Category Archives: Advisories

perl-Clipboard-0.29-1.fc41

Read Time:17 Second

FEDORA-2024-966c267928

Packages in this update:

perl-Clipboard-0.29-1.fc41

Update description:

Automatic update for perl-Clipboard-0.29-1.fc41.

Changelog

* Wed Apr 10 2024 Xavier Bachelot <xavier@bachelot.org> – 0.29-1
– Update to 0.29 (RHBZ#2273832)
– Fixes RHBZ#2257224 and RHBZ#2257225
– Convert License: to SPDX

Read More

USN-6727-1: NSS vulnerabilities

Read Time:39 Second

It was discovered that NSS incorrectly handled padding when checking PKCS#1
certificates. A remote attacker could possibly use this issue to perform
Bleichenbacher-like attacks and recover private data. This issue only
affected Ubuntu 20.04 LTS. (CVE-2023-4421)

It was discovered that NSS had a timing side-channel when performing RSA
decryption. A remote attacker could possibly use this issue to recover
private data. (CVE-2023-5388)

It was discovered that NSS had a timing side-channel when using certain
NIST curves. A remote attacker could possibly use this issue to recover
private data. (CVE-2023-6135)

The NSS package contained outdated CA certificates. This update refreshes
the NSS package to version 3.98 which includes the latest CA certificate
bundle and other security improvements.

Read More

wordpress-6.5.2-1.fc40

Read Time:20 Second

FEDORA-2024-e6d3143991

Packages in this update:

wordpress-6.5.2-1.fc40

Update description:

Upstream annoucement: WordPress 6.5.2 Maintenance and Security Release

Security updates included in this release

A cross-site scripting (XSS) vulnerability affecting the Avatar block type; reported by John Blackbourn of the WordPress security team. Many thanks to Mat Rollings for assisting with the research.

Upstream announcement: WordPress 6.5 “Regina”

Read More

wordpress-6.5.2-1.fc39

Read Time:20 Second

FEDORA-2024-8ffb095abb

Packages in this update:

wordpress-6.5.2-1.fc39

Update description:

Upstream annoucement: WordPress 6.5.2 Maintenance and Security Release

Security updates included in this release

A cross-site scripting (XSS) vulnerability affecting the Avatar block type; reported by John Blackbourn of the WordPress security team. Many thanks to Mat Rollings for assisting with the research.

Upstream announcement: WordPress 6.5 “Regina”

Read More

wordpress-6.5.2-1.el9

Read Time:21 Second

FEDORA-EPEL-2024-7c7a65fa6c

Packages in this update:

wordpress-6.5.2-1.el9

Update description:

Upstream annoucement: WordPress 6.5.2 Maintenance and Security Release

Security updates included in this release

A cross-site scripting (XSS) vulnerability affecting the Avatar block type; reported by John Blackbourn of the WordPress security team. Many thanks to Mat Rollings for assisting with the research.

Upstream announcement: WordPress 6.5 “Regina”

Read More

wordpress-6.4.4-1.fc38

Read Time:17 Second

FEDORA-2024-0a2f144348

Packages in this update:

wordpress-6.4.4-1.fc38

Update description:

WordPress 6.4.4 Security Release

Security updates included in this release

A cross-site scripting (XSS) vulnerability affecting the Avatar block type; reported by John Blackbourn of the WordPress security team. Many thanks to Mat Rollings for assisting with the research.

Read More

USN-6719-2: util-linux vulnerability

Read Time:21 Second

USN-6719-1 fixed a vulnerability in util-linux. Unfortunately, it was
discovered that the fix did not fully address the issue. This update
removes the setgid permission bit from the wall and write utilities.

Original advisory details:

Skyler Ferrante discovered that the util-linux wall command did not filter
escape sequences from command line arguments. A local attacker could
possibly use this issue to obtain sensitive information.

Read More