FEDORA-2024-c6a1d4e0ec
Packages in this update:
firefox-125.0-1.fc40
Update description:
New upstream release (125.0)
firefox-125.0-1.fc40
New upstream release (125.0)
The update of cockpit released in DSA 5655-1 did not correctly built
binary packages due to unit test failures when building against libssh
0.10.6. This update corrects that problem.
Multiple vulnerabilities have been discovered in the Apache HTTP server,
which may result in HTTP response splitting or denial of service.
Here is an overview of the CIS Benchmarks that the Center for Internet Security updated or released for April 2024.
Volunteers in the CIS Benchmarks Communities help those who seek a safer online experience. Learn how Pierluigi Falcone plays his part.
Alexander Kuznetsov discovered that libvirt incorrectly handled certain API
calls. An attacker could possibly use this issue to cause libvirt to crash,
resulting in a denial of service. (CVE-2024-1441)
It was discovered that libvirt incorrectly handled certain RPC library API
calls. An attacker could possibly use this issue to cause libvirt to crash,
resulting in a denial of service. (CVE-2024-2494)
It was discovered that libvirt incorrectly handled detaching certain host
interfaces. An attacker could possibly use this issue to cause libvirt to
crash, resulting in a denial of service. (CVE-2024-2496)
It was discovered that GnuTLS had a timing side-channel when performing
certain ECDSA operations. A remote attacker could possibly use this issue
to recover sensitive information. (CVE-2024-28834)
It was discovered that GnuTLS incorrectly handled verifying certain PEM
bundles. A remote attacker could possibly use this issue to cause GnuTLS to
crash, resulting in a denial of service. This issue only affected Ubuntu
22.04 LTS and Ubuntu 23.10. (CVE-2024-28835)
Several security issues were discovered in the WebKitGTK Web and JavaScript
engines. If a user were tricked into viewing a malicious website, a remote
attacker could exploit a variety of issues related to web browser security,
including cross-site scripting attacks, denial of service attacks, and
arbitrary code execution.
An international team of researchers published the first-ever index ranking countries by cybercrime threat level
Kaspersky also uncovered the use of the SessionGopher script to extract saved passwords