FEDORA-2023-567baef490
Packages in this update:
mediawiki-1.38.6-1.fc37
Update description:
https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/6UQBHI5FWLATD7QO7DI4YS54U7XSSLAN/
mediawiki-1.38.6-1.fc37
https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/6UQBHI5FWLATD7QO7DI4YS54U7XSSLAN/
mediawiki-1.39.3-1.fc38
https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/6UQBHI5FWLATD7QO7DI4YS54U7XSSLAN/
ghostwriter-23.03.90-2.fc39
Automatic update for ghostwriter-23.03.90-2.fc39.
* Sat Apr 1 2023 Vitaly Zaitsev <vitaly@easycoding.org> – 23.03.90-2
– Switched to Ninja.
– Explicitly set Release configuration.
– Sorted all BuildRequires by name for better readability.
– Updated bundled libraries versions. Fixes rhbz#2128046.
* Fri Mar 31 2023 Marc Deop i Argemí <marcdeop@fedoraproject.org> – 23.03.90-1
– 23.03.90
kernel-6.2.9-100.fc36
The 6.2.9 stable kernel update contains a number of important fixes across the tree.
kernel-6.2.9-200.fc37
The 6.2.9 stable kernel update contains a number of important fixes across the tree.
kernel-6.2.9-300.fc38
The 6.2.9 stable kernel update contains a number of important fixes across the tree.
USN-5855-2 fixed vulnerabilities in ImageMagick. Unfortunately an additional
mitigation caused a regression. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
It was discovered that ImageMagick incorrectly handled certain PNG images.
If a user or automated system were tricked into opening a specially crafted
PNG file, an attacker could use this issue to cause ImageMagick to stop
responding, resulting in a denial of service, or possibly obtain the
contents of arbitrary files by including them into images.
Improper Input Validation vulnerability in ABB AC500 V2 PM5xx allows Client-Server Protocol Manipulation.This issue affects AC500 V2: from 2.0.0 before 2.8.6.
It was discovered that the System V IPC implementation in the Linux kernel
did not properly handle large shared memory counts. A local attacker could
use this to cause a denial of service (memory exhaustion). (CVE-2021-3669)
It was discovered that a use-after-free vulnerability existed in the SGI
GRU driver in the Linux kernel. A local attacker could possibly use this to
cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2022-3424)
Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux
kernel contained an out-of-bounds write vulnerability. A local attacker
could use this to cause a denial of service (system crash).
(CVE-2022-36280)
Hyunwoo Kim discovered that the DVB Core driver in the Linux kernel did not
properly perform reference counting in some situations, leading to a use-
after-free vulnerability. A local attacker could use this to cause a denial
of service (system crash) or possibly execute arbitrary code.
(CVE-2022-41218)
It was discovered that the network queuing discipline implementation in the
Linux kernel contained a null pointer dereference in some situations. A
local attacker could use this to cause a denial of service (system crash).
(CVE-2022-47929)
José Oliveira and Rodrigo Branco discovered that the prctl syscall
implementation in the Linux kernel did not properly protect against
indirect branch prediction attacks in some situations. A local attacker
could possibly use this to expose sensitive information. (CVE-2023-0045)
It was discovered that a use-after-free vulnerability existed in the
Advanced Linux Sound Architecture (ALSA) subsystem. A local attacker could
use this to cause a denial of service (system crash). (CVE-2023-0266)
Kyle Zeng discovered that the IPv6 implementation in the Linux kernel
contained a NULL pointer dereference vulnerability in certain situations. A
local attacker could use this to cause a denial of service (system crash).
(CVE-2023-0394)
Kyle Zeng discovered that the ATM VC queuing discipline implementation in
the Linux kernel contained a type confusion vulnerability in some
situations. An attacker could use this to cause a denial of service (system
crash). (CVE-2023-23455)
It was discovered that the RNDIS USB driver in the Linux kernel contained
an integer overflow vulnerability. A local attacker with physical access
could plug in a malicious USB device to cause a denial of service (system
crash) or possibly execute arbitrary code. (CVE-2023-23559)
Wei Chen discovered that the DVB USB AZ6027 driver in the Linux kernel
contained a null pointer dereference when handling certain messages from
user space. A local attacker could use this to cause a denial of service
(system crash). (CVE-2023-28328)
seamonkey-2.53.16-1.el7
Update to 2.53.16
Langpacks are now provided in the modern form of web extensions. This may take a bit longer at startup if all languages are enabled at the same time. To avoid this, just disable unneeded languages by Add-ons Manager. (Note, langpacks are related to the language of the application menus etc., and are not related to the Web content at all).