Read Time:10 Second
FEDORA-2024-a09456b7a9
Packages in this update:
curl-8.6.0-8.fc40
Update description:
fix Usage of disabled protocol (CVE-2024-2004)
fix HTTP/2 push headers memory-leak (CVE-2024-2398)
Category Archives: Advisories
nghttp2-1.55.1-5.fc39
Read Time:7 Second
FEDORA-2024-a00de83de9
Packages in this update:
nghttp2-1.55.1-5.fc39
Update description:
fix CONTINUATION frames DoS (CVE-2024-28182)
nghttp2-1.59.0-3.fc40
Read Time:7 Second
FEDORA-2024-da8cdd8414
Packages in this update:
nghttp2-1.59.0-3.fc40
Update description:
fix CONTINUATION frames DoS (CVE-2024-28182)
chromium-123.0.6312.105-1.fc40
Read Time:15 Second
FEDORA-2024-f92626814d
Packages in this update:
chromium-123.0.6312.105-1.fc40
Update description:
update to 123.0.6312.105
High CVE-2024-3156: Inappropriate implementation in V8
High CVE-2024-3158: Use after free in Bookmarks
High CVE-2024-3159: Out of bounds memory access in V8
xorg-x11-server-Xwayland-22.1.9-6.fc38
Read Time:9 Second
FEDORA-2024-dd905788c4
Packages in this update:
xorg-x11-server-Xwayland-22.1.9-6.fc38
Update description:
CVE fix for: CVE-2024-31080, CVE-2024-31081, CVE-2024-31083
kernel-6.8.3-200.fc39 kernel-headers-6.8.3-200.fc39
Read Time:13 Second
FEDORA-2024-7dd4b3b9a4
Packages in this update:
kernel-6.8.3-200.fc39
kernel-headers-6.8.3-200.fc39
Update description:
The 6.8.3 stable kernel rebase contains improved hardware support, new features, and a number of important fixes across the tree.
USN-6710-2: Firefox regressions
Read Time:30 Second
USN-6710-1 fixed vulnerabilities in Firefox. The update introduced
several minor regressions. This update fixes the problem.
Original advisory details:
Manfred Paul discovered that Firefox did not properly perform bounds
checking during range analysis, leading to an out-of-bounds write
vulnerability. A attacker could use this to cause a denial of service,
or execute arbitrary code. (CVE-2024-29943)
Manfred Paul discovered that Firefox incorrectly handled MessageManager
listeners under certain circumstances. An attacker who was able to inject
an event handler into a privileged object may have been able to execute
arbitrary code. (CVE-2024-29944)
DSA-5655-1 cockpit – security update
Read Time:12 Second
It was discovered that Cockpit, a web console for Linux servers, was
susceptible to arbitrary command execution if an administrative user
was tricked into opening an sosreport file with a malformed filename.
xorg-x11-server-Xwayland-23.2.5-1.fc39
Read Time:10 Second
FEDORA-2024-a1d440af5c
Packages in this update:
xorg-x11-server-Xwayland-23.2.5-1.fc39
Update description:
CVE fix for: CVE-2024-31080, CVE-2024-31081, CVE-2024-31082 and CVE-2024-31083
trafficserver-9.2.4-1.fc39
Read Time:9 Second
FEDORA-2024-b1e16b4335
Packages in this update:
trafficserver-9.2.4-1.fc39
Update description:
Update to upstream 9.2.4, resolves CVE-2024-31309 (CONTINUATION frames DoS)