Fedora Linux Distribution - Page 452
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
Update to 6.6. ---- Version 6.5 - address CVE-2018-10773, CVE-2018-10774, CVE-2018-10775 - fix injection of Fedora LDFLAGS
Update zziplib to 0.13.69 version, fixes all known CVEs for the package.
Security critical patch update for OpenJDK (July CPU). See https://www.oracle.com/security-alerts/cpujul2018.html
Security critical patch update for OpenJDK (July CPU). See https://www.oracle.com/security-alerts/cpujul2018.html
# New upstream release 2.3 Fixes possible tag truncation security bug in AEAD API, see RHBZ#1602752 ## 2.3 - 2018-07-18 * SECURITY ISSUE: finalize_with_tag() allowed tag truncation by default which can allow tag forgery in some cases. The method now enforces the min_tag_length provided to the GCM constructor. * Added support for Python 3.7. * Added extract_timestamp()
New version 2.6.2. Security fix for CVE-2018-14339, CVE-2018-14340, CVE-2018-14341, CVE-2018-14342, CVE-2018-14343, CVE-2018-14344, CVE-2018-14367, CVE-2018-14368, CVE-2018-14369, CVE-2018-14370.
Security critical patch update for OpenJDK (July CPU). See https://www.oracle.com/security-alerts/cpujul2018.html
Fix for CVE-2018-13785: the libpng10 library was vulnerable to an integer overflow and resultant divide-by-zero in the pngrutil.c:png_check_chunk_length() function. An attacker could exploit this to cause a denial of service via a crafted PNG file.
Fix for CVE-2018-13785: the libpng10 library was vulnerable to an integer overflow and resultant divide-by-zero in the pngrutil.c:png_check_chunk_length() function. An attacker could exploit this to cause a denial of service via a crafted PNG file.
Security critical patch update for OpenJDK (July CPU). See http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html#AppendixJAVA
**PHP version 7.2.8** (19 Jul 2018) **Core:** * Fixed bug php#76534 (PHP hangs on 'illegal string offset on string references with an error handler). (Laruence) * Fixed bug php#76520 (Object creation leaks memory when executed over HTTP). (Nikita) * Fixed bug php#76502 (Chain of mixed exceptions and errors does not serialize properly). (Nikita) **Date:** * Fixed bug php#76462
Fixes **CVE-2017-11332**, **CVE-2017-11358**, and **CVE-2017-11359**. ---- **Prevents division by zero in `src/ao.c`** This bug is hard to reproduce, depending on the HW configuration or installed OS parts. For me, it can be reproduced only in `mock`. In this update, error message should be displayed instead of SIGFPE.
**PHP version 7.1.20** (19 Jul 2018) **Core:** * Fixed bug php#76534 (PHP hangs on 'illegal string offset on string references with an error handler). (Laruence) * Fixed bug php#76502 (Chain of mixed exceptions and errors does not serialize properly). (Nikita) **Date:** * Fixed bug php#76462 (Undefined property: DateInterval::$f). (Anatol) **exif:** * Fixed bug php#76423 (Int
Update to 1.2.6 to fix a local authenticated privilege escalation bug (CVE-2018-10900). The issue has been discovered and responsibly disclosed by Denis Andzakovic: https://pulsesecurity.co.nz/advisories/NM-VPNC-Privesc
This update includes the latest upstream release, **httpd 2.4.34**, with multiple bug fixes and enhancements. See for more information on the changes in this version. A security vulnerability is addressed in this update: * `mod_md`: DoS via Coredumps on specially crafted requests (CVE-2018-8011)
New version of dcraw is available 9.28.0 Security fix for CVE-2018-5801
Update to 1.2.6 to fix a local authenticated privilege escalation bug (CVE-2018-10900). The issue has been discovered and responsibly disclosed by Denis Andzakovic: https://pulsesecurity.co.nz/advisories/NM-VPNC-Privesc