FEDORA-2024-7e4f058c2f
Packages in this update:
mingw-python-requests-2.32.0-1.fc39
Update description:
Update to requests-2.32.0, fixes CVE-2024-35195.
mingw-python-requests-2.32.0-1.fc39
Update to requests-2.32.0, fixes CVE-2024-35195.
mingw-python-requests-2.32.0-1.fc40
Update to requests-2.32.0, fixes CVE-2024-35195.
oci-cli-3.41.0-1.fc41
python-oci-2.126.4-1.fc41
oci-cli 3.41.0
Guido Vranken discovered that idna did not properly manage certain inputs,
which could lead to significant resource consumption. An attacker could
possibly use this issue to cause a denial of service.
libreoffice-7.6.7.2-1.fc39
7.6.7.2
Le Dinh Hai discovered that Spreadsheet::ParseExcel was passing unvalidated
input from a file into a string-type “eval”. An attacker could craft a
malicious file to achieve arbitrary code execution.
firefox-126.0-7.fc38
Fixed DBus service to not run without Gnome search requests
new upstream update (126.0)
New upstream version (125.0.3)
Latest upstream release.
Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code. (CVE-2024-4767,
CVE-2024-4768, CVE-2024-4769, CVE-2024-4771, CVE-2024-4772, CVE-2024-4773,
CVE-2024-4774, CVE-2024-4775, CVE-2024-4776, CVE-2024-4777, CVE-2024-4778)
Jan-Ivar Bruaroey discovered that Firefox did not properly manage memory
when audio input connected with multiple consumers. An attacker could
potentially exploit this issue to cause a denial of service, or execute
arbitrary code. (CVE-2024-4764)
Thomas Rinsma discovered that Firefox did not properly handle type check
when handling fonts in PDF.js. An attacker could potentially exploit this
issue to execute arbitrary javascript code in PDF.js. (CVE-2024-4367)
Irvan Kurniawan discovered that Firefox did not properly handle certain
font styles when saving a page to PDF. An attacker could potentially
exploit this issue to cause a denial of service. (CVE-2024-4770)
Posted by Asterisk Development Team via Fulldisclosure on May 20
The Asterisk Development Team would like to announce security release
Asterisk 20.8.1.
The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/20.8.1
and
https://downloads.asterisk.org/pub/telephony/asterisk
Repository: https://github.com/asterisk/asterisk
Tag: 20.8.1
## Change Log for Release asterisk-20.8.1
### Links:
– [Full ChangeLog](…
Posted by Asterisk Development Team via Fulldisclosure on May 20
The Asterisk Development Team would like to announce security release
Asterisk 21.3.1.
The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/21.3.1
and
https://downloads.asterisk.org/pub/telephony/asterisk
Repository: https://github.com/asterisk/asterisk
Tag: 21.3.1
## Change Log for Release asterisk-21.3.1
### Links:
– [Full ChangeLog](…