FEDORA-2024-e6a35cd250
Packages in this update:
freeimage-3.19.0-0.23.svn1909.fc38
mingw-freeimage-3.19.0-0.20.svn1909.fc38
Update description:
Add downstream fixes for CVE-2023-47995 and CVE-2023-47997.
freeimage-3.19.0-0.23.svn1909.fc38
mingw-freeimage-3.19.0-0.20.svn1909.fc38
Add downstream fixes for CVE-2023-47995 and CVE-2023-47997.
freeimage-3.19.0-0.23.svn1909.fc39
mingw-freeimage-3.19.0-0.20.svn1909.fc39
Add downstream fixes for CVE-2023-47995 and CVE-2023-47997.
chromium-122.0.6261.111-1.el7
Upstream security release 122.0.6261.111
* High CVE-2024-2173: Out of bounds memory access in V8
* High CVE-2024-2174: Inappropriate implementation in V8
* High CVE-2024-2176: Use after free in FedCM
chromium-122.0.6261.111-1.el9
Upstream security release 122.0.6261.111
* High CVE-2024-2173: Out of bounds memory access in V8
* High CVE-2024-2174: Inappropriate implementation in V8
* High CVE-2024-2176: Use after free in FedCM
chromium-122.0.6261.111-1.el8
Upstream security release 122.0.6261.111
* High CVE-2024-2173: Out of bounds memory access in V8
* High CVE-2024-2174: Inappropriate implementation in V8
* High CVE-2024-2176: Use after free in FedCM
mingw-expat-2.6.1-1.fc40
Update to 2.6.1, backport fix for CVE-2024-28757.
mingw-expat-2.6.1-1.fc38
Update to 2.6.1, backport fix for CVE-2024-28757.
mingw-expat-2.6.1-1.fc39
Update to 2.6.1, backport fix for CVE-2024-28757.
pgadmin4-8.4-1.fc40
python-jsonformatter-0.3.2-2.fc40
Update to pgadmin4-8.4.
It was discovered that the uv_getaddrinfo() function in libuv, an
asynchronous event notification library, incorrectly truncated certain
hostnames, which may result in bypass of security measures on internal
APIs or SSRF attacks.