Fedora Essential and Critical Security Patch Updates - Page 63
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
upstream security release 122.0.6261.111 High CVE-2024-2173: Out of bounds memory access in V8 High CVE-2024-2174: Inappropriate implementation in V8 High CVE-2024-2176: Use after free in FedCM
Security fix for CVE-2007-4559. Fix tests for XMLPullParser with Expat 2.6.0
Update to 3.3.0 Remove network-scripts subpackage starting from Fedora 40 Backport a simple fix to avoid "SSL db: implementation" test to fail It also indirectly fix CVE-2023-3966 and CVE-2023-5366
iwd 2.16: Fix issue with uninitialized variable and DPP encrypt. Fix issue with Access Point mode and ATTR_MAC validation. Fix issue with Access Point mode and frequency attributes. Fix issue with P2P and handling client info description.
New upstream release with security fixes for CVE-2023-5992 and CVE-2024-1454
Update to 115.8.1 https://www.mozilla.org/en-US/security/advisories/mfsa2024-11/ read that if you have mails with encrypted email subjects https://www.thunderbird.net/en-US/thunderbird/115.8.1/releasenotes/
2267205 - TRIAGE CVE-2024-24246 qpdf - Heap Buffer Overflow vulnerability in qpdf [fedora-all] 2265854 - qpdf-11.9.0 is available
Update to version 1.4.0. This version addresses CVE-2024-1580 (see RHBZ#2264939).
iwd 2.15: Fix issue with notice events for connection timeouts. Fix issue with reason code and deauthenticate event. Fix issue with handling basename() functionality. libell 0.63:
iwd 2.15: Fix issue with notice events for connection timeouts. Fix issue with reason code and deauthenticate event. Fix issue with handling basename() functionality. libell 0.63:
Security fix for CVE-2024-2182 ovn: insufficient validation of BFD packets may lead to denial of service [fedora-all]
Update to 123.0.6312.58 * High CVE-2024-2625: Object lifecycle issue in V8 * Medium CVE-2024-2626: Out of bounds read in Swiftshader * Medium CVE-2024-2627: Use after free in Canvas * Medium CVE-2024-2628: Inappropriate implementation in Downloads
Upgrade to 2.44.0: Make the DOM accessibility tree reachable from UI process with GTK4. Removed the X11 and WPE renderers in favor of DMA-BUF. Improved vblank synchronization when rendering. Removed key event reinjection in GTK4 to make keyboard shortcuts work in web
Update to upstream 1.3.0, and security fixes for CVE-2024-28176 and CVE-2024-28180