Read Time:11 Second
FEDORA-EPEL-2024-59fe4b1ed6
Packages in this update:
zabbix6.0-6.0.36-1.el8
Update description:
Update to 6.0.36
CVE-2024-42330, CVE-2024-42332 rhbz#2329220, CVE-2024-42333 rhbz#2329223
Category Archives: Advisories
zabbix-6.0.36-1.el9
Read Time:11 Second
FEDORA-EPEL-2024-a84aa88792
Packages in this update:
zabbix-6.0.36-1.el9
Update description:
Update to 6.0.36
CVE-2024-42330 rhbz#2329218, CVE-2024-42332 rhbz#2329221, CVE-2024-42333 rhbz#2329224
zabbix-6.0.36-1.fc40
Read Time:11 Second
FEDORA-2024-bcdea6e995
Packages in this update:
zabbix-6.0.36-1.fc40
Update description:
Update to 6.0.36
CVE-2024-42330 rhbz#2329219, CVE-2024-42332 rhbz#2329222, CVE-2024-42333 rhbz#2329225
php-extras-8.0.30-2.el9
Read Time:20 Second
FEDORA-EPEL-2024-366dd673ff
Packages in this update:
php-extras-8.0.30-2.el9
Update description:
Security fixes backported from 8.1.31
PDO DBLIB:
Fixed bug GHSA-5hqh-c84r-qjcv (Integer overflow in the dblib quoter causing OOB writes). (CVE-2024-11236) (nielsdos)
PDO Firebird:
Fixed bug GHSA-5hqh-c84r-qjcv (Integer overflow in the firebird quoter causing OOB writes). (CVE-2024-11236) (nielsdos)
webkitgtk-2.46.4-1.fc41
Read Time:21 Second
FEDORA-2024-472d01833c
Packages in this update:
webkitgtk-2.46.4-1.fc41
Update description:
Improve memory consumption and performance of Canvas getImageData.
Fix preserve-3D intersection rendering.
Fix video dimensions since GStreamer 1.24.9.
Fix the HTTP-based remote Web Inspector not loading in Chromium.
Fix content filters not working on about:blank iframes.
Fix several crashes and rendering issues.
Fix CVE-2024-44308, CVE-2024-44309
webkitgtk-2.46.4-1.fc40
Read Time:21 Second
FEDORA-2024-4014fa4ecc
Packages in this update:
webkitgtk-2.46.4-1.fc40
Update description:
Improve memory consumption and performance of Canvas getImageData.
Fix preserve-3D intersection rendering.
Fix video dimensions since GStreamer 1.24.9.
Fix the HTTP-based remote Web Inspector not loading in Chromium.
Fix content filters not working on about:blank iframes.
Fix several crashes and rendering issues.
Fix CVE-2024-44308, CVE-2024-44309
thunderbird-128.5.0-1.fc40
Read Time:12 Second
FEDORA-2024-515180fdb3
Packages in this update:
thunderbird-128.5.0-1.fc40
Update description:
Update to 128.5.0
https://www.thunderbird.net/en-US/thunderbird/128.5.0esr/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2024-68/
thunderbird-128.5.0-1.fc41
Read Time:12 Second
FEDORA-2024-07f6b6766c
Packages in this update:
thunderbird-128.5.0-1.fc41
Update description:
Update to 128.5.0
https://www.thunderbird.net/en-US/thunderbird/128.5.0esr/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2024-68/
pam-1.6.1-5.fc40
Read Time:7 Second
FEDORA-2024-45478608e2
Packages in this update:
pam-1.6.1-5.fc40
Update description:
pam_access: rework resolving of tokens as hostname.
uv-0.5.5-2.fc40
Read Time:2 Minute, 29 Second
FEDORA-2024-075f626765
Packages in this update:
uv-0.5.5-2.fc40
Update description:
Update uv from 0.4.30 to 0.5.5. This is a significant update. Please see the following notes.
By updating to a current release of uv, this update fixes CVE-2024-53899, which was originally reported against virtualenv but which was also reproducible on uv 0.5.2 and earlier. See upstream issue #9424 for more details.
This update adds a default system-wide configuration file /etc/uv/uv.toml with settings specific to Fedora. The RPM-packaged uv now deviates from the default configuration in two ways.
First, we set “python-downloads” to “manual” in order to avoid unintended Python downloads. We suggest using RPM-packaged (system) Pythons that benefit from distribution maintenance and integration. Use uv python install to manually install managed Pythons.
Second, we set “python-preference” to “system” instead of “managed”. Otherwise, any managed Python would be used for uv operations where no particular Python is specified, even if the only available managed Python were much older than the primary system Python.
No choices can be appropriate for all users and applications. To restore the default behavior, comment out settings in this file or override them in a configuration file with higher precedence, such as a user-level configuration file. See https://docs.astral.sh/uv/configuration/files/ for details on the interaction of project-, user-, and system-level configuration files.
With 0.5.0, uv introduced several potentially breaking changes. The developers write that these are “changes that improve correctness and user experience, but could break some workflows. This release contains those changes; many have been marked as breaking out of an abundance of caution. We expect most users to be able to upgrade without making changes.”
Use base executable to set virtualenv Python path
Use XDG (i.e. ~/.local/bin) instead of the Cargo home directory in the installer
Discover and respect .python-version files in parent directories
Error when disallowed settings are defined in uv.toml
Implement PEP 440-compliant local version semantics
Treat the base Conda environment as a system environment
Do not allow pre-releases when the != operator is used
Prefer USERPROFILE over FOLDERID_Profile when selecting a home directory on Windows
Improve interactions between color environment variables and CLI options
Make allow-insecure-host a global option
Only write .python-version files during uv init for workspace members if the version differs
For detailed discussion of these changes, please see https://github.com/astral-sh/uv/releases/tag/0.5.0.
For other fixes, enhancements, and changes in this update, please consult the following:
https://github.com/astral-sh/uv/releases/tag/0.5.1
https://github.com/astral-sh/uv/releases/tag/0.5.2
https://github.com/astral-sh/uv/releases/tag/0.5.3
https://github.com/astral-sh/uv/releases/tag/0.5.4
https://github.com/astral-sh/uv/releases/tag/0.5.5