Fedora Essential and Critical Security Patch Updates - Page 54
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
Security fixes for CVE-2024-27351 Potential regular expression DOS in django.utils.text.Truncator.words() CVE-2024-24680 denial-of-service in intcomma template filter CVE-2023-43665 Denial-of-service possibility in django.utils.text.Truncator
fix CONTINUATION frames DoS (CVE-2024-28182)
This update includes several bug fixes from the upstream glibc release branch, including a fix for CVE-2024-2961.
Update llhttp to 9.2.1, fixing CVE-2024-27982. Additionally, llhttp 9.2.0 contained a number of bug fixes. Backport llhttp 9.2.1 support to python-aiohttp 3.9.3.
Update llhttp to 9.2.1, fixing CVE-2024-27982. Additionally, llhttp 9.2.0 contained a number of bug fixes. Backport llhttp 9.2.1 support to python-aiohttp 3.9.3.
2024-04-10, Version 18.20.2 'Hydrogen' (LTS), @RafaelGSS This is a security release. Notable Changes CVE-2024-27980 - Command injection via args parameter of child_process.spawn without shell option enabled on Windows
fix CONTINUATION frames DoS (CVE-2024-28182)
This update includes httpd version 2.4.59, fixing various security issues and bugs. See https://downloads.apache.org/httpd/CHANGES_2.4.59 for complete details of the changes in this release.
New upstream release (125.0) New upstream release (124.0.2)
update to 123.0.6312.122 * High CVE-2024-3157: Out of bounds write in Compositing * High CVE-2024-3516: Heap buffer overflow in ANGLE * High CVE-2024-3515: Use after free in Dawn update to 123.0.6312.105
Update llhttp to 9.2.1, fixing CVE-2024-27982. Backport llhttp 9.2.1 support to python-aiohttp 3.9.3.
2024-04-10, Version 18.20.2 'Hydrogen' (LTS), @RafaelGSS This is a security release. Notable Changes CVE-2024-27980 - Command injection via args parameter of child_process.spawn without shell option enabled on Windows
Update to 0.29 - Fixes 'clipbrowse command execution with multi-line clipboard text including "| sh"'
Security fix for CVE-2024-24576 (Windows command injection)
PHP version 8.3.6 (11 Apr 2024) Core: Fixed GH-13569 (GC buffer unnecessarily grows up to GC_MAX_BUF_SIZE when scanning WeakMaps). (Arnaud) Fixed bug GH-13612 (Corrupted memory in destructor with weak references).
Update to 0.9.0; fix rhbz#2274045 and rhbz#2266791; Security fix for CVE-2024-25713
New version 4.2.4. Includes a fix for CVE-2024-2955
Update to latest upstream release (closes rhbz#2261550, closes rhbz#2245361)
This update includes several bug fixes from the upstream glibc release branch, including the fix for a buffer overflow in iconv when converting to the ISO-2022-CN-EXT character set (CVE-2024-2961, RHBZ#2275855).
Rebase gnutls to version 3.8.5 Rebase gnutls to version 3.8.4 - contains fixes for CVE-2024-28834 and CVE-2024-28835 Automatic update for gnutls-3.8.3-3.fc40.