It was discovered that the NVIDIA Tegra XUSB pad controller driver in the
Linux kernel did not properly handle return values in certain error
conditions. A local attacker could use this to cause a denial of service
(system crash). (CVE-2023-23000)

Quentin Minster discovered that the KSMBD implementation in the Linux
kernel did not properly handle session setup requests. A remote attacker
could possibly use this to cause a denial of service (memory exhaustion).
(CVE-2023-32247)

Lonial Con discovered that the netfilter subsystem in the Linux kernel did
not properly handle element deactivation in certain cases, leading to a
use-after-free vulnerability. A local attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2024-1085)

Notselwyn discovered that the netfilter subsystem in the Linux kernel did
not properly handle verdict parameters in certain cases, leading to a use-
after-free vulnerability. A local attacker could use this to cause a denial
of service (system crash) or possibly execute arbitrary code.
(CVE-2024-1086)

It was discovered that a race condition existed in the SCSI Emulex
LightPulse Fibre Channel driver in the Linux kernel when unregistering FCF
and re-scanning an HBA FCF table, leading to a null pointer dereference
vulnerability. A local attacker could use this to cause a denial of service
(system crash). (CVE-2024-24855)

Read More

It was discovered that Graphviz incorrectly handled certain config6a files.
An attacker could possibly use this issue to cause a denial of service.

Read More

FEDORA-2024-534c900eff

Packages in this update:

python-cryptography-42.0.5-1.fc40

Update description:

Update to upstream version 42.0.5
Fixes CVE-2024-26130

Read More

FEDORA-2024-b458482d48

Packages in this update:

ghc-base64-0.4.2.4-28.fc39
ghc-hakyll-4.16.2.0-4.fc39
ghc-isocline-1.0.9-28.fc39
ghc-toml-parser-1.3.2.0-29.fc39
gitit-0.15.1.1-6.fc39
pandoc-3.1.3-29.fc39
pandoc-cli-3.1.3-29.fc39
patat-0.11.0.0-1.fc39

Update description:

Security fix for CVE-2023-35936 and CVE-2023-38745

pandoc:

backport fixes for CVE-2023-35936 and CVE-2023-38745

pandoc-cli:

new package for pandoc binary

patat:

update to 0.11.0.0 and enable tests

base64, isocline, toml-parser: now packaged in Fedora

Read More

FEDORA-2024-bc7d40eb2e

Packages in this update:

php-tcpdf-6.7.4-1.fc40

Update description:

Version 6.7.4 (2024-03-21)

Upgrade tcpdf tag encryption algorithm.

Version 6.7.3 (2024-03-20)

Fix regression issue #699.

Version 6.7.2 (2024-03-18)

Fix security issue.
[BREAKING CHANGE] The tcpdf HTML tag syntax has changed, see example_049.php.
New K_ALLOWED_TCPDF_TAGS configuration constant to set the allowed methods for the tcdpf HTML tag.
Raised minimum PHP version to PHP 5.5.0.

Read More

FEDORA-2024-22f1e313dd

Packages in this update:

podman-tui-1.0.0-1.fc39

Update description:

podman-tui release v1.0.0

Security fix for [CVE-2024-28180]

Read More

FEDORA-EPEL-2024-684f77a897

Packages in this update:

podman-tui-1.0.0-1.el9

Update description:

podman-tui release v1.0.0

Security fix for [CVE-2024-28180]

Read More

FEDORA-2024-529fe8a802

Packages in this update:

podman-tui-1.0.0-1.fc38

Update description:

podman-tui release v1.0.0

Security fix for [CVE-2024-28180]

Read More

FEDORA-2024-831bad8f8f

Packages in this update:

podman-tui-1.0.0-1.fc40

Update description:

podman-tui release v1.0.0

Read More

FEDORA-2024-ec79868e3b

Packages in this update:

chromium-123.0.6312.58-1.fc39

Update description:

Update to 123.0.6312.58

* High CVE-2024-2625: Object lifecycle issue in V8
* Medium CVE-2024-2626: Out of bounds read in Swiftshader
* Medium CVE-2024-2627: Use after free in Canvas
* Medium CVE-2024-2628: Inappropriate implementation in Downloads
* Medium CVE-2024-2629: Incorrect security UI in iOS
* Medium CVE-2024-2630: Inappropriate implementation in iOS
* Low CVE-2024-2631: Inappropriate implementation in iOS

Read More