wordpress-6.4.3-1.fc39
WordPress 6.4.3 – Maintenance and Security release
See upstream announcement
Security updates included in this release
m4tuto for finding a PHP File Upload bypass via Plugin Installer (requiring admin privileges).
@_s_n_t of @pentestltd working with Trend Micro Zero Day Initiative for finding an RCE POP Chains vulnerability.
wordpress-6.4.3-1.el9
WordPress 6.4.3 – Maintenance and Security release
See upstream announcement
Security updates included in this release
m4tuto for finding a PHP File Upload bypass via Plugin Installer (requiring admin privileges).
@_s_n_t of @pentestltd working with Trend Micro Zero Day Initiative for finding an RCE POP Chains vulnerability.
chromium-121.0.6167.139-1.fc38
update to 121.0.6167.139
High CVE-2024-1060: Use after free in Canvas
High CVE-2024-1059: Use after free in WebRTC
High CVE-2024-1077: Use after free in Network
chromium-121.0.6167.139-1.fc39
update to 121.0.6167.139
High CVE-2024-1060: Use after free in Canvas
High CVE-2024-1059: Use after free in WebRTC
High CVE-2024-1077: Use after free in Network
Multiple security issues were discovered in Chromium, which could result
in the execution of arbitrary code, denial of service or information
disclosure.
Several vulnerabilities have been discovered in the OpenJDK Java runtime,
which may result in side channel attacks, leaking sensitive data to log
files, denial of service or bypass of sandbox restrictions.
Rory McNamara discovered that runC did not properly manage internal file
descriptor while managing containers. An attacker could possibly use this
issue to obtain sensitive information or bypass container restrictions.
Multiple Vulnerabilities have been discovered in Ivanti Products, the most severe of which could allow for remote code execution.
Ivanti Connect Secure is a SSL VPN solution for remote and mobile users.
Ivanti Policy Secure (IPS) is a network access control (NAC) solution which provides network access only to authorized and secured users and devices.
Ivanti Neurons for Zero Trust Access (nZTA) creates a secure connection from a device to web-based applications on-premises and in the cloud
Successful exploitation could allow for remote code execution in the context of the system. Depending on the privileges associated with the logged on user, an attacker could then install programs; view, change, or delete data. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
USN-6591-1 fixed vulnerabilities in Postfix. A fix with less risk of
regression has been made available since the last update. This update
updates the fix and aligns with the latest configuration guidelines
regarding this vulnerability.
We apologize for the inconvenience.
Original advisory details:
Timo Longin discovered that Postfix incorrectly handled certain email line
endings. A remote attacker could possibly use this issue to bypass an email
authentication mechanism, allowing domain spoofing and potential spamming.
Please note that certain configuration changes are required to address
this issue. They are not enabled by default for backward compatibility.
Information can be found at https://www.postfix.org/smtp-smuggling.html.
atril-1.26.2-2.fc38
fix gcc14 build error and another epub crash
use https://github.com/mate-desktop/atril/commit/479e927
use https://github.com/mate-desktop/atril/commit/d901a9d
update to 1.26.2
fix security security advisory
