Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– JFS file system;
– BPF subsystem;
– Netfilter;
(CVE-2023-52600, CVE-2024-26589, CVE-2024-26591, CVE-2024-26581,
CVE-2023-52603)

Read More

FEDORA-FLATPAK-2024-a3977e7532

Packages in this update:

flatpak-runtime-f40-2
flatpak-sdk-f40-1

Update description:

Updated flatpak runtime and SDK, including latest Fedora 40 security and bug-fix errata.

In addition, this update also includes updated nss 3.99.0 that’s needed for upcoming firefox 125.0 update.

Read More

FEDORA-2024-3c48fb76ea

Packages in this update:

thunderbird-115.10.1-1.fc39

Update description:

Update to 115.10.1

https://www.thunderbird.net/en-US/thunderbird/115.10.1/releasenotes/

Update to 115.10.0

https://www.thunderbird.net/en-US/thunderbird/115.10.0/releasenotes/

Read More

FEDORA-2024-d9f71e759e

Packages in this update:

thunderbird-115.10.1-1.fc38

Update description:

Update to 115.10.1

https://www.thunderbird.net/en-US/thunderbird/115.10.1/releasenotes/

Update to 115.10.0

https://www.thunderbird.net/en-US/thunderbird/115.10.0/releasenotes/

Read More

FEDORA-2024-c4a71dab58

Packages in this update:

python-aiohttp-3.9.5-1.fc41

Update description:

Automatic update for python-aiohttp-3.9.5-1.fc41.

Changelog

* Fri Apr 19 2024 Benjamin A. Beasley <code@musicinmybrain.net> – 3.9.5-1
– Update to 3.9.5 (fix RHBZ#2275991, fix CVE-2024-27306)

Read More

USN-6744-1 fixed a vulnerability in Pillow (Python 3). This update
provides the corresponding updates for Pillow (Python 2) in
Ubuntu 20.04 LTS.

Original advisory details:

Hugo van Kemenade discovered that Pillow was not properly performing
bounds checks when processing an ICC file, which could lead to a buffer
overflow. If a user or automated system were tricked into processing a
specially crafted ICC file, an attacker could possibly use this issue
to cause a denial of service or execute arbitrary code.

Read More

FEDORA-2024-930af3332f

Packages in this update:

python-dns-2.6.1-1.fc40

Update description:

Update to 2.6.1 (rhbz#2263657) (refix for CVE-2023-29483)

Read More

It was discovered that in Percona XtraBackup, a local crafted filename
could trigger arbitrary code execution.

Read More

Fabian Bäumer, Marcus Brinkmann, and Jörg Schwenk discovered that LXD
incorrectly handled the handshake phase and the use of sequence numbers in SSH
Binary Packet Protocol (BPP). If a user or an automated system were tricked
into opening a specially crafted input file, a remote attacker could possibly
use this issue to bypass integrity checks.

Read More

Hugo van Kemenade discovered that Pillow was not properly performing
bounds checks when processing an ICC file, which could lead to a buffer
overflow. If a user or automated system were tricked into processing a
specially crafted ICC file, an attacker could possibly use this issue
to cause a denial of service or execute arbitrary code.

Read More