The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-20612 http://linux.oracle.com/errata/ELSA-2026-20612.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: gnutls-3.8.10-4.el9_8.i686.rpm gnutls-3.8.10-4.el9_8.x86_64.rpm gnutls-c++-3.8.10-4.el9_8.i686.rpm gnutls-c++-3.8.10-4.el9_8.x86_64.rpm gnutls-dane-3.8.10-4.el9_8.i686.rpm gnutls-dane-3.8.10-4.el9_8.x86_64.rpm gnutls-devel-3.8.10-4.el9_8.i686.rpm gnutls-devel-3.8.10-4.el9_8.x86_64.rpm gnutls-utils-3.8.10-4.el9_8.x86_64.rpm aarch64: gnutls-3.8.10-4.el9_8.aarch64.rpm gnutls-c++-3.8.10-4.el9_8.aarch64.rpm gnutls-dane-3.8.10-4.el9_8.aarch64.rpm gnutls-devel-3.8.10-4.el9_8.aarch64.rpm gnutls-utils-3.8.10-4.el9_8.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates/gnutls-3.8.10-4.el9_8.src.rpm Related CVEs: CVE-2026-3832 CVE-2026-3833 CVE-2026-5260 CVE-2026-5419 CVE-2026-33845 CVE-2026-33846 CVE-2026-42009 CVE-2026-42010 CVE-2026-42011 CVE-2026-42012 CVE-2026-42013 CVE-2026-42014 CVE-2026-42015 Description of changes: [3.8.10-4] - Fix CVE-2026-33846 (DTLS fragment reassembly, High, heap overwrite) - Fix CVE-2026-42009 (DTLS fragment reassembly, High, undefined behaviour) - Fix CVE-2026-33845 (DTLS fragment reassembly, High, heap overread) - Fix CVE-2026-42010 (PSK authentication, High, authentication bypass) - Fix CVE-2026-3833 (Name constraints, Medium, name constraint bypass) - Fix CVE-2026-42011 (Name constraints, Medium, name constraint bypass) - Fix CVE-2026-42012 (CN fallback, Medium, certificate misuse) - Fix CVE-2026-42013 (CN fallback, Medium, certificate misuse) - Fix CVE-2026-42014 (PKCS#11 PIN change, Medium, use-after-free) - Fix CVE-2026-5260 (PKCS#11 RSA, Medium, heap overread) - Fix CVE-2026-42015 (PKCS#12 appending, Low, heap overwrite) - Fix CVE-2026-3832 (OCSP, Low, revocation bypass) - Fix CVE-2026-5419 (PKCS#7, Low, timing side-channel) - Fix upstream security issue #1808(PSK rehandshake) - Fix upstream security issue #1810 (EKU OID prefix match) - Fix upstream security issue #1813 (pkcs11-provider persistent keys) - Fix upstream security issue #1818 (RSA correctness, OpenSSL format import) - Fix upstream security issue #1819 (PKCS#11 trust removal error path) - Fix upstream security issue #1822 (SCT extension parser OOB read) - Fix upstream security issue #1841 (key zeroization in hybrid kex) - Fix upstream security issue #1823 (malformed certtool template) - Fix upstream security issue #1817 (session parameter loading robustness) - Fix upstream security issue #1820 (PKCS#11 KDF succeeding w/o deriving) - gnutls-3.8.10-CVE-2025-9820.patch: update Makefile.in _______________________________________________ El-errata mailing list
New dnsmasq packages are available for Slackware 15.0 and -current to fix a security issue.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] dnsmasq (SSA:2026-155-01) New dnsmasq packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: +--------------------------+ patches/packages/dnsmasq-2.93-i586-1_slack15.0.txz: Upgraded. Rework storage allocation for domain names. This fixes a security bug that can cause heap-overwrite with long domain names. For more information, see: https://www.cve.org/CVERecord?id=CVE-2026-2291 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 15.0: ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/dnsmasq-2.93-i586-1_slack15.0.txz Updated package for Slackware x86_64 15.0: ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/dnsmasq-2.93-x86_64-1_slack15.0.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/dnsmasq-2.93-i686-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/dnsmasq-2.93-x86_64-1.txz MD5 signatures: +-------------+ Slackware 15.0 package: 6c4c2e00903ef7369dcce7d17469ba72 dnsmasq-2.93-i586-1_slack15.0.txz Slackware x86_64 15.0 package: a467649db9898cf052548832221ea939 dnsmasq-2.93-x86_64-1_slack15.0.txz Slackware -current package: 2b95678be475195b96ffdf9b77eab789 n/dnsmasq-2.93-i686-1.txz Slackware x86_64 -current package: 18adfd72ea72c5583f6df4f3a26e9d87 n/dnsmasq-2.93-x86_64-1.txz Installationinstructions: +------------------------+ Upgrade the package as root: # upgradepkg dnsmasq-2.93-i586-1_slack15.0.txz If dnsmasq is running, restart it: # sh /etc/rc.d/rc.dnsmasq restart +-----+ . New dnsmasq packages released for Slackware 15.0 and -current address security issue of heap-overwrite.. dnsmasq packages, Slackware security update, heap-overwrite fix, buffer overflow, dnsmasq version 2.93. . LinuxSecurity.com Team
New gnutls packages are available for Slackware 15.0 and -current to fix a security issue.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] gnutls (SSA:2026-122-02) New gnutls packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: +--------------------------+ patches/packages/gnutls-3.8.13-i586-1_slack15.0.txz: Upgraded. This update fixes a security issue: Add more checks to DTLS reassembly. Previously, gnutls didn't check that DTLS fragments claimed a consistent message_length value. Additionally, a crucial array size check was missing, enabling an attacker to cause a heap overwrite. Reject fragments with mismatching length and add a missing boundary check. Independently reported by Haruto Kimura (Stella), Oscar Reparaz and Zou Dikai. For more information, see: https://www.cve.org/CVERecord?id=CVE-2026-33846 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 15.0: ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/gnutls-3.8.13-i586-1_slack15.0.txz Updated package for Slackware x86_64 15.0: ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/gnutls-3.8.13-x86_64-1_slack15.0.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/gnutls-3.8.13-i686-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/gnutls-3.8.13-x86_64-1.txz MD5 signatures: +-------------+ Slackware 15.0 package: 3a3bb3af6749fde3e3f2cdff9d4d808d gnutls-3.8.13-i586-1_slack15.0.txz Slackware x86_64 15.0package: bcb120c7aa4d40316cf12bfb1ea71602 gnutls-3.8.13-x86_64-1_slack15.0.txz Slackware -current package: 738265af0134c0dc52948633a7c5582a n/gnutls-3.8.13-i686-1.txz Slackware x86_64 -current package: 2d8db9e17516c1fce34aa9eeaa539d88 n/gnutls-3.8.13-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg gnutls-3.8.13-i586-1_slack15.0.txz +-----+ . Critical gnutls security fix for Slackware 15.0 addresses a heap overwrite vulnerability ensuring safer updates.. Slackware Security, gnutls Upgrade, Security Fix. . LinuxSecurity.com Team
An update that solves eight vulnerabilities can now be installed.. # Security update for openssl-3 Announcement ID: SUSE-SU-2026:20349-1 Release Date: 2026-02-12T14:47:59Z Rating: critical References: * bsc#1256830 * bsc#1256834 * bsc#1256835 * bsc#1256836 * bsc#1256837 * bsc#1256838 * bsc#1256839 * bsc#1256840 Cross-References: * CVE-2025-15467 * CVE-2025-68160 * CVE-2025-69418 * CVE-2025-69419 * CVE-2025-69420 * CVE-2025-69421 * CVE-2026-22795 * CVE-2026-22796 CVSS scores: * CVE-2025-15467 ( SUSE ): 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-15467 ( SUSE ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2025-15467 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2025-68160 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-68160 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-68160 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-69418 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-69418 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-69418 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2025-69419 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-69419 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-69419 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2025-69420 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-69420 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-69420 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-69421 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-69421 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-69421 ( NVD ): 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22795 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-22795 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22795 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-22796 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-22796 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * SUSE Linux Micro 6.0 An update that solves eight vulnerabilities can now be installed. ## Description: This update for openssl-3 fixes the following issues: * CVE-2025-15467: Stack buffer overflow in CMS AuthEnvelopedData parsing (bsc#1256830). * CVE-2025-68160: Heap out-of-bounds write in BIO_f_linebuffer on short writes (bsc#1256834). * CVE-2025-69418: Unauthenticated/unencrypted trailing bytes with low-level OCB function calls (bsc#1256835). * CVE-2025-69419: Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion (bsc#1256836). * CVE-2025-69420: Missing ASN1_TYPE validation in TS_RESP_verify_response() function (bsc#1256837). * CVE-2025-69421: NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function (bsc#1256838). * CVE-2026-22795: Missing ASN1_TYPE validation in PKCS#12 parsing (bsc#1256839). * CVE-2026-22796: ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function (bsc#1256840). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-572=1 ## Package List: * SUSE Linux Micro 6.0 (aarch64 s390x x86_64) * libopenssl3-debuginfo-3.1.4-11.1 * openssl-3-debuginfo-3.1.4-11.1 * openssl-3-3.1.4-11.1 * libopenssl-3-devel-3.1.4-11.1 * libopenssl-3-fips-provider-debuginfo-3.1.4-11.1 *openssl-3-debugsource-3.1.4-11.1 * libopenssl3-3.1.4-11.1 * libopenssl-3-fips-provider-3.1.4-11.1 ## References: * https://www.suse.com/security/cve/CVE-2025-15467.html * https://www.suse.com/security/cve/CVE-2025-68160.html * https://www.suse.com/security/cve/CVE-2025-69418.html * https://www.suse.com/security/cve/CVE-2025-69419.html * https://www.suse.com/security/cve/CVE-2025-69420.html * https://www.suse.com/security/cve/CVE-2025-69421.html * https://www.suse.com/security/cve/CVE-2026-22795.html * https://www.suse.com/security/cve/CVE-2026-22796.html * https://bugzilla.suse.com/show_bug.cgi?id=1256830 * https://bugzilla.suse.com/show_bug.cgi?id=1256834 * https://bugzilla.suse.com/show_bug.cgi?id=1256835 * https://bugzilla.suse.com/show_bug.cgi?id=1256836 * https://bugzilla.suse.com/show_bug.cgi?id=1256837 * https://bugzilla.suse.com/show_bug.cgi?id=1256838 * https://bugzilla.suse.com/show_bug.cgi?id=1256839 * https://bugzilla.suse.com/show_bug.cgi?id=1256840 . Critical update for openssl-3 resolves eight high-severity issues affecting SUSE Linux Micro, enhancing security.. openssl security fix, SUSE Linux patch, critical update, vulnerability fix. . LinuxSecurity.com Team
Update to 1.22.7, fixes CVE-2023-37327, CVE-2023-37328, CVE-2023-37329.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2023-0984b63b23 2023-12-25 03:36:41.790176 -------------------------------------------------------------------------------- Name : mingw-gstreamer1-plugins-base Product : Fedora 38 Version : 1.22.7 Release : 1.fc38 URL : https://gstreamer.freedesktop.org/ Summary : Cross compiled GStreamer1 media framework base plug-ins Description : GStreamer is a streaming media framework, based on graphs of filters which operate on media data. Applications using this library can do anything from real-time sound processing to playing videos, and just about anything else media-related. Its plugin-based architecture means that new data types or processing capabilities can be added simply by installing new plug-ins. This package contains a set of well-maintained base plug-ins. -------------------------------------------------------------------------------- Update Information: Update to 1.22.7, fixes CVE-2023-37327, CVE-2023-37328, CVE-2023-37329. -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 15 2023 Sandro Mani - 1.22.7-1 - Update to 1.22.7 * Thu Sep 21 2023 Sandro Mani - 1.22.6-1 - Update to 1.22.6 * Sat Jul 29 2023 Sandro Mani - 1.22.5-1 - Update to 1.22.5 * Thu Jul 20 2023 Fedora Release Engineering - 1.22.4-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild * Tue Jul 4 2023 Sandro Mani - 1.22.4-1 - Update to 1.22.4 * Thu May 25 2023 Sandro Mani - 1.22.3-1 - Update to 1.22.3 * Sat Apr 15 2023 Sandro Mani - 1.22.2-1 - Update to 1.22.2 * Sun Mar 19 2023 Sandro Mani - 1.22.1-1 - Update to 1.22.1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2254680 - CVE-2023-37327 mingw-gstreamer1-plugins-good:gstreamer-plugins-good: integer overflow leading to heap overwrite in FLAC image tag handling [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2254680 [ 2 ] Bug #2254682 - CVE-2023-37328 mingw-gstreamer1-plugins-base: gstreamer-plugins-base: heap overwrite in subtitle parsing [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2254682 [ 3 ] Bug #2254684 - CVE-2023-37329 mingw-gstreamer1-plugins-bad-free: gstreamer-plugins-bad: heap overwrite in PGS subtitle overlay decoder [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2254684 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-0984b63b23' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Update to 1.22.7, fixes CVE-2023-37327, CVE-2023-37328, CVE-2023-37329.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2023-0984b63b23 2023-12-25 03:36:41.790176 -------------------------------------------------------------------------------- Name : mingw-gstreamer1-plugins-good Product : Fedora 38 Version : 1.22.7 Release : 1.fc38 URL : https://gstreamer.freedesktop.org/ Summary : Cross compiled GStreamer1 plug-ins good Description : GStreamer is a streaming media framework, based on graphs of filters which operate on media data. Applications using this library can do anything from real-time sound processing to playing videos, and just about anything else media-related. Its plugin-based architecture means that new data types or processing capabilities can be added simply by installing new plugins. GStreamer Good Plugins is a collection of well-supported plugins of good quality and under the LGPL license. -------------------------------------------------------------------------------- Update Information: Update to 1.22.7, fixes CVE-2023-37327, CVE-2023-37328, CVE-2023-37329. -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 15 2023 Sandro Mani - 1.22.7-1 - Update to 1.22.7 * Thu Sep 21 2023 Sandro Mani - 1.22.6-1 - Update to 1.22.6 * Sat Jul 29 2023 Sandro Mani - 1.22.5-1 - Update to 1.22.5 * Thu Jul 20 2023 Fedora Release Engineering - 1.22.4-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild * Tue Jul 4 2023 Sandro Mani - 1.22.4-1 - Update to 1.22.4 * Thu May 25 2023 Sandro Mani - 1.22.3-1 - Update to 1.22.3 * Sat Apr 15 2023 Sandro Mani - 1.22.2-1 - Update to 1.22.2 * Sun Mar 19 2023 Sandro Mani - 1.22.1-1 - Update to 1.22.1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2254680 - CVE-2023-37327mingw-gstreamer1-plugins-good: gstreamer-plugins-good: integer overflow leading to heap overwrite in FLAC image tag handling [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2254680 [ 2 ] Bug #2254682 - CVE-2023-37328 mingw-gstreamer1-plugins-base: gstreamer-plugins-base: heap overwrite in subtitle parsing [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2254682 [ 3 ] Bug #2254684 - CVE-2023-37329 mingw-gstreamer1-plugins-bad-free: gstreamer-plugins-bad: heap overwrite in PGS subtitle overlay decoder [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2254684 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-0984b63b23' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Update to 1.22.7, fixes CVE-2023-37327, CVE-2023-37328, CVE-2023-37329.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2023-0984b63b23 2023-12-25 03:36:41.790176 -------------------------------------------------------------------------------- Name : mingw-gstreamer1 Product : Fedora 38 Version : 1.22.7 Release : 1.fc38 URL : https://gstreamer.freedesktop.org/ Summary : MinGW Windows Streaming-Media Framework Runtime Description : GStreamer is a streaming-media framework, based on graphs of filters which operate on media data. Applications using this library can do anything from real-time sound processing to playing videos, and just about anything else media-related. Its plug-in-based architecture means that new data types or processing capabilities can be added by installing new plug-ins. -------------------------------------------------------------------------------- Update Information: Update to 1.22.7, fixes CVE-2023-37327, CVE-2023-37328, CVE-2023-37329. -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 15 2023 Sandro Mani - 1.22.7-1 - Update to 1.22.7 * Thu Sep 21 2023 Sandro Mani - 1.22.6-1 - Update to 1.22.6 * Sat Jul 29 2023 Sandro Mani - 1.22.5-1 - Update to 1.22.5 * Thu Jul 20 2023 Fedora Release Engineering - 1.22.4-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild * Tue Jul 4 2023 Sandro Mani - 1.22.4-1 - Update to 1.22.4 * Thu May 25 2023 Sandro Mani - 1.22.3-1 - Update to 1.22.3 * Sat Apr 15 2023 Sandro Mani - 1.22.2-1 - Update to 1.22.2 * Sun Mar 19 2023 Sandro Mani - 1.22.1-1 - Update to 1.22.1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2254680 - CVE-2023-37327 mingw-gstreamer1-plugins-good: gstreamer-plugins-good: integer overflow leading to heap overwrite in FLAC image tag handling[fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2254680 [ 2 ] Bug #2254682 - CVE-2023-37328 mingw-gstreamer1-plugins-base: gstreamer-plugins-base: heap overwrite in subtitle parsing [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2254682 [ 3 ] Bug #2254684 - CVE-2023-37329 mingw-gstreamer1-plugins-bad-free: gstreamer-plugins-bad: heap overwrite in PGS subtitle overlay decoder [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2254684 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-0984b63b23' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
This release fixes a heap buffer overwrite in search_brace() (CVE-2023-40305) and a heap overread in lexi().. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2023-845edc1181 2023-09-15 18:36:13.239410 -------------------------------------------------------------------------------- Name : indent Product : Fedora 39 Version : 2.2.13 Release : 5.fc39 URL : Summary : A GNU program for formatting C code Description : Indent is a GNU program for beautifying C code, so that it is easier to read. Indent can also convert from one C writing style to a different one. Indent understands correct C syntax and tries to handle incorrect C syntax. Install the indent package if you are developing applications in C and you want a program to format your code. -------------------------------------------------------------------------------- Update Information: This release fixes a heap buffer overwrite in search_brace() (CVE-2023-40305) and a heap overread in lexi(). -------------------------------------------------------------------------------- ChangeLog: * Wed Aug 16 2023 Petr Pisar - 2.2.13-5 - Fix a heap overread in search_brace/lexi - Fix CVE-2023-40305 (a heap buffer overwrite in search_brace) (bug #2231919) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2231854 - CVE-2023-40305 indent: heap-based buffer overflow in search_brace() in indent.c https://bugzilla.redhat.com/show_bug.cgi?id=2231854 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-845edc1181' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPGkeys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Get the latest Linux and open source security news straight to your inbox.