FEDORA-2024-46374d2703
Packages in this update:
python3.6-3.6.15-27.fc40
Update description:
Security fix for CVE-2007-4559.
python3.6-3.6.15-27.fc40
Security fix for CVE-2007-4559.
python3.6-3.6.15-27.fc41
Automatic update for python3.6-3.6.15-27.fc41.
* Thu Feb 29 2024 Charalampos Stratakis <cstratak@redhat.com> – 3.6.15-27
– Security fix for CVE-2007-4559
– Fixes: rhbz#2141080
It was discovered that HtmlCleaner incorrectly handled certain html
documents. An attacker could possibly use this issue to cause a denial
of service via application crash.
openvswitch-3.2.2-1.fc39
Update to 3.2.2
It indirectly fix CVE-2023-3966 and CVE-2023-5366
ZeddYu Lu discovered that Puma incorrectly handled parsing certain headers.
A remote attacker could possibly use this issue to perform an HTTP Request
Smuggling attack. This issue only affected Ubuntu 20.04 LTS.
(CVE-2020-11076)
It was discovered that Puma incorrectly handled parsing certain headers.
A remote attacker could possibly use this issue to perform an HTTP Request
Smuggling attack. This issue only affected Ubuntu 20.04 LTS.
(CVE-2020-11077)
Jean Boussier discovered that Puma might not always release resources
properly after handling HTTP requests. A remote attacker could possibly
use this issue to read sensitive information. (CVE-2022-23634)
It was discovered that Puma incorrectly handled certain malformed headers.
A remote attacker could use this issue to perform an HTTP Request Smuggling
attack. (CVE-2022-24790)
Ben Kallus discovered that Puma incorrectly handled parsing certain headers.
A remote attacker could use this issue to perform an HTTP Request Smuggling
attack. (CVE-2023-40175)
Bartek Nowotarski discovered that Puma incorrectly handled parsing certain
encoded content. A remote attacker could possibly use this to cause a
denial of service. (CVE-2024-21647)
openvswitch-3.3.0-1.fc40
Update to 3.3.0
Remove network-scripts subpackage starting from Fedora 40
Backport a simple fix to avoid “SSL db: implementation” test to fail
It also indirectly fix CVE-2023-3966 and CVE-2023-5366
iwd-2.16-1.fc40
iwd 2.16:
Fix issue with uninitialized variable and DPP encrypt.
Fix issue with Access Point mode and ATTR_MAC validation.
Fix issue with Access Point mode and frequency attributes.
Fix issue with P2P and handling client info description.
Fix issue with P2P and handling parsing of service info.
Fix issue with netconfig and handling domain list.
Add support for forcing a default ECC group.
iwd-2.16-1.fc39
iwd 2.16:
Fix issue with uninitialized variable and DPP encrypt.
Fix issue with Access Point mode and ATTR_MAC validation.
Fix issue with Access Point mode and frequency attributes.
Fix issue with P2P and handling client info description.
Fix issue with P2P and handling parsing of service info.
Fix issue with netconfig and handling domain list.
Add support for forcing a default ECC group.
opensc-0.25.0-1.fc40
New upstream release with security fixes for CVE-2023-5992 and CVE-2024-1454
opensc-0.25.0-1.fc39
New upstream release with security fixes for CVE-2023-5992 and CVE-2024-1454