2023-4233, CVE-2023-4234)
python3.14-3.14.0~a2-2.fc41
FEDORA-2024-54aa5fc4b2
Packages in this update:
python3.14-3.14.0~a2-2.fc41
Update description:
Security fix for CVE-2024-12254
python3.14-3.14.0~a2-2.fc40
FEDORA-2024-b2cebcbb49
Packages in this update:
python3.14-3.14.0~a2-2.fc40
Update description:
Security fix for CVE-2024-12254
python3.14-3.14.0~a2-2.fc42
FEDORA-2024-fbd80e45ef
Packages in this update:
python3.14-3.14.0~a2-2.fc42
Update description:
Automatic update for python3.14-3.14.0~a2-2.fc42.
Changelog
* Sun Dec 8 2024 Charalampos Stratakis <cstratak@redhat.com> – 3.14.0~a2-2
– Security fix for CVE-2024-12254
– Fixes: rhbz#2330928
icecat-115.18.0-2.rh2.fc40
FEDORA-2024-7f67755963
Packages in this update:
icecat-115.18.0-2.rh2.fc40
Update description:
Fix CVE-2024-11693 CVE-2024-11697 CVE-2024-11692
icecat-115.18.0-2.rh2.fc41
FEDORA-2024-ff0115e6ac
Packages in this update:
icecat-115.18.0-2.rh2.fc41
Update description:
Fix CVE-2024-11693 CVE-2024-11697 CVE-2024-11692
python-nbdime-4.0.2-2.fc40
FEDORA-2024-d32fd0e2d1
Packages in this update:
python-nbdime-4.0.2-2.fc40
Update description:
This update fixes CVE-2024-55565 by updating the vendored JavaScript to include a version of nanoid without the security issue.
python-nbdime-4.0.2-2.fc41
FEDORA-2024-01e170c1ac
Packages in this update:
python-nbdime-4.0.2-2.fc41
Update description:
This update fixes CVE-2024-55565 by updating the vendored JavaScript to include a version of nanoid without the security issue.