FEDORA-FLATPAK-2024-0572e6f545

Packages in this update:

flatpak-kde6-runtime-f39-18
flatpak-kde6-sdk-f39-13

Update description:

Refresh including latest Fedora 39 security and bug-fix errata.

Read More

FEDORA-FLATPAK-2024-99fadaeb5e

Packages in this update:

flatpak-kde5-runtime-f39-25
flatpak-kde5-sdk-f39-12

Update description:

Refresh including latest Fedora 39 security and bug-fix errata.

Read More

It was discovered that LibTIFF incorrectly handled certain files. If
a user were tricked into opening a specially crafted file, an attacker
could possibly use this issue to cause the application to crash, resulting
in a denial of service. (CVE-2023-52356)

It was discovered that LibTIFF incorrectly handled certain image files
with the tiffcp utility. If a user were tricked into opening a specially
crafted image file, an attacker could possibly use this issue to cause
tiffcp to crash, resulting in a denial of service. (CVE-2023-6228)

It was discovered that LibTIFF incorrectly handled certain files. If
a user were tricked into opening a specially crafted file, an attacker
could possibly use this issue to cause the application to consume
resources, resulting in a denial of service. (CVE-2023-6277)

Read More

FEDORA-FLATPAK-2024-cd3bcdb139

Packages in this update:

flatpak-runtime-f39-22
flatpak-sdk-f39-13

Update description:

Updated flatpak runtime and SDK, including latest Fedora 39 security and bug-fix errata.

In addition, this update also includes updated nss 3.98.0 that’s needed for upcoming firefox 123.0 update.

Read More

Emre Durmaz discovered that NPM IP package incorrectly distinguished
between private and public IP addresses. A remote attacker could
possibly use this issue to perform
Server-Side Request Forgery (SSRF) attacks.

Read More

Shoham Danino, Anat Bremler-Barr, Yehuda Afek, and Yuval Shavitt discovered
that Bind incorrectly handled parsing large DNS messages. A remote attacker
could possibly use this issue to cause Bind to consume resources, leading
to a denial of service. (CVE-2023-4408)

Elias Heftrig, Haya Schulmann, Niklas Vogel, and Michael Waidner discovered
that Bind icorrectly handled validating DNSSEC messages. A remote attacker
could possibly use this issue to cause Bind to consume resources, leading
to a denial of service. (CVE-2023-50387)

It was discovered that Bind incorrectly handled preparing an NSEC3 closest
encloser proof. A remote attacker could possibly use this issue to cause
Bind to consume resources, leading to a denial of service. (CVE-2023-50868)

It was discovered that Bind incorrectly handled reverse zone queries when
nxdomain-redirect is enabled. A remote attacker could possibly use this
issue to cause Bind to crash, leading to a denial of service.
(CVE-2023-5517)

It was discovered that Bind incorrectly handled certain specific recursive
query patterns. A remote attacker could possibly use this issue to cause
Bind to consume memory, leading to a denial of service. (CVE-2023-6516)

Bind has been updated to 9.6.48. In addition to security fixes, the updated
packages contain bug fixes, new features, and possibly incompatible
changes.

Please see the following for more information:
https://downloads.isc.org/isc/bind9/9.16.48/doc/arm/html/notes.html

Read More

FEDORA-2024-28fc0c2ef4

Packages in this update:

yarnpkg-1.22.21-2.fc39

Update description:

Update to 1.22.21, add fixes for CVE-2022-37599, CVE-2023-26136, CVE-2023-46234.

Read More

FEDORA-2024-5ecc250449

Packages in this update:

yarnpkg-1.22.21-2.fc38

Update description:

Update to 1.22.21, add fixes for CVE-2022-37599, CVE-2023-26136, CVE-2023-46234.

Read More

Harry Sintonen discovered that curl incorrectly handled mixed case cookie
domains. A remote attacker could possibly use this issue to set cookies
that get sent to different and unrelated sites and domains.

Read More

FEDORA-2024-e74783429c

Packages in this update:

libxls-1.6.2-14.fc39

Update description:

Security fix for CVE-2023-38852

Read More