Fix of CVE: CVE-2020-25275, CVE-2020-12100

CVE-2020-12100: Resource exhaustion via deeply nested MIME parts - CVE-2020-25275: Denial of service via mail MIME parsing...

Update of kernel-debug-devel, kernel-devel, python-perf, kernel-debug, perf, kernel, kernel-debug-devel, kernel-headers

...

squid34: Fix of CVE-2023-46724

CVE-2023-46724: Fix validation of certificates with CN=...

java-1.8.0-openjdk: Fix of 7 CVEs

Upgrade to openjdk-shenandoah-jdk8u-shenandoah-jdk8u372-b07. That fixes following CVEs: - CVE-2023-21930: Improper connection handling during TLS handshake 8294474 - CVE-2023-21937: Missing string checks for NULL characters 8296622 - CVE-2023-21938: Incorrect handling of NULL characters in...

vim: Fix of CVE-2023-0049

CVE-2023-0049: fix out-of-bounds read...

Fixed CVEs in vim: CVE-2022-3296, CVE-2022-3324

CVE-2022-3296: check CSFTRY can be found - CVE-2022-3324: make sure the window width does not become negative...

Fixed CVE-2022-41318 in squid34

CVE-2022-41318: Fix buffer-over-read in SSPI and SMB authentication...

Update of python-perf, kernel-firmware, perf, kernel-debug-devel, kernel-devel, kernel-debug-devel, kernel-headers, kernel-firmware, kernel, kernel-debug

...

Fix of CVE: CVE-2020-11868

CVE-2020-11868: incorrect handling of packets from unauthenticated synchronization source with spoofed IP address leads to denial of service...

Update of bind-sdb, bind-libs, bind-devel, bind, bind-utils, bind-chroot

...

java-1.8.0-openjdk: Fix of 8 CVEs

Upgrade to openjdk-shenandoah-jdk8u-shenandoah-jdk8u402-b06. That fixes following CVEs: - CVE-2024-20918: Array out-of-bounds access due to missing range check in C1 compiler - CVE-2024-20919: JVM class file verifier flaw allows unverified bytecode execution - CVE-2024-20921: Range check loop...

kernel: Fix of 13 CVEs

Bluetooth: L2CAP: Fix use-after-free in l2capsockreadycb CVE-2023-40283 - ipv4: igmp: fix refcnt uaf issue when receiving igmp query packet CVE-2023-6932 - smb: client: fix OOB in smbCalcSize CVE-2023-6606 - net/sched: schhfsc: Ensure inner classes have fsc curve CVE-2023-4623 - net/sched: clsfw:...

kernel: Fix of 10 CVEs

openvswitch: fix OOB access in reservesfasize CVE-2022-2639 - xen/blkfront: fix leaking data in shared pages CVE-2022-26365 - Bluetooth: Fix slab-out-of-bounds read in hciextendedinquiryresultevt CVE-2020-36386 - btrfs: only search for leftinfo if there is no rightinfo in trymergefreespace...

Fix of CVE: CVE-2019-18276

CVE-2019-18276: Fix priviledge dropping when running with effective UID not equal to real UID...

Fix of CVE: CVE-2021-3928, CVE-2021-3927

CVE-2021-3927: fix heap-based buffer overflow when reading character past end of line - CVE-2021-3928: fix stack-based buffer overflow when reading uninitialized memory when giving spell suggestions...

Fix of Add fix for CVE-2020-29599

Add fix for CVE-2020-29599...

unixODBC: Fix of CVE-2024-1013

CVE-2024-1013: Fix out-of-bounds stack write issue by adjusting callee write size from 8 to 4 bytes...

Update of tzdata

Upgrade to tzdata-2023c code and data are identical to 2023a - Egypt now uses DST again, from April through October. - This year Morocco springs forward April 23, not April 30. - Palestine delays the start of DST this year. - Much of Greenland still uses DST from 2024 on. - America/Yellowknife...

kernel: Fix of 13 CVEs

Bluetooth: L2CAP: Fix use-after-free in l2capsockreadycb CVE-2023-40283 - ipv4: igmp: fix refcnt uaf issue when receiving igmp query packet CVE-2023-6932 - smb: client: fix OOB in smbCalcSize CVE-2023-6606 - net/sched: schhfsc: Ensure inner classes have fsc curve CVE-2023-4623 - net/sched: clsfw:...

squid34: Fix of 2 CVEs

CVE-2023-49285: Fix date parsing in RFC 1123 to prevent Buffer OverRead - CVE-2023-49286: Fix DoS attack against Helper process management...

libssh2: Fix of CVE-2020-22218

CVE-2020-22218: doing totalnum zero length check...

amanda: Fix of 2 CVEs

CVE-2022-37705: fix tar option filtering - CVE-2023-30577: introduce tar option allow list...

Update of java-1.8.0-openjdk-devel-debug, java-1.8.0-openjdk-src, java-1.8.0-openjdk-headless, java-1.8.0-openjdk, java-1.8.0-openjdk-headless-debug, java-1.8.0-openjdk-demo, java-1.8.0-openjdk-javadoc-debug, java-1.8.0-openjdk-src-debug, java-1.8.0-openjdk-devel, java-1.8.0-openjdk-debug, java-1.8.0-openjdk-demo-debug, java-1.8.0-openjdk-javadoc

...

libksba: Fix of 2 CVEs

CVE-2022-3515: detect a possible overflow directly in the TLV parser - CVE-2022-47629: fix an integer overflow in the CRL signature parser...

binutils: Fix of 3 CVEs

CVE-2022-47673: Fix multiple out of bound reads which may cause a DoS - CVE-2022-47695: Fix NULL pointer segmentation fault which may cause a DoS - CVE-2022-47696: Fix read of unitialized field which may cause a DoS...

sysstat: Fix of 2 CVEs

CVE-2022-39377: fix possible buffer overflow - CVE-2023-33204: fix possible buffer overflow in an incomplete fix for CVE-2022-39377...

vim: Fix of CVE-2022-3591

CVE-2022-3591: disallow navigating to a dummy buffer...

squid: Fix of 2 CVEs

CVE-2023-49285: Fix date parsing in RFC 1123 to prevent Buffer OverRead - CVE-2023-49286: Fix DoS attack against Helper process management...

exim: Fix of CVE-2022-3559

CVE-2022-3559: Fix $regex use-after-free...

vim: Fix of 2 CVEs

CVE-2022-4141: check for text locked in CTRL-W gf - CVE-2022-3520: check that the column does not become negative...

Update of nginx-all-modules, nginx-filesystem, nginx-mod-stream, nginx-mod-http-perl, nginx-mod-http-xslt-filter, nginx-mod-http-geoip, nginx-mod-mail, nginx, nginx-mod-http-image-filter

...

Fix of CVE: CVE-2021-26937

fix CVE-2021-26937...

glibc: Fix of 2 CVEs

CVE-2018-11236: fix stack buffer overflow when realpath input length is close to SSIZEMAX. - CVE-2024-2961: fix out-of-bound writes in ISO-2022-CN-EXT escape sequences...

Update of tzdata

Upgrade to tzdata-2024a - Kazakhstan unifies on UTC+5 beginning 2024-03-01. - Palestine springs forward a week later after Ramadan. - localtime no longer mishandles Ciudad Juárez in 2422. - zic no longer pretends to support indefinite-past DST. - Ittoqqortoormiit, Greenland changes time zones on...

squid: Fix of CVE-2023-46728

CVE-2023-46728: Remove support for Gopher protocol - Enable test-suite...

squid34: Fix of CVE-2023-46728

CVE-2023-46728: Remove support for Gopher protocol...

vim: Fix of CVE-2023-2610

CVE-2023-2610: limit the text length to MAXCOL...

git: Fix of 2 CVEs

CVE-2023-25652: removing a link instead of writing into - CVE-2023-29007: restrict the config file line length to parse it whole - tests were activated - a buffer overflow during reading of configuration's enormous value has been fixed...

Fix of CVE: CVE-2017-6363, CVE-2021-40145

CVE-2021-40145: check for memory allocation errors processing GD2 images - CVE-2017-6363: make sure transparent index is within bounds of the palette...

Update of squid34

...

kernel: Fix of 8 CVEs

blktrace: fix dereference after null check CVE-2019-19768 - blktrace: Protect q-blktrace with RCU CVE-2019-19768 - blktrace: fix unlocked access to init/start-stop/teardown - blktrace: Fix potential deadlock between delete & sysfs ops - net: fix out-of-bounds access in opsinit CVE-2024-36883 -...

vim: Fix of CVE-2023-4733

CVE-2023-4733: verify oldwin pointer after resetVIsual...

Fixed CVE-2021-33582 in cyrus-imapd

CVE-2021-33582: Fix a bad string hashing algorithm which could lead to collisions and cause a CPU denial of service...

Fix of CVE: CVE-2021-3487

CVE-2021-3487: excessive debug section size can cause excessive memory consumption in bfd's dwarf2.c readsection...

squid34: Fix of CVE-2023-46847

CVE-2023-46847: Fix stack buffer overflow when parsing Digest Authorization...

Update of php 5.3: Remove mariadb102 patch to eliminate faulty functionality

Remove mariadb102 patch to eliminate faulty functionality...

kernel: Fix of 13 CVEs

media: uvcvideo: Skip parsing frames of type UVCVSUNDEFINED in uvcparseformat CVE-2024-53104 - btrfs: fix information leak in btrfsioctllogicaltoino CVE-2024-35849 - net: afcan: do not leave a dangling sk pointer in cancreate CVE-2024-56603 - netfilter: xtables: fix LED ID check in ledtgcheck...

perl: Fix of CVE-2020-16156

CVE-2020-16156: recognize CANNOTVERIFY signature verification type...

Update of openssl-static, openssl-perl, openssl-devel, openssl, openssl-devel, openssl

Always check certificates from local root store first...

expat: Fix of 2 CVEs

CVE-2024-45491: Detect integer overflow in dtdCopy on 32-bit platforms - CVE-2024-45492: Detect integer overflow in nextScaffoldPart on 32-bit platforms...