FEDORA-2024-ec22e51ec2
Packages in this update:
nghttp2-1.52.0-3.fc38
Update description:
fix CONTINUATION frames DoS (CVE-2024-28182)
nghttp2-1.52.0-3.fc38
fix CONTINUATION frames DoS (CVE-2024-28182)
curl-8.6.0-8.fc40
fix Usage of disabled protocol (CVE-2024-2004)
fix HTTP/2 push headers memory-leak (CVE-2024-2398)
nghttp2-1.55.1-5.fc39
fix CONTINUATION frames DoS (CVE-2024-28182)
nghttp2-1.59.0-3.fc40
fix CONTINUATION frames DoS (CVE-2024-28182)
chromium-123.0.6312.105-1.fc40
update to 123.0.6312.105
High CVE-2024-3156: Inappropriate implementation in V8
High CVE-2024-3158: Use after free in Bookmarks
High CVE-2024-3159: Out of bounds memory access in V8
xorg-x11-server-Xwayland-22.1.9-6.fc38
CVE fix for: CVE-2024-31080, CVE-2024-31081, CVE-2024-31083
kernel-6.8.3-200.fc39
kernel-headers-6.8.3-200.fc39
The 6.8.3 stable kernel rebase contains improved hardware support, new features, and a number of important fixes across the tree.
USN-6710-1 fixed vulnerabilities in Firefox. The update introduced
several minor regressions. This update fixes the problem.
Original advisory details:
Manfred Paul discovered that Firefox did not properly perform bounds
checking during range analysis, leading to an out-of-bounds write
vulnerability. A attacker could use this to cause a denial of service,
or execute arbitrary code. (CVE-2024-29943)
Manfred Paul discovered that Firefox incorrectly handled MessageManager
listeners under certain circumstances. An attacker who was able to inject
an event handler into a privileged object may have been able to execute
arbitrary code. (CVE-2024-29944)
It was discovered that Cockpit, a web console for Linux servers, was
susceptible to arbitrary command execution if an administrative user
was tricked into opening an sosreport file with a malformed filename.
xorg-x11-server-Xwayland-23.2.5-1.fc39
CVE fix for: CVE-2024-31080, CVE-2024-31081, CVE-2024-31082 and CVE-2024-31083