Read Time:4 Second
Cycode stressed securing software supply chains amid complex dependencies and third-party actions
Daily Archives: February 1, 2024
freerdp-2.11.5-1.fc38
Read Time:6 Second
FEDORA-2024-f294ddb7fb
Packages in this update:
freerdp-2.11.5-1.fc38
Update description:
Update to 2.11.5
freerdp-2.11.5-1.fc39
Read Time:6 Second
FEDORA-2024-01689e51e5
Packages in this update:
freerdp-2.11.5-1.fc39
Update description:
Update to 2.11.5
runc-1.1.12-1.fc38
Read Time:6 Second
FEDORA-2024-9044c9eefa
Packages in this update:
runc-1.1.12-1.fc38
Update description:
Security fix for CVE-2024-21626
kernel-6.7.3-100.fc38 kernel-headers-6.7.3-100.fc38
Read Time:13 Second
FEDORA-2024-cf47b35a6c
Packages in this update:
kernel-6.7.3-100.fc38
kernel-headers-6.7.3-100.fc38
Update description:
The 6.7.3 stable kernel rebase contains new features, improved hardware support, and a number of important fixes across the tree.
kernel-6.7.3-200.fc39 kernel-headers-6.7.3-200.fc39
Read Time:13 Second
FEDORA-2024-2116a8468b
Packages in this update:
kernel-6.7.3-200.fc39
kernel-headers-6.7.3-200.fc39
Update description:
The 6.7.3 stable kernel rebase contains new features, improved hardware support, and a number of important fixes across the tree.
runc-1.1.12-1.fc39
Read Time:6 Second
FEDORA-2024-900dc7f6ff
Packages in this update:
runc-1.1.12-1.fc39
Update description:
security fix for CVE-2024-21626
USN-6587-4: X.Org X Server regression
Read Time:1 Minute, 22 Second
USN-6587-1 fixed vulnerabilities in X.Org X Server. The fix was incomplete
resulting in a possible regression. This update fixes the problem.
Original advisory details:
Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled
memory when processing the DeviceFocusEvent and ProcXIQueryPointer APIs. An
attacker could possibly use this issue to cause the X Server to crash,
obtain sensitive information, or execute arbitrary code. (CVE-2023-6816)
Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled
reattaching to a different master device. An attacker could use this issue
to cause the X Server to crash, leading to a denial of service, or possibly
execute arbitrary code. (CVE-2024-0229)
Olivier Fourdan and Donn Seeley discovered that the X.Org X Server
incorrectly labeled GLX PBuffers when used with SELinux. An attacker could
use this issue to cause the X Server to crash, leading to a denial of
service. (CVE-2024-0408)
Olivier Fourdan discovered that the X.Org X Server incorrectly handled
the curser code when used with SELinux. An attacker could use this issue to
cause the X Server to crash, leading to a denial of service.
(CVE-2024-0409)
Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled
memory when processing the XISendDeviceHierarchyEvent API. An attacker
could possibly use this issue to cause the X Server to crash, or execute
arbitrary code. (CVE-2024-21885)
Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled
devices being disabled. An attacker could possibly use this issue to cause
the X Server to crash, or execute arbitrary code. (CVE-2024-21886)
USN-6620-1: GNU C Library vulnerabilities
Read Time:9 Second
It was discovered that the GNU C Library incorrectly handled the syslog()
function call. A local attacker could use this issue to execute arbitrary
code and possibly escalate privileges.
US Thwarts Volt Typhoon Cyber Espionage Campaign Through Router Disruption
Read Time:6 Second
US government agencies took down the botnet of Chinese APT Volt Typhoon, used to target critical infrastructure for nation-state espionage