FEDORA-2024-cd94b2df32

Packages in this update:

et-6.2.1-15.fc40

Update description:

Unbundle cpp-httlib, fixing CVE-2023-26130

Read More

FEDORA-2024-34474f346b

Packages in this update:

clamav-1.0.6-1.fc40

Update description:

ClamAV 1.0.6 is a critical patch release with the following fixes:

Updated select Rust dependencies to the latest versions. This resolved Cargo audit complaints and included PNG parser bug fixes.

GitHub pull requesthttps://github.com/Cisco-Talos/clamav/pull/1225

Fixed a bug causing some text to be truncated when converting from UTF-16.

GitHub pull requesthttps://github.com/Cisco-Talos/clamav/pull/1232

Fixed assorted complaints identified by Coverity static analysis.

GitHub pull requesthttps://github.com/Cisco-Talos/clamav/pull/1237

Fixed a bug causing CVDs downloaded by the DatabaseCustomURL Freshclam config option to be pruned and then re-downloaded with every update.

GitHub pull requesthttps://github.com/Cisco-Talos/clamav/pull/1240

Added the new ‘valhalla’ database name to the list of optional databases in preparation for future work.

GitHub pull requesthttps://github.com/Cisco-Talos/clamav/pull/1240

Silenced a warning “Unexpected early end-of-file” that occured when scanning some PNG files.

GitHub pull requesthttps://github.com/Cisco-Talos/clamav/pull/1216

Read More

FEDORA-2024-1a79c2ef63

Packages in this update:

clamav-1.0.6-1.fc39

Update description:

ClamAV 1.0.6 is a critical patch release with the following fixes:

Updated select Rust dependencies to the latest versions. This resolved Cargo audit complaints and included PNG parser bug fixes.

GitHub pull requesthttps://github.com/Cisco-Talos/clamav/pull/1225

Fixed a bug causing some text to be truncated when converting from UTF-16.

GitHub pull requesthttps://github.com/Cisco-Talos/clamav/pull/1232

Fixed assorted complaints identified by Coverity static analysis.

GitHub pull requesthttps://github.com/Cisco-Talos/clamav/pull/1237

Fixed a bug causing CVDs downloaded by the DatabaseCustomURL Freshclam config option to be pruned and then re-downloaded with every update.

GitHub pull requesthttps://github.com/Cisco-Talos/clamav/pull/1240

Added the new ‘valhalla’ database name to the list of optional databases in preparation for future work.

GitHub pull requesthttps://github.com/Cisco-Talos/clamav/pull/1240

Silenced a warning “Unexpected early end-of-file” that occured when scanning some PNG files.

GitHub pull requesthttps://github.com/Cisco-Talos/clamav/pull/1216

Read More

FEDORA-EPEL-2024-25c9732d41

Packages in this update:

clamav-1.0.6-1.el9

Update description:

ClamAV 1.0.6 is a critical patch release with the following fixes:

Updated select Rust dependencies to the latest versions. This resolved Cargo audit complaints and included PNG parser bug fixes.

GitHub pull requesthttps://github.com/Cisco-Talos/clamav/pull/1225

Fixed a bug causing some text to be truncated when converting from UTF-16.

GitHub pull requesthttps://github.com/Cisco-Talos/clamav/pull/1232

Fixed assorted complaints identified by Coverity static analysis.

GitHub pull requesthttps://github.com/Cisco-Talos/clamav/pull/1237

Fixed a bug causing CVDs downloaded by the DatabaseCustomURL Freshclam config option to be pruned and then re-downloaded with every update.

GitHub pull requesthttps://github.com/Cisco-Talos/clamav/pull/1240

Added the new ‘valhalla’ database name to the list of optional databases in preparation for future work.

GitHub pull requesthttps://github.com/Cisco-Talos/clamav/pull/1240

Silenced a warning “Unexpected early end-of-file” that occured when scanning some PNG files.

GitHub pull requesthttps://github.com/Cisco-Talos/clamav/pull/1216

Read More

FEDORA-2024-92b8ac25a5

Packages in this update:

clamav-1.0.6-1.fc38

Update description:

ClamAV 1.0.6 is a critical patch release with the following fixes:

Updated select Rust dependencies to the latest versions. This resolved Cargo audit complaints and included PNG parser bug fixes.

GitHub pull requesthttps://github.com/Cisco-Talos/clamav/pull/1225

Fixed a bug causing some text to be truncated when converting from UTF-16.

GitHub pull requesthttps://github.com/Cisco-Talos/clamav/pull/1232

Fixed assorted complaints identified by Coverity static analysis.

GitHub pull requesthttps://github.com/Cisco-Talos/clamav/pull/1237

Fixed a bug causing CVDs downloaded by the DatabaseCustomURL Freshclam config option to be pruned and then re-downloaded with every update.

GitHub pull requesthttps://github.com/Cisco-Talos/clamav/pull/1240

Added the new ‘valhalla’ database name to the list of optional databases in preparation for future work.

GitHub pull requesthttps://github.com/Cisco-Talos/clamav/pull/1240

Silenced a warning “Unexpected early end-of-file” that occured when scanning some PNG files.

GitHub pull requesthttps://github.com/Cisco-Talos/clamav/pull/1216

Read More

Security issues were discovered in Chromium, which could result
in the execution of arbitrary code, denial of service or information
disclosure.

https://security-tracker.debian.org/tracker/DSA-5675-1

Read More

It was discovered that nghttp2 incorrectly handled the HTTP/2
implementation. A remote attacker could possibly use this issue to cause
nghttp2 to consume resources, leading to a denial of service. This issue
only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-9511,
CVE-2019-9513)

It was discovered that nghttp2 incorrectly handled request cancellation. A
remote attacker could possibly use this issue to cause nghttp2 to consume
resources, leading to a denial of service. This issue only affected Ubuntu
16.04 LTS and Ubuntu 18.04 LTS. (CVE-2023-44487)

It was discovered that nghttp2 could be made to process an unlimited number
of HTTP/2 CONTINUATION frames. A remote attacker could possibly use this
issue to cause nghttp2 to consume resources, leading to a denial of
service. (CVE-2024-28182)

Read More

Thomas Neil James Shadwell discovered that CryptoJS was using an insecure
cryptographic default configuration. A remote attacker could possibly use
this issue to expose sensitive information.

Read More

It was discovered that Zabbix incorrectly handled input data in the
discovery and graphs pages. A remote authenticated attacker could possibly
use this issue to perform reflected cross-site scripting (XSS) attacks.
(CVE-2022-35229, CVE-2022-35230)

Read More

It was discovered that FreeRDP incorrectly handled certain memory
operations. If a user were tricked into connecting to a malicious server, a
remote attacker could possibly use this issue to cause FreeRDP to crash,
resulting in a denial of service.

Read More