Fedora Linux Distribution
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
Updates the nss family of packages to upstream NSPR 4.20 and NSS 3.39. For details about new functionality and a list of bugs fixed in this release please see the upstream release notes
The 4.18.7 update contains a number of important fixes across the tree
- fix two security issues in shebang line parsing (CVE-2018-0502 CVE-2018-13259)
- New upstream Firefox version (62.0) - More info at https://www.mozilla.org/en-US/firefox/62.0/releasenotes/ ---- This update fixes problems with file opening associations.
Update zziplib to fix all known CVEs in Fedora 27
4.1.4 GA Security Fix for CVE-2018-10904 Security Fix for CVE-2018-10907 Security Fix for CVE-2018-10911 Security Fix for CVE-2018-10913 Security Fix for CVE-2018-10914 Security Fix for CVE-2018-10923 Security Fix for CVE-2018-10926 Security Fix for CVE-2018-10927 Security Fix for CVE-2018-10928 Security Fix for CVE-2018-10929 Security Fix for CVE-2018-10930 ---- missing
- fix two security issues in shebang line parsing (CVE-2018-0502 CVE-2018-13259)
**MySQL 5.7.23** Release notes https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-23.html CVEs fixed CVE-2018-2767 CVE-2018-3056 CVE-2018-3058 CVE-2018-3060 CVE-2018-3061 CVE-2018-3062 CVE-2018-3064 CVE-2018-3065 CVE-2018-3066 CVE-2018-3070 CVE-2018-3071 CVE-2018-3077 CVE-2018-3081
**Security update: Godot 3.0.6** This update brings the latest upstream release of Godot Engine, with several bug fixes and improvements applied on top of Godot 3.0.4. This release is compatible with previous Godot 3.0.x versions and should load existing projects without issue. Version 3.0.6 also fixes the following security vulnerabilities: Fabio Alessandrelli found and fixed several security
This is a security release fixing out-of-bounds reads when processing smart- protocol "ng" packets. When parsing an "ng" packet, we keep track of both the current position as well as the remaining length of the packet itself. But instead of taking care not to exceed the length, we pass the current pointer's position to strchr, which will search for a certain character until hitting NUL.
rebase to 8.37.0 ---------------------- - few fixes and enhancements handling journal input - now requires librelp at least 1.2.16, adding support for setting address to bind - various other rsyslog core bugfixes and stability fixes