USN-6467-2: Kerberos vulnerability

Read Time:23 Second

USN-6467-1 fixed a vulnerability in Kerberos. This update provides the
corresponding update for Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu
23.04.

Original advisory details:

Robert Morris discovered that Kerberos did not properly handle memory
access when processing RPC data through kadmind, which could lead to the
freeing of uninitialized memory. An authenticated remote attacker could
possibly use this issue to cause kadmind to crash, resulting in a denial
of service.

Read More

CVE-2021-4430

Read Time:23 Second

A vulnerability classified as problematic has been found in Ortus Solutions ColdBox Elixir 3.1.6. This affects an unknown part of the file src/defaultConfig.js of the component ENV Variable Handler. The manipulation leads to information disclosure. Upgrading to version 3.1.7 is able to address this issue. The identifier of the patch is a3aa62daea2e44c76d08d1eac63768cd928cd69e. It is recommended to upgrade the affected component. The identifier VDB-244485 was assigned to this vulnerability.

Read More

chromium-119.0.6045.105-1.fc39

Read Time:42 Second

FEDORA-2023-4ce457db98

Packages in this update:

chromium-119.0.6045.105-1.fc39

Update description:

update to 119.0.6045.105. Security fixes:

High CVE-2023-5480: Inappropriate implementation in Payments.
High CVE-2023-5482: Insufficient data validation in USB.
High CVE-2023-5849: Integer overflow in USB.
Medium CVE-2023-5850: Incorrect security UI in Downloads.
Medium CVE-2023-5851: Inappropriate implementation in Downloads.
Medium CVE-2023-5852: Use after free in Printing.
Medium CVE-2023-5853: Incorrect security UI in Downloads.
Medium CVE-2023-5854: Use after free in Profiles.
Medium CVE-2023-5855: Use after free in Reading Mode.
Medium CVE-2023-5856: Use after free in Side Panel.
Medium CVE-2023-5857: Inappropriate implementation in Downloads.
Low CVE-2023-5858: Inappropriate implementation in WebApp Provider.
Low CVE-2023-5859: Incorrect security UI in Picture In Picture.

Read More

chromium-119.0.6045.105-1.el8

Read Time:43 Second

FEDORA-EPEL-2023-6e863522f4

Packages in this update:

chromium-119.0.6045.105-1.el8

Update description:

update to 119.0.6045.105. Security fixes:

High CVE-2023-5480: Inappropriate implementation in Payments.
High CVE-2023-5482: Insufficient data validation in USB.
High CVE-2023-5849: Integer overflow in USB.
Medium CVE-2023-5850: Incorrect security UI in Downloads.
Medium CVE-2023-5851: Inappropriate implementation in Downloads.
Medium CVE-2023-5852: Use after free in Printing.
Medium CVE-2023-5853: Incorrect security UI in Downloads.
Medium CVE-2023-5854: Use after free in Profiles.
Medium CVE-2023-5855: Use after free in Reading Mode.
Medium CVE-2023-5856: Use after free in Side Panel.
Medium CVE-2023-5857: Inappropriate implementation in Downloads.
Low CVE-2023-5858: Inappropriate implementation in WebApp Provider.
Low CVE-2023-5859: Incorrect security UI in Picture In Picture.

Read More

chromium-119.0.6045.105-1.el7

Read Time:43 Second

FEDORA-EPEL-2023-ca644cad1f

Packages in this update:

chromium-119.0.6045.105-1.el7

Update description:

update to 119.0.6045.105. Security fixes:

High CVE-2023-5480: Inappropriate implementation in Payments.
High CVE-2023-5482: Insufficient data validation in USB.
High CVE-2023-5849: Integer overflow in USB.
Medium CVE-2023-5850: Incorrect security UI in Downloads.
Medium CVE-2023-5851: Inappropriate implementation in Downloads.
Medium CVE-2023-5852: Use after free in Printing.
Medium CVE-2023-5853: Incorrect security UI in Downloads.
Medium CVE-2023-5854: Use after free in Profiles.
Medium CVE-2023-5855: Use after free in Reading Mode.
Medium CVE-2023-5856: Use after free in Side Panel.
Medium CVE-2023-5857: Inappropriate implementation in Downloads.
Low CVE-2023-5858: Inappropriate implementation in WebApp Provider.
Low CVE-2023-5859: Incorrect security UI in Picture In Picture.

Read More

chromium-119.0.6045.105-1.fc37

Read Time:42 Second

FEDORA-2023-14b8d5c44f

Packages in this update:

chromium-119.0.6045.105-1.fc37

Update description:

update to 119.0.6045.105. Security fixes:

High CVE-2023-5480: Inappropriate implementation in Payments.
High CVE-2023-5482: Insufficient data validation in USB.
High CVE-2023-5849: Integer overflow in USB.
Medium CVE-2023-5850: Incorrect security UI in Downloads.
Medium CVE-2023-5851: Inappropriate implementation in Downloads.
Medium CVE-2023-5852: Use after free in Printing.
Medium CVE-2023-5853: Incorrect security UI in Downloads.
Medium CVE-2023-5854: Use after free in Profiles.
Medium CVE-2023-5855: Use after free in Reading Mode.
Medium CVE-2023-5856: Use after free in Side Panel.
Medium CVE-2023-5857: Inappropriate implementation in Downloads.
Low CVE-2023-5858: Inappropriate implementation in WebApp Provider.
Low CVE-2023-5859: Incorrect security UI in Picture In Picture.

Read More

chromium-119.0.6045.105-1.el9

Read Time:43 Second

FEDORA-EPEL-2023-14c0898d9a

Packages in this update:

chromium-119.0.6045.105-1.el9

Update description:

update to 119.0.6045.105. Security fixes:

High CVE-2023-5480: Inappropriate implementation in Payments.
High CVE-2023-5482: Insufficient data validation in USB.
High CVE-2023-5849: Integer overflow in USB.
Medium CVE-2023-5850: Incorrect security UI in Downloads.
Medium CVE-2023-5851: Inappropriate implementation in Downloads.
Medium CVE-2023-5852: Use after free in Printing.
Medium CVE-2023-5853: Incorrect security UI in Downloads.
Medium CVE-2023-5854: Use after free in Profiles.
Medium CVE-2023-5855: Use after free in Reading Mode.
Medium CVE-2023-5856: Use after free in Side Panel.
Medium CVE-2023-5857: Inappropriate implementation in Downloads.
Low CVE-2023-5858: Inappropriate implementation in WebApp Provider.
Low CVE-2023-5859: Incorrect security UI in Picture In Picture.

Read More

chromium-119.0.6045.105-1.fc38

Read Time:42 Second

FEDORA-2023-a5dfb908a0

Packages in this update:

chromium-119.0.6045.105-1.fc38

Update description:

update to 119.0.6045.105. Security fixes:

High CVE-2023-5480: Inappropriate implementation in Payments.
High CVE-2023-5482: Insufficient data validation in USB.
High CVE-2023-5849: Integer overflow in USB.
Medium CVE-2023-5850: Incorrect security UI in Downloads.
Medium CVE-2023-5851: Inappropriate implementation in Downloads.
Medium CVE-2023-5852: Use after free in Printing.
Medium CVE-2023-5853: Incorrect security UI in Downloads.
Medium CVE-2023-5854: Use after free in Profiles.
Medium CVE-2023-5855: Use after free in Reading Mode.
Medium CVE-2023-5856: Use after free in Side Panel.
Medium CVE-2023-5857: Inappropriate implementation in Downloads.
Low CVE-2023-5858: Inappropriate implementation in WebApp Provider.
Low CVE-2023-5859: Incorrect security UI in Picture In Picture.

Read More

roundcubemail-1.6.5-1.fc39

Read Time:36 Second

FEDORA-2023-cf584ed77a

Packages in this update:

roundcubemail-1.6.5-1.fc39

Update description:

Release 1.6.5

Fix PHP8 fatal error when parsing a malformed BODYSTRUCTURE (#9171)
Fix duplicated Inbox folder on IMAP servers that do not use Inbox folder with all capital letters (#9166)
Fix PHP warnings (#9174)
Fix UI issue when dealing with an invalid managesieve_default_headers value (#9175)
Fix bug where images attached to application/smil messages weren’t displayed (#8870)
Fix PHP string replacement error in utils/error.php (#9185)
Fix regression where smtp_user did not allow pre/post strings before/after %u placeholder (#9162)
Fix cross-site scripting (XSS) vulnerability in setting Content-Type/Content-Disposition for attachment preview/download

Read More