FEDORA-2024-55a5adeec4
Packages in this update:
firefox-130.0-5.fc41
Update description:
PipeWire camera support: backport set of upstream patches
New upstream update (130.0)
firefox-130.0-5.fc41
PipeWire camera support: backport set of upstream patches
New upstream update (130.0)
It was discovered that LibTIFF incorrectly handled memory. An attacker
could possibly use this issue to cause the application to crash, resulting
in a denial of service.
USN-6841-1 fixed a vulnerability in PHP. This update provides the
corresponding updates for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.
Original advisory details:
It was discovered that PHP could early return in the filter_var function
resulting in invalid user information being treated as valid user
information. An attacker could possibly use this issue to expose raw
user input information.
Several security issues were discovered in the WebKitGTK Web and JavaScript
engines. If a user were tricked into viewing a malicious website, a remote
attacker could exploit a variety of issues related to web browser security,
including cross-site scripting attacks, denial of service attacks, and
arbitrary code execution.
mbedtls3.6-3.6.1-1.fc41
Update to 3.6.1
Release notes: https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.6.1
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 3.3. The following CVEs are assigned: CVE-2024-45107.
Multiple security issues were discovered in Thunderbird. If a user were
tricked into opening a specially crafted website in a browsing context, an
attacker could potentially exploit these to cause a denial of service,
obtain sensitive information, bypass security restrictions, cross-site
tracing, or execute arbitrary code. (CVE-2024-7521, CVE-2024-7526,
CVE-2024-7527, CVE-2024-7529, CVE-2024-8382)
It was discovered that Thunderbird did not properly manage certain memory
operations when processing graphics shared memory. An attacker could
potentially exploit this issue to escape the sandbox. (CVE-2024-7519)
Irvan Kurniawan discovered that Thunderbird did not properly check an
attribute value in the editor component, leading to an out-of-bounds read
vulnerability. An attacker could possibly use this issue to cause a denial
of service or expose sensitive information. (CVE-2024-7522)
Rob Wu discovered that Thunderbird did not properly check permissions when
creating a StreamFilter. An attacker could possibly use this issue to
modify response body of requests on any site using a web extension.
(CVE-2024-7525)
Nils Bars discovered that Thunderbird contained a type confusion
vulnerability when performing certain property name lookups. An attacker
could potentially exploit this issue to cause a denial of service, or
execute arbitrary code. (CVE-2024-8381)
It was discovered that Thunderbird did not properly manage memory during
garbage collection. An attacker could potentially exploit this issue to
cause a denial of service, or execute arbitrary code. (CVE-2024-8384)
python3.13-3.13.0~rc2-1.fc39
Python 3.13.0rc2
python3.13-3.13.0~rc2-1.fc40
Python 3.13.0rc2
python3.13-3.13.0~rc2-1.fc41
python3-docs-3.13.0~rc2-1.fc41
Python 3.13.0rc2
Security fix for CVE-2024-8088 and CVE-2024-6232