FEDORA-2023-1ed0ec0035

Packages in this update:

open-vm-tools-12.3.0-3.fc37

Update description:

Security fixes for CVE-2023-34058 and CVE-2023-34059

Read More

FEDORA-2023-08e2bb6815

Packages in this update:

open-vm-tools-12.3.0-3.fc38

Update description:

Security fixes for CVE-2023-34058 and CVE-2023-34059

Read More

FEDORA-2023-86a50ffc72

Packages in this update:

open-vm-tools-12.3.0-3.fc39

Update description:

Security fixes for CVE-2023-34058 and CVE-2023-34059

Read More

It was discovered that the IPv6 implementation in the Linux kernel
contained a high rate of hash collisions in connection lookup table. A
remote attacker could use this to cause a denial of service (excessive CPU
consumption). (CVE-2023-1206)

It was discovered that the Broadcom FullMAC USB WiFi driver in the Linux
kernel did not properly perform data buffer size validation in some
situations. A physically proximate attacker could use this to craft a
malicious USB device that when inserted, could cause a denial of service
(system crash) or possibly expose sensitive information. (CVE-2023-1380)

Gwangun Jung discovered that the Quick Fair Queueing scheduler
implementation in the Linux kernel contained an out-of-bounds write
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-31436)

Tanguy Dubroca discovered that the netfilter subsystem in the Linux kernel
did not properly handle certain pointer data type, leading to an out-of-
bounds write vulnerability. A privileged attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2023-35001)

Kyle Zeng discovered that the networking stack implementation in the Linux
kernel did not properly validate skb object size in certain conditions. An
attacker could use this cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2023-42752)

Kyle Zeng discovered that the IPv4 Resource Reservation Protocol (RSVP)
classifier implementation in the Linux kernel contained an out-of-bounds
read vulnerability. A local attacker could use this to cause a denial of
service (system crash). Please note that kernel packet classifier support
for RSVP has been removed to resolve this vulnerability. (CVE-2023-42755)

Budimir Markovic discovered that the qdisc implementation in the Linux
kernel did not properly validate inner classes, leading to a use-after-free
vulnerability. A local user could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-4623)

Read More

FEDORA-2023-862bb40df5

Packages in this update:

mlpack-4.2.1-5.fc39

Update description:

Use RPM macros for python and cmake build directory

Ensure stb_image contains the latest CVE patches

Read More

FEDORA-2023-23c0bd9a45

Packages in this update:

mlpack-4.2.1-5.fc38

Update description:

Use RPM macros for python and cmake build directory

Ensure stb_image contains the latest CVE patches

Read More

FEDORA-2023-dde357b985

Packages in this update:

mlpack-4.2.1-5.fc37

Update description:

Use RPM macros for python and cmake build directory

Ensure stb_image contains the latest CVE patches

Read More

FEDORA-EPEL-2023-44e123cf66

Packages in this update:

mlpack-4.2.1-5.el9

Update description:

Use RPM macros for python and cmake build directory

Ensure stb_image contains the latest CVE patches

Read More

tinyfiledialogs (aka tiny file dialogs) before 3.8.0 allows shell metacharacters in titles, messages, and other input data.

Read More

In NFC, there is a possible way to setup a default contactless payment app without user consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Read More