Multiple security issues have been found in the Mozilla Firefox web
browser, which could potentially result in the execution of arbitrary
code, cross-site scripting, spoofing or information disclosure.
Category Archives: Advisories
thunderbird-115.16.1-1.fc39
FEDORA-2024-ad738c922d
Packages in this update:
thunderbird-115.16.1-1.fc39
Update description:
Update to 115.16.1
https://www.thunderbird.net/en-US/thunderbird/115.16.1esr/releasenotes/
krb5-1.21.3-3.fc41
FEDORA-2024-c0961d31b8
Packages in this update:
krb5-1.21.3-3.fc41
Update description:
Security:
CVE-2024-3596: Fix for BlastRADIUS vulnerability in libkrad (support for Message-Authenticator attribute)
Marvin attack: Removal of the “RSA” method for PKINIT
Fix of miscellaneous mistakes in the code
Enhancement:
Rework of TCP request timeout (disabled by default, global timeout setting added)
krb5-1.21.3-2.fc40
FEDORA-2024-29a74ac2b0
Packages in this update:
krb5-1.21.3-2.fc40
Update description:
Security:
CVE-2024-3596: Fix for BlastRADIUS vulnerability in libkrad (support for Message-Authenticator attribute)
Marvin attack: Removal of the “RSA” method for PKINIT
Fix of miscellaneous mistakes in the code
Enhancement:
Rework of TCP request timeout (disabled by default, global timeout setting added)
krb5-1.21.3-2.fc39
FEDORA-2024-862f5c4156
Packages in this update:
krb5-1.21.3-2.fc39
Update description:
Security:
CVE-2024-3596: Fix for BlastRADIUS vulnerability in libkrad (support for Message-Authenticator attribute)
Marvin attack: Removal of the “RSA” method for PKINIT
Fix of miscellaneous mistakes in the code
Enhancement:
Rework of TCP request timeout (disabled by default, global timeout setting added)
USN-7085-2: X.Org X Server vulnerability
USN-7085-1 fixed a vulnerability in X.Org. This update provides
the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.
Original advisory details:
Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled
certain memory operations in the X Keyboard Extension. An attacker could
use this issue to cause the X Server to crash, leading to a denial of
service, or possibly execute arbitrary code.
USN-7084-2: pip vulnerability
USN-7084-1 fixed vulnerability in urllib3. This update provides the
corresponding update for the urllib3 module bundled into pip.
Original advisory details:
It was discovered that urllib3 didn’t strip HTTP Proxy-Authorization
header on cross-origin redirects. A remote attacker could possibly use
this issue to obtain sensitive information.
yasm-1.3.0^20230922git9defefa-2.el9
FEDORA-EPEL-2024-c20a11cabc
Packages in this update:
yasm-1.3.0^20230922git9defefa-2.el9
Update description:
Update to latest upstream commit, fixes CVE-2021-31975 and CVE-2021-33454. Internal testsuite was also enabled as part of the build.
thunderbird-128.4.0-1.fc41
FEDORA-2024-2b2993a69d
Packages in this update:
thunderbird-128.4.0-1.fc41
Update description:
Update to 128.4.0
https://www.thunderbird.net/en-US/thunderbird/128.4.0esr/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2024-58/
opendmarc-1.4.2-21.fc42
FEDORA-2024-dede8e91b1
Packages in this update:
opendmarc-1.4.2-21.fc42
Update description:
Automatic update for opendmarc-1.4.2-21.fc42.
Changelog
* Wed Oct 30 2024 Mikel Olasagasti Uranga <mikel@olasagasti.info> – 1.4.2-21
– Fix for CVE-2024-25768 – Closes rhbz#2266175 rhbz#2266174
* Tue Oct 29 2024 Mikel Olasagasti Uranga <mikel@olasagasti.info> – 1.4.2-15
– Simplify spec
– Remove checks on if systemd is present
– Remove checks on old Fedora releases
– Remove checks on EL7 or older
– Use make macros