Charles Fol discovered that the iconv() function in the GNU C library is
prone to a buffer overflow vulnerability when converting strings to the
ISO-2022-CN-EXT character set, which may lead to denial of service
(application crash) or the execution of arbitrary code.
Category Archives: Advisories
openssl3-3.2.1-1.1.el8
FEDORA-EPEL-2024-b002585dd2
Packages in this update:
openssl3-3.2.1-1.1.el8
Update description:
Merge in changes from c9s’ openssl to pick up various CVE fixes and other bugfixes
nextcloud-28.0.4-2.fc38
FEDORA-2024-d67f9827b2
Packages in this update:
nextcloud-28.0.4-2.fc38
Update description:
Fix typo and 2 RPM build warnings
update to 28.0.3
fix CVE-2024-22403
firefox-flatpak-125.0.2-1
FEDORA-FLATPAK-2024-57e9bcf6a3
Packages in this update:
firefox-flatpak-125.0.2-1
Update description:
Firefox 125.0 release. For details, see https://www.mozilla.org/en-US/firefox/125.0/releasenotes/
Please note that this update depends on the flatpak runtime update from https://bodhi.fedoraproject.org/updates/FEDORA-FLATPAK-2024-a3977e7532
USN-6743-2: Linux kernel (Low Latency) vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– JFS file system;
– BPF subsystem;
– Netfilter;
(CVE-2023-52600, CVE-2024-26589, CVE-2024-26591, CVE-2024-26581,
CVE-2023-52603)
flatpak-runtime-f40-2 flatpak-sdk-f40-1
FEDORA-FLATPAK-2024-a3977e7532
Packages in this update:
flatpak-runtime-f40-2
flatpak-sdk-f40-1
Update description:
Updated flatpak runtime and SDK, including latest Fedora 40 security and bug-fix errata.
In addition, this update also includes updated nss 3.99.0 that’s needed for upcoming firefox 125.0 update.
thunderbird-115.10.1-1.fc39
FEDORA-2024-3c48fb76ea
Packages in this update:
thunderbird-115.10.1-1.fc39
Update description:
Update to 115.10.1
https://www.thunderbird.net/en-US/thunderbird/115.10.1/releasenotes/
Update to 115.10.0
https://www.thunderbird.net/en-US/thunderbird/115.10.0/releasenotes/
thunderbird-115.10.1-1.fc38
FEDORA-2024-d9f71e759e
Packages in this update:
thunderbird-115.10.1-1.fc38
Update description:
Update to 115.10.1
https://www.thunderbird.net/en-US/thunderbird/115.10.1/releasenotes/
Update to 115.10.0
https://www.thunderbird.net/en-US/thunderbird/115.10.0/releasenotes/
python-aiohttp-3.9.5-1.fc41
FEDORA-2024-c4a71dab58
Packages in this update:
python-aiohttp-3.9.5-1.fc41
Update description:
Automatic update for python-aiohttp-3.9.5-1.fc41.
Changelog
* Fri Apr 19 2024 Benjamin A. Beasley <code@musicinmybrain.net> – 3.9.5-1
– Update to 3.9.5 (fix RHBZ#2275991, fix CVE-2024-27306)
USN-6744-2: Pillow vulnerability
USN-6744-1 fixed a vulnerability in Pillow (Python 3). This update
provides the corresponding updates for Pillow (Python 2) in
Ubuntu 20.04 LTS.
Original advisory details:
Hugo van Kemenade discovered that Pillow was not properly performing
bounds checks when processing an ICC file, which could lead to a buffer
overflow. If a user or automated system were tricked into processing a
specially crafted ICC file, an attacker could possibly use this issue
to cause a denial of service or execute arbitrary code.