FEDORA-2023-cbc688b8ca

Packages in this update:

dotnet6.0-6.0.121-1.fc38
dotnet7.0-7.0.110-1.fc38

Update description:

This is the August 2023 update for .NET 6 and .NET 7.

Release Notes:

7.0 SDK: https://github.com/dotnet/core/blob/main/release-notes/7.0/7.0.10/7.0.110.md
7.0 Runtime: https://github.com/dotnet/core/blob/main/release-notes/7.0/7.0.10/7.0.10.md
6.0 SDK: https://github.com/dotnet/core/blob/main/release-notes/6.0/6.0.21/6.0.121.md
6.0 Runtime: https://github.com/dotnet/core/blob/main/release-notes/6.0/6.0.21/6.0.21.md

Read More

FEDORA-2023-25112489ab

Packages in this update:

dotnet6.0-6.0.121-1.fc37
dotnet7.0-7.0.110-1.fc37

Update description:

This is the August 2023 update for .NET 6 and .NET 7.

Release Notes:

7.0 SDK: https://github.com/dotnet/core/blob/main/release-notes/7.0/7.0.10/7.0.110.md
7.0 Runtime: https://github.com/dotnet/core/blob/main/release-notes/7.0/7.0.10/7.0.10.md
6.0 SDK: https://github.com/dotnet/core/blob/main/release-notes/6.0/6.0.21/6.0.121.md
6.0 Runtime: https://github.com/dotnet/core/blob/main/release-notes/6.0/6.0.21/6.0.21.md

Read More

Ruihan Li discovered that the bluetooth subsystem in the Linux kernel did
not properly perform permissions checks when handling HCI sockets. A
physically proximate attacker could use this to cause a denial of service
(bluetooth communication). (CVE-2023-2002)

Zheng Zhang discovered that the device-mapper implementation in the Linux
kernel did not properly handle locking during table_clear() operations. A
local attacker could use this to cause a denial of service (kernel
deadlock). (CVE-2023-2269)

It was discovered that the Ricoh R5C592 MemoryStick card reader driver in
the Linux kernel contained a race condition during module unload, leading
to a use-after-free vulnerability. A local attacker could use this to cause
a denial of service (system crash) or possibly execute arbitrary code.
(CVE-2023-3141)

Quentin Minster discovered that the KSMBD implementation in the Linux
kernel did not properly validate pointers in some situations, leading to a
null pointer dereference vulnerability. A remote attacker could use this to
cause a denial of service (system crash). (CVE-2023-32248)

Quentin Minster discovered that a race condition existed in the KSMBD
implementation in the Linux kernel, leading to a use-after-free
vulnerability. A remote attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code. (CVE-2023-32254)

It was discovered that the kernel->user space relay implementation in the
Linux kernel did not properly perform certain buffer calculations, leading
to an out-of-bounds read vulnerability. A local attacker could use this to
cause a denial of service (system crash) or expose sensitive information
(kernel memory). (CVE-2023-3268)

It was discovered that the QCOM CPUFreq HW driver in the Linux kernel on
ARM processors did not properly handle device unbind. A local attacker
could use this to cause a denial of service (system crash). (CVE-2023-3312)

It was discovered that the MediaTek MT7921E (PCIe) WiFi driver in the Linux
kernel contained a use-after-free vulnerability when querying the firmware
features of the device. A local attacker could use this to cause a denial
of service (system crash). (CVE-2023-3317)

It was discovered that the video4linux driver for Philips based TV cards in
the Linux kernel contained a race condition during device removal, leading
to a use-after-free vulnerability. A physically proximate attacker could
use this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2023-35823)

It was discovered that the SDMC DM1105 PCI device driver in the Linux
kernel contained a race condition during device removal, leading to a use-
after-free vulnerability. A physically proximate attacker could use this to
cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2023-35824)

It was discovered that the Allwinner Cedar video engine driver in the Linux
kernel contained a race condition during device removal, leading to a use-
after-free vulnerability. A privileged attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2023-35826)

It was discovered that the Renesas USB controller driver in the Linux
kernel contained a race condition during device removal, leading to a use-
after-free vulnerability. A privileged attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2023-35828)

It was discovered that the Rockchip Video Decoder IP driver in the Linux
kernel contained a race condition during device removal, leading to a use-
after-free vulnerability. A privileged attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2023-35829)

Read More

An issue was discovered in attach parameter in GNOME Gmail version 2.5.4, allows remote attackers to gain sensitive information via crafted “mailto” link.

Read More

Cross Site Scripting (XSS) vulnerability in backend/pages/modify.php in Lepton-CMS version 4.7.0, allows remote attackers to execute arbitrary code.

Read More

Plaintext Password vulnerability in AddAdmin.py in cms-dev/cms v1.4.rc1, allows attackers to gain sensitive information via audit logs.

Read More

Buffer Overflow vulnerability in jfif_decode() function in rockcarry ffjpeg through version 1.0.0, allows local attackers to execute arbitrary code due to an issue with ALIGN.

Read More

An issue was discovered in GetByte function in miniupnp ngiflib version 0.4, allows local attackers to cause a denial of service (DoS) via crafted .gif file (infinite loop).

Read More