BLFS-12.1 was released on 2024-03-01
This page is in alphabetical order of packages, and if a package has multiple advisories the newer come first.
The links at the end of each item point to more details which have links to the released books.
In general, the severity is taken from upstream, if supplied, or from NVD (https://nvd.nist.gov/vuln/detail/) if an analysis is available there, but individual severity ratings at NVD can change over time. If no other information is available, 'High' will normally be assumed.
In httpd-2.4.61, eight security vulnerabilities were fixed. 12.1-067
In httpd-2.4.59, three security vulnerabilities were fixed that could allow for denial-of-service and HTTP Response Splitting. One of these vulnerabilities is the "HTTP/2 CONTINUATION attack", and allows for remotely exploitable memory exhaustion. Update to httpd-2.4.59 immediately to protect yourself against the "HTTP/2 CONTINUATION" attack. 12.1-023
In BIND-9.18.28, four security vulnerabilities were fixed that could allow for an attacker to remotely crash the DNS server. Note that this only impacts the server, and not the utilities. One of these vulnerabilities is in the SIG0 support, which was removed entirely in this release. All users who run a publicly accessible DNS server are advised to upgrade to this release as soon as possible. Update to BIND-9.18.28. 12.1-080
In c-ares-1.27.0, a security vulnerability was fixed that could allow for a crash when reading a malformed /etc/resolv.conf, /etc/nsswitch.conf, or HOSTALIASES files. Update to c-ares-1.27.0. 12.1-002
In cryptsetup-2.7.3, a security vulnerability was fixed that could result in a drive being partially decrypted, or cause it's data to be destroyed. Update to cryptsetup-2.7.3. 12.1-065
In CUPS-2.4.9, a security vulnerability was fixed that could allow for privilege escalation and allows for world-writable files in special configurations. If a Listen option in the configuration files point to a symbolic link, CUPS will perform an arbitrary chmod to 0140777 of that location. Update to CUPS-2.4.9 if you use this configuration. 12.1-062
In cURL-8.9.1, a security vulnerability was fixed that could allow for a crash or potentially leaking the contents of heap memory to the application when CURLINFO_CERTINFO is used. Update to cURL-8.9.1 12.1-084
In cURL-8.9.0, a security vulnerability was fixed that could allow for a crash that occurs when a server provides a specially crafted TLS certificate. This occurs in the utf8asn1str() function in the ASN.1 parser. Note that in some circumstances where the malloc implementation does not detect this error, this could potentially allow for remote code execution. Update to cURL-8.9.0. 12.1-081
In cURL-8.7.1, a security vulnerability was fixed that could allow for a crash due to leaked memory after an aborted HTTP/2 server push. Update to cURL-8.7.1. 12.1-015
In Dovecot-2.3.19.1, two security vulnerabilities were fixed that could allow for resource exhaustion when processing large email headers. One of these issues happens when eeeessing very large email headers, while the other issue occurs when there are a large number of Address headers in particular. Update to Dovecot-2.3.19.1. 12.1-093
In Emacs-29.4, a security vulnerability was fixed that could allow for arbitrary shell commands to be run while in Org mode (the built-in email client). There is a public proof of concept available, and this vulnerability is trivial to exploit. If you are using the Org mode in Emacs, you need to update Emacs immediately. Update to Emacs-29.4. 12.1-071
In Emacs-29.3, four security vulnerabilities were fixed that could allow for arbitrary Lisp code execution, arbitrary code execution via displaying a LaTeX preview for email attachments, and for untrusted content to be displayed in Org mode and when processing emails. If you use Emacs for displaying email or use the Org functionality for document editing, formatting, or organizing, you should update to Emacs-29.3 immediately. 12.1-014
In Exiv2-0.28.3, a security vulnerability was fixed that could allow for a denial of service (out-of-bounds read) when parsing the metadata of a crafted ASF video file. Update to Exiv2-0.28.3. 12.1-078
In Firefox-128.1.0esr (or 115.14.0), twelve security vulnerabilities were fixed that could allow for fullscreen notification dialogs to be obscured, remote code execution, information disclosure, sandbox escapes, remotely exploitable crashes, cross-site scrripting, content security policy bypasses, permission bypasses, security prompt obscuring, and for accidental decryption of data (on Sandy Bridge processors). Update to Firefox-128.1.0esr (or 115.14.0). 12.1-086
In Firefox-128.0esr (and 115.13.0esr), several security vulnerabilities were fixed that could alow for remote code execution, user confusion allowing for unauthorized permissions to be granted, moving the cursor outside of the Firefox window, crashes, blocking exit from fullscreen mode, Content Security Policy bypasses, and for cookies to be sent inadvertedly. Update to Firefox-128.0esr (or 115.13.0esr). 12.1-074
In Firefox-115.12.0esr, seven security vulnerabilities were fixed that could allow for potentially exploitable crashes, sandbox restriction bypasses, leakage of external protocol handlers, memory corruption, remote code execution, and cross-origin image leaks. Update to Firefox-115.12.0esr. 12.1-063
In Firefox-115.11.0esr, six security vulnerabilities were fixed that could allow for arbitrary code execution, arbitrary JavaScript execution, potential permissions bypasses, cross-origin reponse leakage, and crashes when saving pages to PDFs. Update to Firefox-115.11.0esr. 12.1-052
In Firefox-115.10.0esr, eight security vulnerabilities were fixed that could allow for arbitrary code execution, remotely exploitable denial of service conditions (using HTTP/2 CONTINUATION frames), remotely exploitable crashes, and clickjacking. Some of these vulnerabilities occur when using the JIT compiler, but one of the vulnerabilities is 32-bit specific and allows for an Integer Overflow when processing a crafted OpenType font. Updating Firefox is recommended due to the HTTP/2 CONTINUATION attack. Update to Firefox-115.10.0esr. 12.1-032
In firefox 115.9.1 one critical vulnerability revealed at this week's pwn2own was fixed. Update to firefox-115.9.1. 12.1-013
In firefox 115.9.0 eight vulnerabilities applicable to linux X86 were fixed. Update to firefox-115.9.0. 12.1-008
In FontForge-20230101, two security vulnerabilities were discovered that could allow for Command Injection via malicious filenames and malicious archives. The vulnerabilities were resolved via modifying the code to use the g_spawn_sync/async() functions instead of the system() functions, which causes commands to not be executed through a shell. Rebuild FontForge with the patch using the instructions in the book. 12.1-028
In gdk-pixbuf-2.42.12, a security vulnerability was fixed that could allow for heap memory corruption (and thus arbitrary code execution or a crash) when processing chunks in a crafted ANI file. ANI files are Animated Cursors for Windows, but can be indexed by Tracker and can be viewed in some applications. Update to gdk-pixbuf-2.42.12. 12.1-042
In ghostscript-10.03.1, five security vulnerabilities were fixed that could allow for crashes, shell injection, and remote code execution when processing PostScript files (including print jobs). Update to ghostscript-10.03.1. 12.1-043
In ghostscript-10.03.0, a security vulnerability was fixed that could allow for arbitrary code execution in the shipped fork of the tesseract library used for OCR. 12.1-006
In giflib-5.2.2, two security vulnerabilities were fixed that could allow for a local attacker to obtain sensitive information and for a crash. These vulnerabilities exist in the DumpScreen2RGB() function in the gif2rgb utility. Update to giflib-5.2.2 if you use the gif2rgb utility. 12.1-001
In git-2.45.0, four security vulnerability were fixed that allowed a maliciously crafted repository execute malicious code at cloning time and create hardlinks to files outside the cloned repository. Update to git-2.45.1 12.1-038
In glib-2.80.2, a security vulnerability was fixed that could allow for unicast spoofing to occur with services that use GDBus. This includes several system services, including NetworkManager and others. This allows for other users of a shared computer to send spoofed D-Bus signals which a GDBus-based client will incorrectly interpret as having been sent by the trusted system service, which will cause incorrect behavior with an application-dependent impact. Update to glib-2.80.2. 12.1-044
In gnutls-3.8.4, two security vulnerabilities were fixed. One fixed a bug where certtool crashed when verifying a certificate chain with more than 16 certificates and the other fixes a side-channel in the deterministic ECDSA. Update to gnutls-3.8.4. 12.1-012
In gst-plugins-base-1.24.3, a security vulnerability was fixed that could allow for a heap-based buffer overflow in the EXIF image tag parser when processing a certain malformed file. This would allow a malicious third party to trigger a crash in the application, as well as achieve code execution through heap manipulation. Update the gstreamer stack to 1.24.3. 12.1-039
In GTK+-3.24.43, a security vulnerability was fixed that could allow for library injection from the current working directory if certain environment variables were set. Update to GTK+-3.24.43. 12.1-073
In idna-3.7, a security vulnerability was fixed that could allow for a specially crafted invalid input to cause an exceptionally large amount of resource consumption, increasing quadratically depending on the complexity of the input. This applies to the idna.encode() function. Update to idna-3.7. 12.1-089
In intel-microcode-20240514, four hardware vulnerabilities are fixed. One of them may allow for a denial of service when using Intel Core Ultra processors that belong to the Meteor Lake platform due to an invalid sequence of processor instructions. Another one of these vulnerabilities allows for information disclosure in certain circumstances due to race conditions in hardware logic. This impacts processors that belong to the Meteor Lake (Intel Core Ultra family) as well as the Alder Lake, Raptor Lake, and Arizona Beach processors. This includes the 12th Generation family of Intel CPUs as well as the 13th Generation, the Intel Core Processor N family, the Pentium Gold Processor Family, and the Atom C Series of processors. The other security vulnerabilities impact Intel Xeon Scalable servers with Trust Domain Extensions support. In this case, an elevation of privileges may occur. Update to intel-microcode-20240514 if your processor is affected. 12.1-045
Intel microcode for some processors has been updated to fix two hardware vulnerabilities which may allow a denial of service via remote access, or an information disclosure via local access. Read 12.1-017 for the list of affected processors and how to update the microcode and the kernel to mitigate the vulnerability.
Intel microcode for some processors has been updated to provide a mitigation for an hardware vulnerability known as RFDS, or Register File Data Sampling, which may allow an information disclosure if the attacker can run code locally. Read 12.1-009 for the list of affected processors and how to update the microcode and the kernel to mitigate the vulnerability.
In libaom-3.9.1, a security vulnerability was fixed that could allow for arbitrary code execution when playing a crafted video file. This is primarily exploitable remotely via web browsers. Update to libaom-3.9.1. 12.1-061
In libarchive-3.7.4, a security vulnerability was fixed that could allow for remote code execution when processing a crafted RAR archive due to an Out-Of-Bounds read. It happens in the RAR e8 filter, and occurs when the archive is decompressed or when it is viewed. Update to libarchive-3.7.4. 12.1-036
In libarchive-3.7.3, a possible security vulnerability was fixed that could allow for command injection via terminal escape sequences when decompressing or viewing an archive. Update to libarchive-3.7.3. 12.1-025
In Libreoffice-24.2.4.2, a security vulnerability was fixed that could allow for unchecked script execution in the Graphics on-click binding. This allows an attacker to create a document which, without prompt, will execute scripts built-into the document when clicking on graphics. Two additional bugs were fixed that could cause crashes. Update to Libreoffice-24.2.4.2. 12.1-059
In libvpx-1.14.1, a security vulnerability was fixed that could allow for integer overflows in the calculations of buffer sizes and offsets when calling vpx_img_alloc() with a large value of the d_w, d_h, or align parameters. This may result in invalid fields being returned in the vpx_image_t struct, and can cause a denial of service or remote code execution. Update to libvpx-1.14.1. 12.1-056
In libxml2-2.13.3, a security vulnerability was fixed that could allow for XML External Entity injection attacks. This was noted in at least one downstream project, but further details aren't available to the public at the time of this advisory. Update to libxml2-2.13.3. 12.1-083
In libxml2-2.12.7, a security vulnerability was fixed that could allow for a buffer over-read when formatting error messages with 'xmllint --htmlout'. Update to libxml2-2.12.7. 12.1-040
In MariaDB-10.11.8, a security vulnerability was fixed that could allow for unauthorized creation, modification, or deletion of data stored in a MySQL instance. Update to MariaDB-10.11.8. 12.1-054
In MIT Kerberos V5 1.21.3, two security vulnerabilities were fixed that could allow for an attacker to modify the plaintext Extra Count field of a confidential GSS token, and for an attacker to cause invalid memory reads during GSS message token handling (by sending messages with invalid length fields). Updating is recommended if you are using the server component. Update to MIT Kerberos V5 1.21.3. 12.1-072
In nghttp2-1.61.0, a security vulnerability was fixed that could allow for an denial-of-service (excessive CPU usage and OOM crash) because nghttp2 continues reading an unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. Update to nghttp2-1.61.0 or later especially if you host a server. 12.1-022
In Node.js-20.12.1, two security vulnerabilities were fixed that could allow for a server crash or bad http requests through obfuscation of content length. Update to Node.js-20.12.1 or later. 12.1-019
In Node.js-20.12.2, a vulnerabilty was fixed where command injection could be performed, so far this is only known to affect Windows hosts. Regardless updating is advised. 12.1-034
In Node.js-20.15.1, three security vulernabilities were fixed that could allow for changing file permissions, reading files users aren't allowed to read, or bypassing the security of the URL bar search parameters. Update to Node.js-20.15.1 or later. 12.1-075
In OpenJDK-22.0.2, five security vulnerabilities were fixed that could allow for unauthorized modification, disclosure, and deletion of data accessible by OpenJDK. Four of these vulnerabilities are present in the Hotspot component, and the other vulnerability is present in the 2D component. All of these are exploitable remotely and without authentication. Update to OpenJDK-22.0.2. 12.1-082
In OpenJDK-22.0.1, four security vulnerabilities were fixed that could allow for a denial of service (application crash) or for unauthorized reading, modification, and deletion of data. These vulnerabilities are all network exploitable with no authentication or user interaction required, and they are in the Hotspot and Networking components. Update to OpenJDK-22.0.1. 12.1-049
In OpenJPEG-2.5.2, a security vulnerability was fixed that could allow for arbitrary code execution with the permissions of the application which uses OpenJPEG. Update to OpenJPEG-2.5.2. 12.1-003
In OpenSSH-9.8p1, a security vulnerability was fixed that could allow for arbitrary code execution with root privilleges bypassing authentication. Update to OpenSSH-9.8p1 or set LoginGraceTime to 0 in /etc/ssh/sshd_config. 12.1-066
In p7zip-17.04, two security vulnerabilities were discovered that could allow for remote code execution via buffer overflows and out-of-bounds reads when processing NTFS volumes. Apply the patch to p7zip as soon as possible if you process NTFS volumes using p7zip. 12.1-094
In PHP-8.3.8, four security vulnerabilities were fixed that could allow for argument injection when using CGI, for a filter bypass in filter_var FILTER_VALIDATE_URL, for a OpenSSL Marvin Attack, and for operating system command injection. The Operating System Command Injection and Argument Injection vulnerabilities are known to be actively exploited, and proof of concept exploits are available to the public. It is recommended that you update PHP immediately if you are running it on a public-facing web server. Update to PHP-8.3.8. 12.1-057
In PHP-8.3.6, three security vulnerabilities were fixed that could allow for insecure cookies to be set and thus a bypass of __Host/__Secure cookies, as well as for an attacker to trivially compromise a victim's account if a password is started with a null byte, and for an infinite loop when using the mb_encode_mimeheader function with certain crafted inputs. If you use PHP to run a website that accepts passwords, you should update immediately. Update to PHP-8.3.6. 12.1-030
In plasma-workspace-6.0.5.1 (and 5.27.11.1), a security vulnerability was fixed that could allow unauthorized connections due to incorrectly allowing connections via ICE on the same host as Plasma is running on. This allows another user on the same machine to gain access to the session manager, and can be exploited to execute arbitrary code execution in the context of the current user on the next logon to the machine. Update to plasma-workspace-6.0.5.1 (or 5.27.11.1). 12.1-055
In PostgreSQL-16.4, a security vulnerability was fixed that could allow for relation replacement during pg_dump, which will execute arbitrary SQL commands. Update to PostgreSQL-16.4 (or 15.8, 14.13, 13.16, or 12.20). 12.1-088
In PostgreSQL-16.3 (as well as 15.7 and 14.12), a security vulnerability was fixed that could allow for an unprivileged database user to read most common values and other statistics from CREATE STATISTICS commands executed by other users. The most common values will reveal column values that the eavesdropped could not otherwise read, or results of functions that they cannot execute. Additional modifications are needed to existing databases. Please see the advisory for more details. Update to PostgreSQL-16.3 (or 15.7 or 14.12) and run the commands at the end of the advisory. 12.1-048
In Python-3.12.4, a security vulnerability was fixed that could allow for incorrect information to be returned about whether certain IPv4 and IPv6 addresses were designated as "globally reachable" or "private". This occured due to inaccurate information from the IANA Special-Purpose Address Registries. Update to Python-3.12.4, or backport the patch if you are using an older version of Python. 12.1-069
In Qt6-6.7.1, two security vulnerabilities were resolved that could allow for stack modification as well as for predictable encryption to occur when using Network Authentication in Qt. Update to Qt-6.7.1. 12.1-046.
In QtWebEngine-6.7.2, seven security vulnerabilities were fixed that could allow for remote code execution. All of these issues occur in the bundled version of Chromium, and happen in the WebRTC, Dawn, Media Session, Streams API, and V8 components within Chromium. Several of these issues are known to be actively exploited, so it is recommended that you update as soon as possible. Update to QtWebEngine-6.7.2. 12.1-070
In QtWebEngine-6.7.1, seventeen security vulnerabilities were fixed that could allow for remote code execution through crafted HTML pages, for a remotely exploitable sandbox escape, for arbitrary reading/writing of files via malicious HTML pages, for remotely exploitable crashes, content security policy bypasses, and for sensitive information disclosure. Several of these vulnerabilities have been exploited in the wild recently and it is recommended that you update to this version of QtWebEngine immediately. If you are still using a Qt5-based version of QtWebEngine, the BLFS team recommends that you migrate to Qt6, the Qt6 version of QtWebEngine, and the latest version of Falkon as soon as possible. Update to QtWebEngine-6.7.1. 12.1-047
In the QtWebEngine-5.15-20240403 snapshot 16 vulnerabilities, of which 2 were rated Critical by NVD, have been fixed. The development books have moved on to Qt6 and the build instructions have changed slightly. Either update to current Qt6, or follow the instructions at 12.1-024
The QtWebengine-6 releases do not provide any summary of bug fixes. The 6.6.3 and 6.7.0 releases each contain a similar set of fixes to security bugs, some of which are rated as Critical. In future, update to the latest version once it is in BLFS. 12.1-026
In Ruby-3.3.1, three security vulnerabilities were fixed that could allow for arbitrary memory address reading and remote code execution. The arbitrary memory reading vulnerabilities occur in StringIO and also in the Regex search functionality. The RCE vulnerability occurs in RDoc. Update to Ruby-3.3.1. 12.1-035
In Samba-4.20.0 a security vulnerability was fixed that could allow for privilege escalation through altering certificates. Update to Samba-4.20.0. 12.1-018
In Seamonkey-2.53.18.2, several security vulnerabilities were fixed that could allow for remotely exploitable crashes, content spoofing, cookie injection, arbitrary code execution, timing attacks, and content security policy bypasses. These are the same vulnerabilities fixed in Firefox and Thunderbird 115.8.0 and 115.9.0. Update to Seamonkey-2.53.18.2. 12.1-027
In Seamonkey-2.53.18.1, several security vulnerabilities were fixed that could allow for remote code execution, exploitable crashes, sandbox escapes, S/MIME signatures being accepted in circumstances where they are not valid, undefined behavior, spoofed messages to be accepted when processing PGP/MIME payloads, HSTS policy bypasses, privilege escalation, phishing, permissions request bypassing, and a crash when listing printers on a system. These vulnerabilities are all identical to those fixed in Firefox/Thunderbird 115.6 and 115.7.0esr. Update to Seamonkey-2.53.18.1. 12.1-005
In SpiderMonkey-115.14.0, a security vulnerability was fixed that could allow for a remotely exploitable crash caused by a use-after-free when unexpected marking work at the start of sweeping during garbage collection occurs. Update to SpiderMonkey-115.14.0. 12.1-085
In SpiderMonkey-115.12.0, a security vulnerability was fixed that could allow for a potentially exploitable crash if garbage collection was triggered at the right time. The vulnerability occurs due to a use-after-free during object transplant. Update to SpiderMonkey-115.12.0. 12.1-064
In SpiderMonkey-115.11.0, a security vulnerability was fixed that could allow for arbitrary code execution when calling the IsDiamondPattern function. Update to SpiderMonkey-115.11.0. 12.1-051
In SpiderMonkey/mozjs-115.10.0, three security vulnerabilities were fixed in the JIT compiler which could allow for GetBoundName to return the wrong object, for crashes after a mis-optimized switch statement, and for incorrect JITting of arguments to lead for crashes during garbage collection. This could allow for unexpected crashes in some applications. Update to SpiderMonkey/mozjs-115.10.0. 12.1-031
In Thunderbird-128.1.0esr, ten security vulnerabilities were fixed that could allow for fullscreen notification dialogs to be obscured, remote code execution, information disclosure, sandbox escapes, remotely exploitable crashes, cross-site scrripting, permission bypasses, and for security prompt obscuring. Update to Thunderbird-128.1.0esr. 12.1-087
In Thunderbird-128.0esr (and 115.13.0esr), several security vulnerabilities were fixed that could alow for remote code execution, user confusion allowing for unauthorized permissions to be granted, moving the cursor outside of the Thunderbird window, crashes, blocking exit from fullscreen mode, Content Security Policy bypasses, and for cookies to be sent inadvertedly. Nore that most of these vulnerabilities only affect HTML mail. Update to Thunderbird-128.0esr (or 115.13.0esr). 12.1-076
In Thunderbird-115.11.0, six security vulnerabilities were fixed that could allow for arbitrary code execution, arbitrary JavaScript execution, potential permissions bypasses, cross-origin reponse leakage, and crashes when saving pages to PDFs. Update to Thunderbird-115.11.0. 12.1-053
In Thunderbird-115.10.0, eight security vulnerabilities were fixed that could allow for arbitrary code execution, remotely exploitable denial of service conditions (using HTTP/2 CONTINUATION frames), remotely exploitable crashes, and clickjacking. Some of these vulnerabilities occur when using the JIT compiler, but one of the vulnerabilities is 32-bit specific and allows for an Integer Overflow when processing a crafted OpenType font. Updating Thunderbird is recommended due to the HTTP/2 CONTINUATION attack, since some HTML mails may use this protocol. Update to Thunderbird-115.10.0. 12.1-032
In Thunderbird-115.9.0, nine security vulnerabilities were fixed that could allow for remote code execution, remotely exploitable crashes, clickjacking (allowing a user to accidentally grant permissions), RSA decryption timing attacks, content security bypasses, and arbitrary code execution. Update to Thunderbird-115.9.0. 12.1-011
In Thunderbird-115.8.1, a security vulnerability was fixed that could allow for leaking an encrypted email subject to another conversation. When this issue occurs, a user might accidentally leak the confidential subject to a third party. Additional steps are required if this subject mixing problem has occurred. Update to Thunderbird-115.8.1 or later and follow the instructions in the security advisory. 12.1-004
In Unbound-1.21.0, three security vulnerabilities were fixed that could allow for DNS Cache Poisoning attacks and remotely exploitable crashes. The DNS Cache Poisoning attack is known as CacheFlush, while the CAMP attack allows for remotely exploitable crashes on most DNS server implementations. Update to Unbound-1.21.0. 12.1-092
In Unbound-1.19.3, a security vulnerability was fixed that could allow an attack to cause a denial of service attack (DoS) exploting a code path that can lead to an infinite loop due to faulty code in the feature that removes EDE records. Update to Unbound-1.19.3. 12.1-007
In urllib3-2.2.2, two security vulnerabilities were fixed that could allow for unintentional information disclosure via the 'Cookie' HTTP header, and for the contents of HTTP request bodies to be unintentionally leaked after redirects. Update to urllib3-2.2.2. 12.1-090
In VLC-3.0.21, a security vulnerability was fixed in it's implementation of the MMS protocol that allows for an integer overflow to occur. When playing a crafted stream, this can allow for a denial-of-service or other impacts such as arbitrary code execution. Update to VLC-3.0.21. 12.1-058
In vorbis-tools-1.4.2, a security vulnerability was discovered that can allow for arbitrary code execution or a denial of service when processing a crafted WAV file and converting it to an OGG using the 'oggenc' command. Rebuild vorbis-tools-1.4.2 with the sed command in the book. 12.1-79
In VTE-0.76.3, a security vulnerability was fixed that allows an attacker to cause a denial of service (memory consumption) issue via a window resize escape sequence. This issue is similar to CVE-2000-0476. Update to VTE-0.76.3. 12.1-060
In WebKitGTK-2.44.3, six security vulnerabilities were fixed that could allow for unexpected process crashes that are remotely exploitable. These issues are mostly due to out-of-bounds reads and use-after-free issues. One issue though allows a remote attacker to potentially exploit heap corruption via a crafted HTML page due to a use-after-free in ANGLE. Update to WebKitGTK-2.44.3. 12.1-095
In WebKitGTK-2.42.2, a security vulnerability was fixed that could allow for an attacker with arbitrary read and write capabilities to bypass Pointer Authentication. The vulnerability was addressed with improved checks, and is known to be exploited in the wild. Update to WebKitGTK-2.42.2. 12.1-050
In Wireshark-4.2.6, a security vulnerability was fixed that could allow for the application to crash when processing a malformed SPRT packet. This can happen while capturing packets on the wire, or when viewing a pcap file. Update to Wireshark-4.2.6. 12.1-077
In Wireshark-4.2.5, three security vulnerabilities were fixed that could allow for infinite loops when processing MONGO and ZigBee TLV packets, as well as for crashes when editing crafted packets using the 'editcap' utility. Update to Wireshark-4.2.5. 12.1-041
In Wireshark 4.2.0 to 4.2.3 and 4.0.0 to 4.0.13 a T.38 dissector crash allows denial of service via packet injection or a crafted capture file. Update to Wireshark-4.2.3. 12.1-016
In Xorg-Server-21.1.12, four security vulnerabilities were fixed that could allow for memory leakage, exploitable crashes (segmentation faults), and arbitrary code execution to occur. On systems where SSH X Forwarding is enabled, this can lead to remote code execution. Update to xorg-server-21.1.13. If you have TigerVNC installed, rebuild it against xorg-server-21.1.13 as well. 12.1-020
In Xwayland-23.2.5, three security vulnerabilities were fixed that could allow for memory leakage, exploitable crashes (segmentation faults), and arbitrary code execution to occur. Update to Xwayland-23.2.6. 12.1-021