libopenmpt-0.7.6-1.fc39
Bring all current releases from either version 0.7.3 or 0.6.12 to version 0.7.6 for more bug-fixes and also as to resolve potential security issues: https://lib.openmpt.org/libopenmpt/news/
A vulnerability has been discovered in XZ Utils that could allow for remote code execution. XZ is a general-purpose data compression format present in nearly every Linux distribution, both community projects and commercial product distributions. Successful exploitation of this vulnerability could allow for remote code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have less rights on the system could be less impacted than those who operate with administrative user rights.
c-ares-1.28.0-1.fc40
Update to 1.28.0. Also fixes CVE-2024-25629.
c-ares-1.28.0-1.fc39
Update to 1.28.0. Also fixes CVE-2024-25629.
c-ares-1.28.0-1.fc38
Update to 1.28.0. Also fixes CVE-2024-25629.
cockpit-314-1.fc40
Automatic update for cockpit-314-1.fc40.
* Thu Mar 28 2024 Packit <hello@packit.dev> – 314-1
– Diagnostic reports: Fix command injection vulnerability with crafted report names
– Storage: Improvements to read-only encrypted filesystems
cockpit-314-1.fc39
Automatic update for cockpit-314-1.fc39.
Lonial Con discovered that the netfilter subsystem in the Linux kernel did
not properly handle element deactivation in certain cases, leading to a
use-after-free vulnerability. A local attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2024-1085)
Notselwyn discovered that the netfilter subsystem in the Linux kernel did
not properly handle verdict parameters in certain cases, leading to a use-
after-free vulnerability. A local attacker could use this to cause a denial
of service (system crash) or possibly execute arbitrary code.
(CVE-2024-1086)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– Network drivers;
– PWM drivers;
(CVE-2024-26597, CVE-2024-26599)
