chromium-125.0.6422.60-1.fc39
update to 125.0.6422.60
* High CVE-2024-4947: Type Confusion in V8
* High CVE-2024-4948: Use after free in Dawn
* Medium CVE-2024-4949: Use after free in V8
* Low CVE-2024-4950: Inappropriate implementation in Downloads
Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux
kernel contained a race condition during device removal, leading to a use-
after-free vulnerability. A physically proximate attacker could possibly
use this to cause a denial of service (system crash). (CVE-2023-47233)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– MAC80211 subsystem;
– Tomoyo security module;
(CVE-2024-26622, CVE-2023-52530)
Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux
kernel contained a race condition during device removal, leading to a use-
after-free vulnerability. A physically proximate attacker could possibly
use this to cause a denial of service (system crash). (CVE-2023-47233)
Sander Wiebing, Alvise de Faveri Tron, Herbert Bos, and Cristiano Giuffrida
discovered that the Linux kernel mitigations for the initial Branch History
Injection vulnerability (CVE-2022-0001) were insufficient for Intel
processors. A local attacker could potentially use this to expose sensitive
information. (CVE-2024-2201)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– Hardware random number generator core;
– Ext4 file system;
– JFS file system;
– Bluetooth subsystem;
– Networking core;
– IPv4 networking;
– Logical Link layer;
– Netlink;
– Tomoyo security module;
(CVE-2024-26704, CVE-2023-52615, CVE-2024-26805, CVE-2023-52604,
CVE-2024-26614, CVE-2023-52602, CVE-2024-26635, CVE-2024-26622,
CVE-2023-52601, CVE-2024-26801)
dotnet7.0-7.0.119-1.fc38
This is the May 2024 security update for .NET 7.
This is the last upstream release of .NET 7. After this update, .NET 7 reaches its End of Life (EOL).
Full release notes: https://github.com/dotnet/core/blob/main/release-notes/7.0/7.0.19/7.0.19.md
dotnet7.0-7.0.119-1.fc39
This is the May 2024 security update for .NET 7.
This is the last upstream release of .NET 7. After this update, .NET 7 reaches its End of Life (EOL).
Full release notes: https://github.com/dotnet/core/blob/main/release-notes/7.0/7.0.19/7.0.19.md
It was discovered that .NET did not properly handle memory in it’s
Double Parse routine. An attacker could possibly use this issue to
achieve remote code execution. (CVE-2024-30045)
It was discovered that .NET did not properly handle the usage of a
shared resource. An attacker could possibly use this to cause a dead-lock
condition, resulting in a denial of service. (CVE-2024-30046)
thunderbird-115.11.0-1.fc39
Update to 115.11.0
https://www.mozilla.org/en-US/security/advisories/mfsa2024-23/
https://www.thunderbird.net/en-US/thunderbird/115.11.0/releasenotes/
python-jinja2-3.1.4-1.fc40
Update to 3.1.4 (rhbz#2279211,rhbz#2279491)
python-jinja2-3.1.4-1.fc39
Update to 3.1.4 (rhbz#2279211,rhbz#2279491)
python-jinja2-3.1.4-1.fc38
Update to 3.1.4 (rhbz#2279211,rhbz#2279491)
