Guido Vranken discovered that idna did not properly manage certain inputs,
which could lead to significant resource consumption. An attacker could
possibly use this issue to cause a denial of service.
libreoffice-7.6.7.2-1.fc39
7.6.7.2
Le Dinh Hai discovered that Spreadsheet::ParseExcel was passing unvalidated
input from a file into a string-type “eval”. An attacker could craft a
malicious file to achieve arbitrary code execution.
firefox-126.0-7.fc38
Fixed DBus service to not run without Gnome search requests
new upstream update (126.0)
New upstream version (125.0.3)
Latest upstream release.
Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code. (CVE-2024-4767,
CVE-2024-4768, CVE-2024-4769, CVE-2024-4771, CVE-2024-4772, CVE-2024-4773,
CVE-2024-4774, CVE-2024-4775, CVE-2024-4776, CVE-2024-4777, CVE-2024-4778)
Jan-Ivar Bruaroey discovered that Firefox did not properly manage memory
when audio input connected with multiple consumers. An attacker could
potentially exploit this issue to cause a denial of service, or execute
arbitrary code. (CVE-2024-4764)
Thomas Rinsma discovered that Firefox did not properly handle type check
when handling fonts in PDF.js. An attacker could potentially exploit this
issue to execute arbitrary javascript code in PDF.js. (CVE-2024-4367)
Irvan Kurniawan discovered that Firefox did not properly handle certain
font styles when saving a page to PDF. An attacker could potentially
exploit this issue to cause a denial of service. (CVE-2024-4770)
Posted by Asterisk Development Team via Fulldisclosure on May 20
The Asterisk Development Team would like to announce security release
Asterisk 20.8.1.
The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/20.8.1
and
https://downloads.asterisk.org/pub/telephony/asterisk
Repository: https://github.com/asterisk/asterisk
Tag: 20.8.1
## Change Log for Release asterisk-20.8.1
### Links:
– [Full ChangeLog](…
Posted by Asterisk Development Team via Fulldisclosure on May 20
The Asterisk Development Team would like to announce security release
Asterisk 21.3.1.
The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/21.3.1
and
https://downloads.asterisk.org/pub/telephony/asterisk
Repository: https://github.com/asterisk/asterisk
Tag: 21.3.1
## Change Log for Release asterisk-21.3.1
### Links:
– [Full ChangeLog](…
Posted by Asterisk Development Team via Fulldisclosure on May 20
The Asterisk Development Team would like to announce security release
Asterisk 18.23.1.
The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/18.23.1
and
https://downloads.asterisk.org/pub/telephony/asterisk
Repository: https://github.com/asterisk/asterisk
Tag: 18.23.1
## Change Log for Release asterisk-18.23.1
### Links:
– [Full ChangeLog](…
Posted by Andrea Intilangelo on May 20
CVE-2024-34058: Nethserver 7 & 8 stored cross-site scripting (XSS) in WebTop package
Use CVE-2024-34058.
Additional info:
NethServer is an Open Source operating system for the Linux enthusiast, designed for small offices and medium
enterprises. From their website: “It’s simple, secure and flexible” and “ready to deliver your messages, to protect
your network with the built-in firewall, share your files and much more,…
chromium-125.0.6422.60-3.el7
update to 125.0.6422.60
High CVE-2024-4947: Type Confusion in V8
High CVE-2024-4948: Use after free in Dawn
Medium CVE-2024-4949: Use after free in V8
Low CVE-2024-4950: Inappropriate implementation in Downloads
