chromium-123.0.6312.122-1.el7
update to 123.0.6312.122
High CVE-2024-3157: Out of bounds write in Compositing
High CVE-2024-3516: Heap buffer overflow in ANGLE
High CVE-2024-3515: Use after free in Dawn
Bartek Nowotarski discovered that Apache Traffic Server, a reverse and
forward proxy server, was susceptible to denial of service via HTTP2
continuation frames.
kernel-6.8.6-200.fc39
The 6.8.6 stable kernel update contains a number of important fixes across the tree.
Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or information
leaks.
What is the vulnerability/attack?
A critical unauthenticated remote code injection vulnerability in the PAN-OS GlobalProtect Gateway was discovered. This vulnerability tracked under CVE-2024-3400 has a CVSS rating of 10.0. The GlobalProtect Gateway provides security solution for roaming users by extending the same next-generation firewall-based policies. According to the vendor advisory, active exploitation is on-going.
What is the recommended Mitigation?
The vendor has released a threat prevention signature and is currently developing a hotfix releases of PAN-OS.
What FortiGuard Coverage is available?
As the situation is still developing; the FortiGuard team will update the threat signal and provide more information on related protections as they are released. FortiGuard Incident Response team can be engaged to help with any suspected compromise.
unbound-1.19.3-1.fc38
Use the origin (DNAME) TTL for synthesized CNAMEs as per RFC 6672.
Bug fixes
https://nlnetlabs.nl/projects/unbound/download/#unbound-1-19-3
unbound-1.19.3-1.fc39
Use the origin (DNAME) TTL for synthesized CNAMEs as per RFC 6672.
Bug fixes
https://nlnetlabs.nl/projects/unbound/download/#unbound-1-19-3
unbound-1.19.3-1.fc40
Use the origin (DNAME) TTL for synthesized CNAMEs as per RFC 6672.
Bug fixes
https://nlnetlabs.nl/projects/unbound/download/#unbound-1-19-3
CVE-2024-1931 – Fix trim of EDE text from large udp responses from spinning cpu.
unbound-1.19.3-1.fc41
Automatic update for unbound-1.19.3-1.fc41.
* Fri Apr 12 2024 Petr Menšík <pemensik@redhat.com> – 1.19.3-1
– Update to 1.19.3 (rhbz#2268404)
– Fix CVE-2024-1931, Denial of service when trimming EDE text on positive
replies. (rhbz#2268419)
– Use the origin (DNAME) TTL for synthesized CNAMEs as per RFC 6672.
– Bug fixes
* Sat Mar 9 2024 Paul Wouters <paul.wouters@aiven.io> – 1.19.1-4
– Add spec file comment
chromium-123.0.6312.122-1.fc40
update to 123.0.6312.122
* High CVE-2024-3157: Out of bounds write in Compositing
* High CVE-2024-3516: Heap buffer overflow in ANGLE
* High CVE-2024-3515: Use after free in Dawn
