krb5-1.21.3-2.fc39
Security:
CVE-2024-3596: Fix for BlastRADIUS vulnerability in libkrad (support for Message-Authenticator attribute)
Marvin attack: Removal of the “RSA” method for PKINIT
Fix of miscellaneous mistakes in the code
Enhancement:
Rework of TCP request timeout (disabled by default, global timeout setting added)
USN-7085-1 fixed a vulnerability in X.Org. This update provides
the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.
Original advisory details:
Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled
certain memory operations in the X Keyboard Extension. An attacker could
use this issue to cause the X Server to crash, leading to a denial of
service, or possibly execute arbitrary code.
USN-7084-1 fixed vulnerability in urllib3. This update provides the
corresponding update for the urllib3 module bundled into pip.
Original advisory details:
It was discovered that urllib3 didn’t strip HTTP Proxy-Authorization
header on cross-origin redirects. A remote attacker could possibly use
this issue to obtain sensitive information.
yasm-1.3.0^20230922git9defefa-2.el9
Update to latest upstream commit, fixes CVE-2021-31975 and CVE-2021-33454. Internal testsuite was also enabled as part of the build.
thunderbird-128.4.0-1.fc41
Update to 128.4.0
https://www.thunderbird.net/en-US/thunderbird/128.4.0esr/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2024-58/
opendmarc-1.4.2-21.fc42
Automatic update for opendmarc-1.4.2-21.fc42.
* Wed Oct 30 2024 Mikel Olasagasti Uranga <mikel@olasagasti.info> – 1.4.2-21
– Fix for CVE-2024-25768 – Closes rhbz#2266175 rhbz#2266174
* Tue Oct 29 2024 Mikel Olasagasti Uranga <mikel@olasagasti.info> – 1.4.2-15
– Simplify spec
– Remove checks on if systemd is present
– Remove checks on old Fedora releases
– Remove checks on EL7 or older
– Use make macros
Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled
certain memory operations in the X Keyboard Extension. An attacker could
use this issue to cause the X Server to crash, leading to a denial of
service, or possibly execute arbitrary code.
firefox-132.0-2.fc41
New upstream update (132.0)
firefox-132.0-2.fc40
New upstream update (132.0)
Multiple vulnerabilities have been discovered in Siemens InterMesh Subscriber Devices, the most severe of which could allow for remote code execution. InterMesh leverages mesh radio technology and hardened alarm monitoring panels to create a private, self-healing network that delivers alarm signals. Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution in the context of the system. Depending on the privileges associated with the system, an attacker could then install programs; view, change, or delete data.
