Endor Labs claims security patches can break underlying open source software 75% of the time
Daily Archives: September 12, 2024
arm-none-eabi-binutils-cs-2.43-1.el8 arm-none-eabi-gcc-cs-12.4.0-1.el8 arm-none-eabi-newlib-4.4.0.20231231-1.el8
FEDORA-EPEL-2024-31d4c55df0
Packages in this update:
arm-none-eabi-binutils-cs-2.43-1.el8
arm-none-eabi-gcc-cs-12.4.0-1.el8
arm-none-eabi-newlib-4.4.0.20231231-1.el8
Update description:
newlib updated to 4.4.0.20231231 to fix CVE-2024-30949, binutils updated to 2.43, gcc to 12.4.0
arm-none-eabi-binutils-cs-2.43-1.el9 arm-none-eabi-gcc-cs-12.4.0-1.el9 arm-none-eabi-newlib-4.4.0.20231231-1.el9
FEDORA-EPEL-2024-02a5043c77
Packages in this update:
arm-none-eabi-binutils-cs-2.43-1.el9
arm-none-eabi-gcc-cs-12.4.0-1.el9
arm-none-eabi-newlib-4.4.0.20231231-1.el9
Update description:
newlib updated to 4.4.0.20231231 to fix CVE-2024-30949, binutils updated to 2.43, gcc to 12.4.0
chromium-128.0.6613.137-1.el9
FEDORA-EPEL-2024-c10cc04f69
Packages in this update:
chromium-128.0.6613.137-1.el9
Update description:
update to 128.0.6613.137
* High CVE-2024-8636: Heap buffer overflow in Skia
* High CVE-2024-8637: Use after free in Media Router
* High CVE-2024-8638: Type Confusion in V8
* High CVE-2024-8639: Use after free in Autofill
chromium-128.0.6613.137-1.fc40
FEDORA-2024-0a4a65f805
Packages in this update:
chromium-128.0.6613.137-1.fc40
Update description:
update to 128.0.6613.137
* High CVE-2024-8636: Heap buffer overflow in Skia
* High CVE-2024-8637: Use after free in Media Router
* High CVE-2024-8638: Type Confusion in V8
* High CVE-2024-8639: Use after free in Autofill
chromium-128.0.6613.137-1.fc41
FEDORA-2024-9e85c72624
Packages in this update:
chromium-128.0.6613.137-1.fc41
Update description:
update to 128.0.6613.137
* High CVE-2024-8636: Heap buffer overflow in Skia
* High CVE-2024-8637: Use after free in Media Router
* High CVE-2024-8638: Type Confusion in V8
* High CVE-2024-8639: Use after free in Autofill
chromium-128.0.6613.137-1.el8
FEDORA-EPEL-2024-1434b533be
Packages in this update:
chromium-128.0.6613.137-1.el8
Update description:
update to 128.0.6613.137
* High CVE-2024-8636: Heap buffer overflow in Skia
* High CVE-2024-8637: Use after free in Media Router
* High CVE-2024-8638: Type Confusion in V8
* High CVE-2024-8639: Use after free in Autofill
chromium-128.0.6613.137-1.fc39
FEDORA-2024-37f95ce86b
Packages in this update:
chromium-128.0.6613.137-1.fc39
Update description:
update to 128.0.6613.137
* High CVE-2024-8636: Heap buffer overflow in Skia
* High CVE-2024-8637: Use after free in Media Router
* High CVE-2024-8638: Type Confusion in V8
* High CVE-2024-8639: Use after free in Autofill
ZDI-24-1223: Ivanti Endpoint Manager AgentPortal Deserialization of Untrusted Data Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 9.8. The following CVEs are assigned: CVE-2024-29847.
CVE-2024-25286 – RedSys – A Cross-Site Request Forgery (CSRF) vulnerability was identified in the Authorization Method of 3DSecure 2.0
Posted by RUBEN LOPEZ HERRERA on Sep 11
Product: 3DSecure 2.0
Manufacturer: Redsys
Affected Version(s): 3DSecure 2.0 3DS Authorization Method
Tested Version(s): 3DSecure 2.0 3DS Authorization Method
Vulnerability Type: Cross-Site Request Forgery (CSRF)
Risk Level: Medium
Solution Status: Not yet fixed
Manufacturer Notification: 2024-01-17
Solution Date: N/A
Public Disclosure: 2024-09-17
CVE Reference: CVE-2024-25286
Overview:
A Cross-Site Request Forgery (CSRF) vulnerability was…