Security issues were discovered in Chromium, which could result
in the execution of arbitrary code, denial of service or information
disclosure.
Monthly Archives: April 2024
Smashing Security podcast #367: WhatsApp at Westminster, unhealthy AI, and Drew Barrymore
MPs aren’t just getting excited about an upcoming election, but also the fruity WhatsApp messages they’re receiving, can we trust AI with our health, and who on earth is pretending to be a producer for the Drew Barrymore TV show?
All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by John Hawes.
Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution
Multiple vulnerabilities have been discovered in Google Chrome, which could allow for arbitrary code execution. Successful exploitation of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
kernel-6.8.5-100.fc38
FEDORA-2024-a56a47ef1b
Packages in this update:
kernel-6.8.5-100.fc38
Update description:
The 6.8.5 stable kernel update contains a number of important fixes across the tree.
kernel-6.8.5-200.fc39
FEDORA-2024-33a9ea72d1
Packages in this update:
kernel-6.8.5-200.fc39
Update description:
The 6.8.5 stable kernel update contains a number of important fixes across the tree.
kernel-6.8.5-300.fc40
FEDORA-2024-6d35739db7
Packages in this update:
kernel-6.8.5-300.fc40
Update description:
The 6.8.5 stable kernel update contains a number of important fixes across the tree.
xen-4.17.4-1.fc38
FEDORA-2024-a676697123
Packages in this update:
xen-4.17.4-1.fc38
Update description:
x86: Native Branch History Injection [XSA-456, CVE-2024-2201]
update to xen 4.17.4, remove patches now included upstream
rebase xen.gcc12.fixes.patch
x86 HVM hypercalls may trigger Xen bug check [XSA-454, CVE-2023-46842]
x86: Incorrect logic for BTC/SRSO mitigations [XSA-455, CVE-2024-31142]
USN-6728-1: Squid vulnerabilities
Joshua Rogers discovered that Squid incorrectly handled collapsed
forwarding. A remote attacker could possibly use this issue to cause Squid
to crash, resulting in a denial of service. This issue only affected Ubuntu
20.04 LTS and Ubuntu 22.04 LTS. (CVE-2023-49288)
Joshua Rogers discovered that Squid incorrectly handled certain structural
elements. A remote attacker could possibly use this issue to cause Squid to
crash, resulting in a denial of service. (CVE-2023-5824)
Joshua Rogers discovered that Squid incorrectly handled Cache Manager error
responses. A remote trusted client can possibly use this issue to cause
Squid to crash, resulting in a denial of service. (CVE-2024-23638)
Joshua Rogers discovered that Squid incorrectly handled the HTTP Chunked
decoder. A remote attacker could possibly use this issue to cause Squid to
stop responding, resulting in a denial of service. (CVE-2024-25111)
Joshua Rogers discovered that Squid incorrectly handled HTTP header
parsing. A remote trusted client can possibly use this issue to cause
Squid to crash, resulting in a denial of service. (CVE-2024-25617)
Rhadamanthys Malware Deployed By TA547 Against German Targets
Proofpoint said this is the first time the threat actor has been seen using LLM-generated PowerShell scripts
google-guest-agent-20240314.00-4.fc41
FEDORA-2024-74c4c65ff6
Packages in this update:
google-guest-agent-20240314.00-4.fc41
Update description:
Automatic update for google-guest-agent-20240314.00-4.fc41.
Changelog
* Wed Apr 10 2024 Major Hayden <major@redhat.com> – 20240314.00-4
– Skip events test
* Wed Apr 10 2024 Major Hayden <major@redhat.com> – 20240314.00-3
– Fix typo in License filename
* Wed Apr 10 2024 Major Hayden <major@redhat.com> – 20240314.00-2
– Sync packit config with other GCP pkgs
* Wed Apr 10 2024 Major Hayden <major@redhat.com> – 20240314.00-1
– Update to 20240314.00 rhbz#2274184
* Wed Apr 10 2024 Fedora Release Engineering <releng@fedoraproject.org> – 20230726.00-8
– Unretirement Releng Request: https://pagure.io/releng/issue/12057
* Sun Feb 11 2024 Maxwell G <maxwell@gtmx.me> – 20230726.00-7
– Rebuild for golang 1.22.0
* Wed Jan 24 2024 Fedora Release Engineering <releng@fedoraproject.org> – 20230726.00-6
– Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sat Jan 20 2024 Fedora Release Engineering <releng@fedoraproject.org> – 20230726.00-5
– Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Wed Sep 6 2023 Major Hayden <major@redhat.com> – 20230726.00-4
– PRs to rawhide only
* Fri Jul 28 2023 Major Hayden <major@redhat.com> – 20230726.00-3
– Fix typo on ppc64le
* Fri Jul 28 2023 Major Hayden <major@redhat.com> – 20230726.00-2
– Disable ppc64/s390x arches
* Fri Jul 28 2023 Packit <hello@packit.dev> – 20230726.00-1
– [packit] 20230726.00 upstream release
* Tue Jul 25 2023 Major Hayden <major@redhat.com> – 20230725.00-2
– Disable koji auto build with packit
* Tue Jul 25 2023 Packit <hello@packit.dev> – 20230725.00-1
– [packit] 20230725.00 upstream release
* Thu Jul 20 2023 Fedora Release Engineering <releng@fedoraproject.org> – 20230711.00-2
– Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Wed Jul 12 2023 Major Hayden <major@redhat.com> – 20230711.00-1
– Update to 20230711.00 rhbz#2222161
* Wed Jul 12 2023 Major Hayden <major@redhat.com> – 20230707.00-2
– Add packit config 🤖
* Tue Jul 11 2023 Major Hayden <major@redhat.com> – 20230707.00-1
– Update to 20230707.00 rhbz#2221432
* Mon Jul 3 2023 Major Hayden <major@redhat.com> – 20230628.00-1
– Update to 20230628.00 rhbz#2218708
* Wed Jun 28 2023 Major Hayden <major@redhat.com> – 20230626.00-1
– Update to 20230626.00 rhbz#2218220
* Mon Jun 12 2023 Major Hayden <major@redhat.com> – 20230601.00-1
– Update to 20230601.00 rhbz#2211674
* Thu May 18 2023 Major Hayden <major@redhat.com> – 20230517.00-1
– Update to 20230517.00 rhbz#2208103
* Mon May 15 2023 Major Hayden <major@redhat.com> – 20230510.00-1
– Update to 20230510.00 rhbz#2198979
* Mon May 1 2023 Major Hayden <major@redhat.com> – 20230426.00-1
– Update to 20230426.00 rhbz#2190065
* Thu Apr 6 2023 Major Hayden <major@redhat.com> – 20230403.00-1
– Update to 20230403.00 rhbz#2183053
* Tue Mar 28 2023 Major Hayden <major@redhat.com> – 20230221.00-2
– Bump revision for rebuild rhbz#2178465
* Tue Feb 28 2023 Major Hayden <major@redhat.com> – 20230221.00-1
– Update to 20230221.00 rhbz#2172749
* Wed Feb 22 2023 Major Hayden <major@redhat.com> – 20230207.00-2
– Set SPDX license
* Mon Feb 13 2023 Major Hayden <major@redhat.com> – 20230207.00-1
– Update to 20230207.00 rhbz#2160637
* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> – 20221109.00-2
– Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Mon Nov 14 2022 Major Hayden <major@redhat.com> – 20221109.00-1
– Update to 20221109.00 rhbz#2140412
* Wed Oct 26 2022 Major Hayden <major@redhat.com> – 20221025.00-1
– Update to 20221025.00 rhbz#2136314
* Wed Oct 12 2022 Major Hayden <major@redhat.com> – 20220927.00-1
– Update to 20220927.00 rhbz#2130931
* Thu Aug 25 2022 Major Hayden <major@redhat.com> – 20220824.00-1
– Update to 20220824.00 rhbz#2120895
* Thu Aug 18 2022 Major Hayden <major@redhat.com> – 20220816.01-1
– Update to 20220816.01 rhbz#2119456
* Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> – 20201217.02-6
– Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Tue Jul 19 2022 Maxwell G <gotmax@e.email> – 20201217.02-5
– Rebuild for
CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang
* Sat Jun 18 2022 Robert-André Mauchin <zebob.m@gmail.com> – 20201217.02-4
– Rebuilt for CVE-2022-1996, CVE-2022-24675, CVE-2022-28327,
CVE-2022-27191, CVE-2022-29526, CVE-2022-30629