It was discovered that AIOHTTP did not properly restrict file access when
the ‘follow_symlinks’ option was set to True. A remote attacker could
possibly use this issue to access unauthorized files on the system.
thunderbird-128.2.0-1.fc41
Update to 128.2.0
https://www.thunderbird.net/en-US/thunderbird/128.2.0esr/releasenotes/
thunderbird-128.2.0-1.fc40
Update to 128.2.0
https://www.thunderbird.net/en-US/thunderbird/128.2.0esr/releasenotes/
thunderbird-115.15.0-1.fc39
Update to 115.15.0
https://www.thunderbird.net/en-US/thunderbird/115.15.0esr/releasenotes/
mingw-expat-2.6.3-1.fc41
Update to expat-2.6.3.
mingw-expat-2.6.3-1.fc40
Update to expat-2.6.3.
mingw-expat-2.6.3-1.fc39
Update to expat-2.6.3.
clamav-1.0.7-1.fc40
Update to 1.0.7
CVE-2024-20506: Changed the logging module to disable following symlinks on Linux and Unix systems so as to prevent an attacker with existing access to the ‘clamd’ or ‘freshclam’ services from using a symlink to corrupt system files.
CVE-2024-20505: Fixed a possible out-of-bounds read bug in the PDF file parser that could cause a denial-of-service (DoS) condition.
clamav-1.0.7-1.el9
Update to 1.0.7
CVE-2024-20506: Changed the logging module to disable following symlinks on Linux and Unix systems so as to prevent an attacker with existing access to the ‘clamd’ or ‘freshclam’ services from using a symlink to corrupt system files.
CVE-2024-20505: Fixed a possible out-of-bounds read bug in the PDF file parser that could cause a denial-of-service (DoS) condition.
clamav-1.0.7-1.fc41
Update to 1.0.7
CVE-2024-20506: Changed the logging module to disable following symlinks on Linux and Unix systems so as to prevent an attacker with existing access to the ‘clamd’ or ‘freshclam’ services from using a symlink to corrupt system files.
CVE-2024-20505: Fixed a possible out-of-bounds read bug in the PDF file parser that could cause a denial-of-service (DoS) condition.
