Several security issues were discovered in the WebKitGTK Web and JavaScript
engines. If a user were tricked into viewing a malicious website, a remote
attacker could exploit a variety of issues related to web browser security,
including cross-site scripting attacks, denial of service attacks, and
arbitrary code execution.

Read More

FEDORA-2024-9a87127dd0

Packages in this update:

mbedtls3.6-3.6.1-1.fc41

Update description:

Update to 3.6.1

Release notes: https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.6.1

Read More

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 3.3. The following CVEs are assigned: CVE-2024-45107.

Read More

Multiple security issues were discovered in Thunderbird. If a user were
tricked into opening a specially crafted website in a browsing context, an
attacker could potentially exploit these to cause a denial of service,
obtain sensitive information, bypass security restrictions, cross-site
tracing, or execute arbitrary code. (CVE-2024-7521, CVE-2024-7526,
CVE-2024-7527, CVE-2024-7529, CVE-2024-8382)

It was discovered that Thunderbird did not properly manage certain memory
operations when processing graphics shared memory. An attacker could
potentially exploit this issue to escape the sandbox. (CVE-2024-7519)

Irvan Kurniawan discovered that Thunderbird did not properly check an
attribute value in the editor component, leading to an out-of-bounds read
vulnerability. An attacker could possibly use this issue to cause a denial
of service or expose sensitive information. (CVE-2024-7522)

Rob Wu discovered that Thunderbird did not properly check permissions when
creating a StreamFilter. An attacker could possibly use this issue to
modify response body of requests on any site using a web extension.
(CVE-2024-7525)

Nils Bars discovered that Thunderbird contained a type confusion
vulnerability when performing certain property name lookups. An attacker
could potentially exploit this issue to cause a denial of service, or
execute arbitrary code. (CVE-2024-8381)

It was discovered that Thunderbird did not properly manage memory during
garbage collection. An attacker could potentially exploit this issue to
cause a denial of service, or execute arbitrary code. (CVE-2024-8384)

Read More

FEDORA-2024-f2fc325c40

Packages in this update:

python3.13-3.13.0~rc2-1.fc39

Update description:

Python 3.13.0rc2

Read More

FEDORA-2024-e887a10dee

Packages in this update:

python3.13-3.13.0~rc2-1.fc40

Update description:

Python 3.13.0rc2

Read More

FEDORA-2024-ebf3fe7bc9

Packages in this update:

python3.13-3.13.0~rc2-1.fc41
python3-docs-3.13.0~rc2-1.fc41

Update description:

Python 3.13.0rc2

Security fix for CVE-2024-8088 and CVE-2024-6232

Read More

FEDORA-2024-5cd6011cf7

Packages in this update:

openssl-3.1.4-4.fc39

Update description:

Patch for CVE-2024-6119

Read More

Multiple security issues were discovered in Thunderbird, which could
result in the execution of arbitrary code.

https://security-tracker.debian.org/tracker/DSA-5767-1

Read More

FEDORA-2024-9c7bbee0f0

Packages in this update:

libcoap-4.3.5-6.fc41

Update description:

Update to 4.3.5 GA

Read More