FEDORA-EPEL-2024-25c9732d41

Packages in this update:

clamav-1.0.6-1.el9

Update description:

ClamAV 1.0.6 is a critical patch release with the following fixes:

Updated select Rust dependencies to the latest versions. This resolved Cargo audit complaints and included PNG parser bug fixes.

GitHub pull requesthttps://github.com/Cisco-Talos/clamav/pull/1225

Fixed a bug causing some text to be truncated when converting from UTF-16.

GitHub pull requesthttps://github.com/Cisco-Talos/clamav/pull/1232

Fixed assorted complaints identified by Coverity static analysis.

GitHub pull requesthttps://github.com/Cisco-Talos/clamav/pull/1237

Fixed a bug causing CVDs downloaded by the DatabaseCustomURL Freshclam config option to be pruned and then re-downloaded with every update.

GitHub pull requesthttps://github.com/Cisco-Talos/clamav/pull/1240

Added the new ‘valhalla’ database name to the list of optional databases in preparation for future work.

GitHub pull requesthttps://github.com/Cisco-Talos/clamav/pull/1240

Silenced a warning “Unexpected early end-of-file” that occured when scanning some PNG files.

GitHub pull requesthttps://github.com/Cisco-Talos/clamav/pull/1216

Read More

FEDORA-2024-92b8ac25a5

Packages in this update:

clamav-1.0.6-1.fc38

Update description:

ClamAV 1.0.6 is a critical patch release with the following fixes:

Updated select Rust dependencies to the latest versions. This resolved Cargo audit complaints and included PNG parser bug fixes.

GitHub pull requesthttps://github.com/Cisco-Talos/clamav/pull/1225

Fixed a bug causing some text to be truncated when converting from UTF-16.

GitHub pull requesthttps://github.com/Cisco-Talos/clamav/pull/1232

Fixed assorted complaints identified by Coverity static analysis.

GitHub pull requesthttps://github.com/Cisco-Talos/clamav/pull/1237

Fixed a bug causing CVDs downloaded by the DatabaseCustomURL Freshclam config option to be pruned and then re-downloaded with every update.

GitHub pull requesthttps://github.com/Cisco-Talos/clamav/pull/1240

Added the new ‘valhalla’ database name to the list of optional databases in preparation for future work.

GitHub pull requesthttps://github.com/Cisco-Talos/clamav/pull/1240

Silenced a warning “Unexpected early end-of-file” that occured when scanning some PNG files.

GitHub pull requesthttps://github.com/Cisco-Talos/clamav/pull/1216

Read More

Security issues were discovered in Chromium, which could result
in the execution of arbitrary code, denial of service or information
disclosure.

https://security-tracker.debian.org/tracker/DSA-5675-1

Read More

It was discovered that nghttp2 incorrectly handled the HTTP/2
implementation. A remote attacker could possibly use this issue to cause
nghttp2 to consume resources, leading to a denial of service. This issue
only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-9511,
CVE-2019-9513)

It was discovered that nghttp2 incorrectly handled request cancellation. A
remote attacker could possibly use this issue to cause nghttp2 to consume
resources, leading to a denial of service. This issue only affected Ubuntu
16.04 LTS and Ubuntu 18.04 LTS. (CVE-2023-44487)

It was discovered that nghttp2 could be made to process an unlimited number
of HTTP/2 CONTINUATION frames. A remote attacker could possibly use this
issue to cause nghttp2 to consume resources, leading to a denial of
service. (CVE-2024-28182)

Read More

Thomas Neil James Shadwell discovered that CryptoJS was using an insecure
cryptographic default configuration. A remote attacker could possibly use
this issue to expose sensitive information.

Read More

It was discovered that Zabbix incorrectly handled input data in the
discovery and graphs pages. A remote authenticated attacker could possibly
use this issue to perform reflected cross-site scripting (XSS) attacks.
(CVE-2022-35229, CVE-2022-35230)

Read More

It was discovered that FreeRDP incorrectly handled certain memory
operations. If a user were tricked into connecting to a malicious server, a
remote attacker could possibly use this issue to cause FreeRDP to crash,
resulting in a denial of service.

Read More

FEDORA-2024-48bdd3abbf

Packages in this update:

ruby-3.2.4-182.fc38

Update description:

Upgrade to Ruby 3.2.4.

Read More

FEDORA-2024-31cac8b8ec

Packages in this update:

ruby-3.2.4-182.fc39

Update description:

Upgrade to Ruby 3.2.4.

Read More

FEDORA-EPEL-2024-0c24da3136

Packages in this update:

chromium-124.0.6367.78-1.el9

Update description:

update to 124.0.6367.78

* Critical CVE-2024-4058: Type Confusion in ANGLE
* High CVE-2024-4059: Out of bounds read in V8 API
* High CVE-2024-4060: Use after free in Dawn

update to 124.0.6367.60

High CVE-2024-3832: Object corruption in V8
High CVE-2024-3833: Object corruption in WebAssembly
High CVE-2024-3914: Use after free in V8
High CVE-2024-3834: Use after free in Downloads
Medium CVE-2024-3837: Use after free in QUIC
Medium CVE-2024-3838: Inappropriate implementation in Autofill
Medium CVE-2024-3839: Out of bounds read in Fonts
Medium CVE-2024-3840: Insufficient policy enforcement in Site Isolation
Medium CVE-2024-3841: Insufficient data validation in Browser Switcher
Medium CVE-2024-3843: Insufficient data validation in Downloads
Low CVE-2024-3844: Inappropriate implementation in Extensions
Low CVE-2024-3845: Inappropriate implementation in Network
Low CVE-2024-3846: Inappropriate implementation in Prompts
Low CVE-2024-3847: Insufficient policy enforcement in WebUI

update to 123.0.6312.122

High CVE-2024-3157: Out of bounds write in Compositing
High CVE-2024-3516: Heap buffer overflow in ANGLE
High CVE-2024-3515: Use after free in Dawn

Read More