FEDORA-2024-a702b78744

Packages in this update:

python3.6-3.6.15-30.fc40

Update description:

Security fix for CVE-2024-0450 and CVE-2023-6597

Read More

It was discovered that VLC incorrectly handled certain media files.
A remote attacker could possibly use this issue to cause VLC to crash,
resulting in a denial of service, or potential arbitrary code execution.

Read More

FEDORA-2024-44edce9689

Packages in this update:

chromium-125.0.6422.76-1.fc40

Update description:

update to 125.0.6422.76

* High CVE-2024-5157: Use after free in Scheduling
* High CVE-2024-5158: Type Confusion in V8
* High CVE-2024-5159: Heap buffer overflow in ANGLE
* High CVE-2024-5160: Heap buffer overflow in Dawn

Read More

FEDORA-2024-87bb7ffab1

Packages in this update:

chromium-125.0.6422.76-1.fc39

Update description:

update to 125.0.6422.76

* High CVE-2024-5157: Use after free in Scheduling
* High CVE-2024-5158: Type Confusion in V8
* High CVE-2024-5159: Heap buffer overflow in ANGLE
* High CVE-2024-5160: Heap buffer overflow in Dawn

Read More

FEDORA-2024-ed93e6d44f

Packages in this update:

wireshark-4.0.15-1.fc39

Update description:

New version 4.2.5. Includes fixes for CVE-2024-4853, CVE-2024-4854, CVE-2024-4855.

Read More

FEDORA-2024-cd1f01e5d9

Packages in this update:

wireshark-4.2.5-1.fc40

Update description:

New version 4.2.5. Includes fixes for CVE-2024-4853, CVE-2024-4854, CVE-2024-4855.

Read More

FEDORA-EPEL-2024-1f1aef9c1c

Packages in this update:

roundcubemail-1.5.7-1.el9

Update description:

Release 1.5.7

Enigma: Fix finding of a private key when decrypting a message using GnuPG v2.3
Fix TinyMCE localization installation (#9266)
Makefile: Use phpDocumentor v3.4 for the Framework docs (#9313)
Fix command injection via crafted im_convert_path/im_identify_path on Windows
Fix cross-site scripting (XSS) vulnerability in handling list columns from user preferences
Fix cross-site scripting (XSS) vulnerability in handling SVG animate attributes

Read More

FEDORA-2024-a591b4dc74

Packages in this update:

roundcubemail-1.6.7-1.fc39

Update description:

Release 1.6.7

Makefile: Use phpDocumentor v3.4 for the Framework docs (#9313)
Fix bug where HTML entities in URLs were not decoded on HTML to plain text conversion (#9312)
Fix bug in collapsing/expanding folders with some special characters in names (#9324)
Fix PHP8 warnings (#9363, #9365, #9429)
Fix missing field labels in CSV import, for some locales (#9393)
Fix command injection via crafted im_convert_path/im_identify_path on Windows
Fix cross-site scripting (XSS) vulnerability in handling list columns from user preferences
Fix cross-site scripting (XSS) vulnerability in handling SVG animate attributes

Read More

FEDORA-2024-680b8ba54e

Packages in this update:

roundcubemail-1.6.7-1.fc40

Update description:

Release 1.6.7

Makefile: Use phpDocumentor v3.4 for the Framework docs (#9313)
Fix bug where HTML entities in URLs were not decoded on HTML to plain text conversion (#9312)
Fix bug in collapsing/expanding folders with some special characters in names (#9324)
Fix PHP8 warnings (#9363, #9365, #9429)
Fix missing field labels in CSV import, for some locales (#9393)
Fix command injection via crafted im_convert_path/im_identify_path on Windows
Fix cross-site scripting (XSS) vulnerability in handling list columns from user preferences
Fix cross-site scripting (XSS) vulnerability in handling SVG animate attributes

Read More

FEDORA-EPEL-2024-17176c2215

Packages in this update:

cacti-1.2.27-1.el9
cacti-spine-1.2.27-1.el9

Update description:

Update cacti and cacti-spine to version 1.2.27. This includes the upstream fixes for many CVEs, including a critical remote code execution bug.

https://github.com/Cacti/cacti/blob/release/1.2.27/CHANGELOG
https://github.com/Cacti/spine/blob/release/1.2.27/CHANGELOG

Read More