FEDORA-2024-66b0bdad35
Packages in this update:
yarnpkg-1.22.22-5.fc40
Update description:
Update bundled ws (CVE-2024-37890)
Update bundled elliptic to fix CVE-2024-48949.
yarnpkg-1.22.22-5.fc40
Update bundled ws (CVE-2024-37890)
Update bundled elliptic to fix CVE-2024-48949.
rust-pyo3-0.22.4-1.el9
rust-pyo3-build-config-0.22.4-1.el9
rust-pyo3-ffi-0.22.4-1.el9
rust-pyo3-macros-0.22.4-1.el9
rust-pyo3-macros-backend-0.22.4-1.el9
Update pyo3 to version 0.22.4.
This version addresses a potential use-after-free RUSTSEC-2024-0378.
rust-pyo3-0.22.4-1.el10_0
rust-pyo3-build-config-0.22.4-1.el10_0
rust-pyo3-ffi-0.22.4-1.el10_0
rust-pyo3-macros-0.22.4-1.el10_0
rust-pyo3-macros-backend-0.22.4-1.el10_0
Update pyo3 to version 0.22.4.
This version addresses a potential use-after-free RUSTSEC-2024-0378.
rust-pyo3-0.22.4-1.fc39
rust-pyo3-build-config-0.22.4-1.fc39
rust-pyo3-ffi-0.22.4-1.fc39
rust-pyo3-macros-0.22.4-1.fc39
rust-pyo3-macros-backend-0.22.4-1.fc39
Update pyo3 to version 0.22.4.
This version addresses a potential use-after-free RUSTSEC-2024-0378.
rust-pyo3-0.22.4-1.fc40
rust-pyo3-build-config-0.22.4-1.fc40
rust-pyo3-ffi-0.22.4-1.fc40
rust-pyo3-macros-0.22.4-1.fc40
rust-pyo3-macros-backend-0.22.4-1.fc40
Update pyo3 to version 0.22.4.
This version addresses a potential use-after-free RUSTSEC-2024-0378.
yarnpkg-1.22.22-4.fc39
Update bundled dependencies to fix CVE-2024-48949.
It was discovered that nano allowed a possible privilege escalation
through an insecure temporary file. If nano was killed while editing, the
permissions granted to the emergency save file could be used by an
attacker to escalate privileges using a malicious symlink.
It was discovered that ImageMagick incorrectly handled certain
malformed image files. If a user or automated system using ImageMagick
were tricked into processing a specially crafted file, an attacker could
exploit this to cause a denial of service or affect the reliability of the
system. The vulnerabilities included memory leaks, buffer overflows, and
improper handling of pixel data.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-47966.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-47962.