Read Time:1 Second
Post Content
Monthly Archives: January 2024
GLSA 202401-33: WebKitGTK+: Multiple Vulnerabilities
GLSA 202401-31: containerd: Multiple Vulnerabilities
GLSA 202401-30: X.Org X Server, XWayland: Multiple Vulnerabilities
Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution
Read Time:27 Second
Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Successful exploitation of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
python-aiohttp-3.9.3-1.el9
Read Time:15 Second
FEDORA-EPEL-2024-71fad5c9bd
Packages in this update:
python-aiohttp-3.9.3-1.el9
Update description:
Security update for CVE-2024-23334 and CVE-2024-23829
https://github.com/aio-libs/aiohttp/releases/tag/v3.9.2
glibc-2.38-16.fc39
Read Time:39 Second
FEDORA-2024-aec80d6e8a
Packages in this update:
glibc-2.38-16.fc39
Update description:
Security fix for CVE-2023-6246, CVE-2023-6779, and CVE-2023-6780.
CVE-2023-6246: __vsyslog_internal did not handle a case where printing a SYSLOG_HEADER
containing a long program name failed to update the required buffer
size, leading to the allocation and overflow of a too-small buffer on
the heap.
CVE-2023-6779: __vsyslog_internal used the return value of snprintf/vsnprintf to
calculate buffer sizes for memory allocation. If these functions (for
any reason) failed and returned -1, the resulting buffer would be too
small to hold output.
CVE-2023-6780: __vsyslog_internal calculated a buffer size by adding two integers, but
did not first check if the addition would overflow.
glibc-2.37-18.fc38
Read Time:39 Second
FEDORA-2024-07597a0fb3
Packages in this update:
glibc-2.37-18.fc38
Update description:
Security fix for CVE-2023-6246, CVE-2023-6779, and CVE-2023-6780.
CVE-2023-6246: __vsyslog_internal did not handle a case where printing a SYSLOG_HEADER
containing a long program name failed to update the required buffer
size, leading to the allocation and overflow of a too-small buffer on
the heap.
CVE-2023-6779: __vsyslog_internal used the return value of snprintf/vsnprintf to
calculate buffer sizes for memory allocation. If these functions (for
any reason) failed and returned -1, the resulting buffer would be too
small to hold output.
CVE-2023-6780: __vsyslog_internal calculated a buffer size by adding two integers, but
did not first check if the addition would overflow.
python-aiohttp-3.9.3-1.fc38
Read Time:15 Second
FEDORA-2024-0ddda4c691
Packages in this update:
python-aiohttp-3.9.3-1.fc38
Update description:
Security update for CVE-2024-23334 and CVE-2024-23829
https://github.com/aio-libs/aiohttp/releases/tag/v3.9.2
xen-4.17.2-6.fc38
Read Time:17 Second
FEDORA-2024-4b2cf8c375
Packages in this update:
xen-4.17.2-6.fc38
Update description:
arm32: The cache may not be properly cleaned/invalidated (take two)
[XSA-447, CVE-2023-46837]
pci: phantom functions assigned to incorrect contexts [XSA-449,
CVE-2023-46839]
VT-d: Failure to quarantine devices in !HVM build [XSA-450,
CVE-2023-46840]