Read Time:7 Second
FEDORA-2024-7261a9f668
Packages in this update:
libebml-1.4.5-1.fc38
Update description:
Fixes CVE-2023-52339. No API or ABI changes.
Category Archives: Advisories
libebml-1.4.5-1.fc39
Read Time:7 Second
FEDORA-2024-ab879eeed1
Packages in this update:
libebml-1.4.5-1.fc39
Update description:
Fixes CVE-2023-52339. No API or ABI changes.
qt5-qtwebengine-5.15.16-1.fc39
Read Time:7 Second
FEDORA-2024-bf2399e5e5
Packages in this update:
qt5-qtwebengine-5.15.16-1.fc39
Update description:
QtWebEngine 5.15.16 bugfix update.
python-nikola-8.3.0-1.fc38
Read Time:38 Second
FEDORA-2024-1eb20f8ec3
Packages in this update:
python-nikola-8.3.0-1.fc38
Update description:
Update to the latest stable version:
Features
Implement a new plugin manager from scratch to replace Yapsy,
which does not work on Python 3.12 due to Python 3.12 carelessly
removing parts of the standard library (Issue #3719)
Support for Discourse as comment system (Issue #3689)
Bugfixes
Fix loading of templates from plugins with __init__.py files
(Issue #3725)
Fix margins of paragraphs at the end of sections (Issue #3704)
Ignore .DS_Store files in listing indexes (Issue #3698)
Fix baguetteBox.js invoking in the base theme (Issue #3687)
Fix development (preview) server nikola auto
for non-root SITE_URL, in particular when URL_TYPE is full_path.
(Issue #3715)
python-nikola-8.3.0-1.fc39
Read Time:38 Second
FEDORA-2024-262ad83644
Packages in this update:
python-nikola-8.3.0-1.fc39
Update description:
Update to the latest stable version:
Features
Implement a new plugin manager from scratch to replace Yapsy,
which does not work on Python 3.12 due to Python 3.12 carelessly
removing parts of the standard library (Issue #3719)
Support for Discourse as comment system (Issue #3689)
Bugfixes
Fix loading of templates from plugins with __init__.py files
(Issue #3725)
Fix margins of paragraphs at the end of sections (Issue #3704)
Ignore .DS_Store files in listing indexes (Issue #3698)
Fix baguetteBox.js invoking in the base theme (Issue #3687)
Fix development (preview) server nikola auto
for non-root SITE_URL, in particular when URL_TYPE is full_path.
(Issue #3715)
GLSA 202402-01: glibc: Multiple Vulnerabilities
chromium-121.0.6167.139-1.el9
Read Time:46 Second
FEDORA-EPEL-2024-2dd0ef9006
Packages in this update:
chromium-121.0.6167.139-1.el9
Update description:
update to 121.0.6167.139
High CVE-2024-1060: Use after free in Canvas
High CVE-2024-1059: Use after free in WebRTC
High CVE-2024-1077: Use after free in Network
update to 121.0.6167.85
High CVE-2024-0807: Use after free in WebAudio
High CVE-2024-0812: Inappropriate implementation in Accessibility
High CVE-2024-0808: Integer underflow in WebUI
Medium CVE-2024-0810: Insufficient policy enforcement in DevTools
Medium CVE-2024-0814: Incorrect security UI in Payments
Medium CVE-2024-0813: Use after free in Reading Mode
Medium CVE-2024-0806: Use after free in Passwords
Medium CVE-2024-0805: Inappropriate implementation in Downloads
Medium CVE-2024-0804: Insufficient policy enforcement in iOS Security UI
Low CVE-2024-0811: Inappropriate implementation in Extensions API
Low CVE-2024-0809: Inappropriate implementation in Autofill
chromium-121.0.6167.139-2.el8
Read Time:46 Second
FEDORA-EPEL-2024-44e34a2f20
Packages in this update:
chromium-121.0.6167.139-2.el8
Update description:
update to 121.0.6167.139
High CVE-2024-1060: Use after free in Canvas
High CVE-2024-1059: Use after free in WebRTC
High CVE-2024-1077: Use after free in Network
update to 121.0.6167.85
High CVE-2024-0807: Use after free in WebAudio
High CVE-2024-0812: Inappropriate implementation in Accessibility
High CVE-2024-0808: Integer underflow in WebUI
Medium CVE-2024-0810: Insufficient policy enforcement in DevTools
Medium CVE-2024-0814: Incorrect security UI in Payments
Medium CVE-2024-0813: Use after free in Reading Mode
Medium CVE-2024-0806: Use after free in Passwords
Medium CVE-2024-0805: Inappropriate implementation in Downloads
Medium CVE-2024-0804: Insufficient policy enforcement in iOS Security UI
Low CVE-2024-0811: Inappropriate implementation in Extensions API
Low CVE-2024-0809: Inappropriate implementation in Autofill
Atlassian Confluence Remote Code Execution (CVE-2023-22527)
Read Time:31 Second
What is the Vulnerability?
On Jan 16 2024, Atlassian released an advisory for a template injection vulnerability on Confluence Data Center and Server. That can allow an unauthenticated attacker to remotely execute malicious code on affected versions. This vulnerability is rated with a severity level of 10.0 (Critical).
What is the Vendor Solution?
Atlassian highly recommend to apply the latest version available as listed on their advisory. [ Link ]
What FortiGuard Coverage is available?
FortiGuard Labs has an IPS signature “Atlassian.Confluence.CVE-2023-22527.Remote.Code.Execution” in place for CVE-2023-22527. The FortiGuard is seeing active exploitation attempts on this vulnerability.
USN-6621-1: ImageMagick vulnerability
Read Time:7 Second
It was discovered that ImageMagick incorrectly handled certain values when
processing BMP files. An attacker could exploit this to cause a denial of
service.