Fedora Linux Distribution - Page 441
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
Fix CVE-2016-10152 (hardcoded DNS fallback) Fix CVE-2016-10151 (weak SUID check) Move package to autosetup Resolves: #1332509 Resolves: #1332494
Updated to release 5.7.1 Security fix for: - CVE-2018-16151 - CVE-2018-16152
**nag 4.2.19** * [mjr] SECURITY: Fix multiple XSS vulnerabilities when displaying and filtering task lists.
- Add upstream fix for improper sanitization of shell-escape codes when lldptool parses a mngAddr TLV (CVE-2018-10932). - Add upstream patch to support DSCP selectors in APP TLVs. This allows configuration of DSCP-based packet prioritization on capable network devices.
- Update to the latest upstream (Firefox 63) - Updated PipeWire support
Fix CVE-2016-10152 (hardcoded DNS fallback) Fix CVE-2016-10151 (weak SUID check) Move package to autosetup Resolves: #1332509 Resolves: #1332494
Fix CVE-2016-10152 (hardcoded DNS fallback) Fix CVE-2016-10151 (weak SUID check) Move package to autosetup Resolves: #1332509 Resolves: #1332494
Release 1.5.3 Security: * Fix CVE-2018-12543. If a message is sent to Mosquitto with a topic that begins with $, but is not $SYS, then an assert that should be unreachable is triggered and Mosquitto will exit. Broker: * Elevate log level to warning for situation when socket limit is hit. * Remove requirement to use `user root` in snap package config files. * Fix retained
Release 1.5.3 Security: * Fix CVE-2018-12543. If a message is sent to Mosquitto with a topic that begins with $, but is not $SYS, then an assert that should be unreachable is triggered and Mosquitto will exit. Broker: * Elevate log level to warning for situation when socket limit is hit. * Remove requirement to use `user root` in snap package config files. * Fix retained
Upstream security update resolving an issue with `git clone --recurse- submodules`. From the [upstream release announcement](https://public-inbox.org/git/This email address is being protected from spambots. You need JavaScript enabled to view it./): > These releases fix a security flaw (CVE-2018-17456), which allowed an > attacker to execute arbitrary code by crafting a malicious .gitmodules > file in a project cloned