chromium-122.0.6261.57-1.fc39

Read Time:29 Second

FEDORA-2024-4adf990562

Packages in this update:

chromium-122.0.6261.57-1.fc39

Update description:

update to 122.0.6261.57

High CVE-2024-1669: Out of bounds memory access in Blink
High CVE-2024-1670: Use after free in Mojo
Medium CVE-2024-1671: Inappropriate implementation in Site Isolation
Medium CVE-2024-1672: Inappropriate implementation in Content Security Policy
Medium CVE-2024-1673: Use after free in Accessibility
Medium CVE-2024-1674: Inappropriate implementation in Navigation
Medium CVE-2024-1675: Insufficient policy enforcement in Download
Low CVE-2024-1676: Inappropriate implementation in Navigation

Read More

Multiple Vulnerabilities in Mozilla Products Could Allow for Arbitrary Code Execution

Read Time:36 Second

Multiple vulnerabilities have been discovered in Mozilla products, the most severe of which could allow for arbitrary code execution.

Mozilla Firefox is a web browser used to access the Internet.
Mozilla Firefox ESR is a version of the web browser intended to be deployed in large organizations.
Mozilla Thunderbird is an email client.

Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Read More

USN-6647-1: Linux kernel vulnerabilities

Read Time:42 Second

It was discovered that a race condition existed in the ATM (Asynchronous
Transfer Mode) subsystem of the Linux kernel, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-51780)

It was discovered that a race condition existed in the Rose X.25 protocol
implementation in the Linux kernel, leading to a use-after- free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-51782)

It was discovered that the netfilter connection tracker for netlink in the
Linux kernel did not properly perform reference counting in some error
conditions. A local attacker could possibly use this to cause a denial of
service (memory exhaustion). (CVE-2023-7192)

Read More