Security Fixes 11.09.260 | IGEL Knowledge Base

Firefox

Updated Mozilla Firefox to 115.7 ESR
Fixes for mfsa2024-02, also known as:
CVE-2024-0741, CVE-2024-0742, CVE-2024-0746, CVE-2024-0747, CVE-2024-0749, CVE-2024-0750, CVE-2024-0751, CVE-2024-0753, CVE-2024-0755.
Fixes for mfsa2023-54, also known as:
CVE-2023-6856, CVE-2023-6865, CVE-2023-6857, CVE-2023-6858, CVE-2023-6859, CVE-2023-6860, CVE-2023-6867, CVE-2023-6861, CVE-2023-6862, CVE-2023-6863, CVE-2023-6864.
Fixes for mfsa2023-50, also known as:
CVE-2023-6204, CVE-2023-6205, CVE-2023-6206, CVE-2023-6207, CVE-2023-6208, CVE-2023-6209, CVE-2023-6212.

Base system

Updated ca-certificates to version 20240203.
Fixed a privilege escalation in setup_cmd utility.
Fixed bluez security issue CVE-2023-45866.
Fixed pam security issue CVE-2024-22365.
Fixed xorg-server security issues CVE-2024-21886, CVE-2024-21885, CVE-2024-0409, CVE-2024-0408, CVE-2024-0229 and CVE-2023-6816.
Fixed gnutls28 security issues CVE-2024-0567 and CVE-2024-0553.
Fixed openldap security issue CVE-2023-2953.
Fixed openssl security issues CVE-2024-0727, CVE-2023-6237, CVE-2023-6129 and CVE-2023-5678.
Fixed xerces-c security issues CVE-2023-37536 and CVE-2018-1311.
Fixed mysql-8.0 security issues CVE-2024-20985, CVE-2024-20984, CVE-2024-20983, CVE-2024-20982, CVE-2024-20981, CVE-2024-20978, CVE-2024-20977, CVE-2024-20976, CVE-2024-20974, CVE-2024-20973, CVE-2024-20972, CVE-2024-20971, CVE-2024-20970, CVE-2024-20969, CVE-2024-20967, CVE-2024-20966, CVE-2024-20965, CVE-2024-20964, CVE-2024-20963, CVE-2024-20962, CVE-2024-20961 and CVE-2024-20960.
Fixed paramiko security issue CVE-2023-48795.
Fixed pillow security issues CVE-2023-50447 and CVE-2023-44271.
Fixed pycryptodome security issue CVE-2023-52323.
Fixed qtbase-opensource-src security issue CVE-2023-51714.
Fixed qemu security issues CVE-2023-6693 and CVE-2023-6683.
Fixed zulu17-ca security issues CVE-2024-20932, CVE-2024-20926, CVE-2024-20925, CVE-2024-20923, CVE-2024-20922, CVE-2024-20918, CVE-2024-20952, CVE-2024-20945, CVE-2024-20921 and CVE-2024-20919.
Fixed curl security issue CVE-2024-0853.
Fixed expat security issues CVE-2023-52426 and CVE-2023-52425.
Fixed webkit2gtk security issues CVE-2024-23222, CVE-2024-23213, CVE-2024-23206, CVE-2023-42833, CVE-2023-40414 and CVE-2014-1745.
Fixed libde265 security issues CVE-2022-43253, CVE-2022-43252, CVE-2022-43248, CVE-2022-43243, CVE-2022-43242, CVE-2022-43241, CVE-2022-43240, CVE-2022-43239, CVE-2022-43238, CVE-2022-43237, CVE-2022-43236, CVE-2022-43235, CVE-2022-1253, CVE-2021-36411, CVE-2021-36410, CVE-2021-36409, CVE-2021-36408 and CVE-2021-35452.
Fixed gst-plugins-bad1.0 security issues CVE-2024-0444, CVE-2023-44446, CVE-2023-44429, CVE-2023-40476, CVE-2023-40475 and CVE-2023-40474.
Fixed bind9 security issues CVE-2023-5679, CVE-2023-5517, CVE-2023-50868, CVE-2023-50387 and CVE-2023-4408.
Fixed shadow security issue CVE-2023-4641.
Fixed qtbase-opensource-src security issue CVE-2024-25580.
Fixed libde265 security issues CVE-2023-25221, CVE-2023-24758, CVE-2023-24757, CVE-2023-24756, CVE-2023-24755, CVE-2023-24754, CVE-2023-24752, CVE-2023-24751, CVE-2022-47665, CVE-2022-43250, CVE-2022-43249, CVE-2022-43245 and CVE-2022-43244.
Fixed libpq5 security issue CVE-2024-0985.
Fixed libtiff5 security issues CVE-2023-6228, CVE-2023-6277 and CVE-2023-52356.
Fixed dnsmasq security issues CVE-2023-50868 and CVE-2023-50387.
Fixed python-cryptography security issue CVE-2023-50782.
Fixed less security issue CVE-2022-48624.
Fixed libuv1 security issue CVE-2024-24806.
Fixed libssh1.1 security issues 2023-3446 and CVE-2023-3817.