chromium-123.0.6312.105-1.fc38
update to 123.0.6312.105
* High CVE-2024-3156: Inappropriate implementation in V8
* High CVE-2024-3158: Use after free in Bookmarks
* High CVE-2024-3159: Out of bounds memory access in V8
jose-13-1.fc38
Security fix for CVE-2023-50967
jose-13-1.fc39
Security fix for CVE-2023-50967
jose-13-1.fc40
Security fix for CVE-2023-50967
It was discovered that a race condition existed in the io_uring subsystem
in the Linux kernel, leading to a use-after-free vulnerability. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code.(CVE-2023-1872)
Lonial Con discovered that the netfilter subsystem in the Linux kernel
contained a memory leak when handling certain element flush operations. A
local attacker could use this to expose sensitive information (kernel
memory).(CVE-2023-4569)
It was discovered that the TLS subsystem in the Linux kernel did not
properly perform cryptographic operations in some situations, leading to a
null pointer dereference vulnerability. A local attacker could use this to
cause a denial of service (system crash) or possibly execute arbitrary
code.(CVE-2023-6176)
It was discovered that a race condition existed in the AppleTalk networking
subsystem of the Linux kernel, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code.(CVE-2023-51781)
Jann Horn discovered that the TLS subsystem in the Linux kernel did not
properly handle spliced messages, leading to an out-of-bounds write
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code.(CVE-2024-0646)
Notselwyn discovered that the netfilter subsystem in the Linux kernel did
not properly handle verdict parameters in certain cases, leading to a use-
after-free vulnerability. A local attacker could use this to cause a denial
of service (system crash) or possibly execute arbitrary code.(CVE-2024-1086)
clojure-1.8.0-3.el7
Security fix for CVE-2024-22871
Posted by Security Explorations on Apr 02
Hello All,
It’s been 1.5 years since Microsoft got a notification about PlayReady issues
affecting Canal+ VOD service in Poland [1].
Per information received from Microsoft back then:
1) “to maintain the integrity of the PlayReady ecosystem, the company takes
reports such as (ours) very seriously” (Oct 7, 2022),
2) the STB manufacturer committed to mitigate the incident (Nov 18, 2022).
However, as of late Mar 2024, no change…
Claudio Bozzato discovered multiple security issues in gtkwave, a file
waveform viewer for VCD (Value Change Dump) files, which may result in the
execution of arbitrary code if malformed files are opened.
Security issues were discovered in Chromium, which could result
in the execution of arbitrary code, denial of service or information
disclosure.
libdwarf-0.9.2-1.fc40
Update to latest upstream release.
