It was discovered that a specially crafted file system image could cause a
heap-based out-of-bounds write. A local attacker could potentially use this
to perform arbitrary code execution bypass and bypass secure boot
protections. (CVE-2023-4692)

It was discovered that a specially crafted file system image could cause an
out-of-bounds read. A physically-present attacker could possibly use this
to leak sensitive information to the GRUB pager. (CVE-2023-4693)

Read More

FEDORA-2023-06bff5611a

Packages in this update:

libX11-1.8.7-1.fc39

Update description:

libX11 1.8.7, fixes (CVE-2023-43785 to 43789)

Read More

IBM Disconnected Log Collector 1.0 through 1.8.2 is vulnerable to potential security misconfigurations that could disclose unintended information. IBM X-Force ID: 224648.

Read More

A security issue was discovered in Chromium, which could result
in the execution of arbitrary code, denial of service or information
disclosure.

Read More

Post Content

Read More

Post Content

Read More

Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Kopf, and Oleksii
Oleksenko discovered that some AMD processors could leak stale data from
division operations in certain situations. A local attacker could possibly
use this to expose sensitive information. (CVE-2023-20588)

It was discovered that the bluetooth subsystem in the Linux kernel did not
properly handle L2CAP socket release, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-40283)

It was discovered that some network classifier implementations in the Linux
kernel contained use-after-free vulnerabilities. A local attacker could use
this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2023-4128)

Lonial Con discovered that the netfilter subsystem in the Linux kernel
contained a memory leak when handling certain element flush operations. A
local attacker could use this to expose sensitive information (kernel
memory). (CVE-2023-4569)

Read More

FEDORA-2023-2b8c11ee75

Packages in this update:

glibc-2.37-10.fc38

Update description:

Security fix for CVE-2023-4911, CVE-2023-4806, and CVE-2023-4527.

CVE-2023-4911: If a tunable of the form NAME=NAME=VAL is passed in the environment of a setuid program and NAME is valid, it may result in a buffer overflow, which could be exploited to achieve escalated privileges. This flaw was introduced in glibc 2.34.

CVE-2023-4806: When an NSS plugin only implements the _gethostbyname2_r and _getcanonname_r callbacks, getaddrinfo could use memory that was freed during buffer resizing, potentially causing a crash or read or write to arbitrary memory.

CVE-2023-4527: If the system is configured in no-aaaa mode via /etc/resolv.conf, getaddrinfo is called for the AF_UNSPEC address family, and a DNS response is received over TCP that is larger than 2048 bytes, getaddrinfo may potentially disclose stack contents via the returned address data, or crash.

This update contains changes to ELF destructor ordering, improving compatibility with a certain VPN software product.

Read More

FEDORA-2023-028062484e

Packages in this update:

glibc-2.36-14.fc37

Update description:

Security fix for CVE-2023-4911, CVE-2023-4806, and CVE-2023-4527.

CVE-2023-4911: If a tunable of the form NAME=NAME=VAL is passed in the environment of a setuid program and NAME is valid, it may result in a buffer overflow, which could be exploited to achieve escalated privileges. This flaw was introduced in glibc 2.34.

CVE-2023-4806: When an NSS plugin only implements the _gethostbyname2_r and _getcanonname_r callbacks, getaddrinfo could use memory that was freed during buffer resizing, potentially causing a crash or read or write to arbitrary memory.

CVE-2023-4527: If the system is configured in no-aaaa mode via /etc/resolv.conf, getaddrinfo is called for the AF_UNSPEC address family, and a DNS response is received over TCP that is larger than 2048 bytes, getaddrinfo may potentially disclose stack contents via the returned address data, or crash.

Read More

FEDORA-2023-63e5a77522

Packages in this update:

glibc-2.38-6.fc39

Update description:

Security fix for CVE-2023-4911, CVE-2023-4806, and CVE-2023-4527.

CVE-2023-4911: If a tunable of the form NAME=NAME=VAL is passed in the environment of a setuid program and NAME is valid, it may result in a buffer overflow, which could be exploited to achieve escalated privileges. This flaw was introduced in glibc 2.34.

CVE-2023-4806: When an NSS plugin only implements the _gethostbyname2_r and _getcanonname_r callbacks, getaddrinfo could use memory that was freed during buffer resizing, potentially causing a crash or read or write to arbitrary memory.

CVE-2023-4527: If the system is configured in no-aaaa mode via /etc/resolv.conf, getaddrinfo is called for the AF_UNSPEC address family, and a DNS response is received over TCP that is larger than 2048 bytes, getaddrinfo may potentially disclose stack contents via the returned address data, or crash.

Read More