Read Time:11 Second
FEDORA-2024-9a87127dd0
Packages in this update:
mbedtls3.6-3.6.1-1.fc41
Update description:
Update to 3.6.1
Release notes: https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.6.1
Monthly Archives: September 2024
TfL Admits Some Services Are Down Following Cyber-Attack
Read Time:5 Second
Transport for London has revealed several digital services are suspended after a cyber-attack last week
ZDI-24-1196: Adobe Acrobat Reader DC Doc Object Use-After-Free Information Disclosure Vulnerability
Read Time:17 Second
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 3.3. The following CVEs are assigned: CVE-2024-45107.
USN-6995-1: Thunderbird vulnerabilities
Read Time:1 Minute, 13 Second
Multiple security issues were discovered in Thunderbird. If a user were
tricked into opening a specially crafted website in a browsing context, an
attacker could potentially exploit these to cause a denial of service,
obtain sensitive information, bypass security restrictions, cross-site
tracing, or execute arbitrary code. (CVE-2024-7521, CVE-2024-7526,
CVE-2024-7527, CVE-2024-7529, CVE-2024-8382)
It was discovered that Thunderbird did not properly manage certain memory
operations when processing graphics shared memory. An attacker could
potentially exploit this issue to escape the sandbox. (CVE-2024-7519)
Irvan Kurniawan discovered that Thunderbird did not properly check an
attribute value in the editor component, leading to an out-of-bounds read
vulnerability. An attacker could possibly use this issue to cause a denial
of service or expose sensitive information. (CVE-2024-7522)
Rob Wu discovered that Thunderbird did not properly check permissions when
creating a StreamFilter. An attacker could possibly use this issue to
modify response body of requests on any site using a web extension.
(CVE-2024-7525)
Nils Bars discovered that Thunderbird contained a type confusion
vulnerability when performing certain property name lookups. An attacker
could potentially exploit this issue to cause a denial of service, or
execute arbitrary code. (CVE-2024-8381)
It was discovered that Thunderbird did not properly manage memory during
garbage collection. An attacker could potentially exploit this issue to
cause a denial of service, or execute arbitrary code. (CVE-2024-8384)
python3.13-3.13.0~rc2-1.fc39
Read Time:6 Second
FEDORA-2024-f2fc325c40
Packages in this update:
python3.13-3.13.0~rc2-1.fc39
Update description:
Python 3.13.0rc2
python3.13-3.13.0~rc2-1.fc40
Read Time:6 Second
FEDORA-2024-e887a10dee
Packages in this update:
python3.13-3.13.0~rc2-1.fc40
Update description:
Python 3.13.0rc2
python3-docs-3.13.0~rc2-1.fc41 python3.13-3.13.0~rc2-1.fc41
Read Time:12 Second
FEDORA-2024-ebf3fe7bc9
Packages in this update:
python3.13-3.13.0~rc2-1.fc41
python3-docs-3.13.0~rc2-1.fc41
Update description:
Python 3.13.0rc2
Security fix for CVE-2024-8088 and CVE-2024-6232
openssl-3.1.4-4.fc39
Read Time:6 Second
FEDORA-2024-5cd6011cf7
Packages in this update:
openssl-3.1.4-4.fc39
Update description:
Patch for CVE-2024-6119
DSA-5767-1 thunderbird – security update
Read Time:8 Second
Multiple security issues were discovered in Thunderbird, which could
result in the execution of arbitrary code.
libcoap-4.3.5-6.fc41
Read Time:6 Second
FEDORA-2024-9c7bbee0f0
Packages in this update:
libcoap-4.3.5-6.fc41
Update description:
Update to 4.3.5 GA