Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– x86 architecture;
– Cryptographic API;
– CPU frequency scaling framework;
– HW tracing;
– ISDN/mISDN subsystem;
– Media drivers;
– Network drivers;
– NVME drivers;
– S/390 drivers;
– SCSI drivers;
– USB subsystem;
– VFIO drivers;
– Watchdog drivers;
– JFS file system;
– IRQ subsystem;
– Core kernel;
– Memory management;
– Amateur Radio drivers;
– IPv4 networking;
– IPv6 networking;
– IUCV driver;
– Network traffic control;
– TIPC protocol;
– XFRM subsystem;
– Integrity Measurement Architecture(IMA) framework;
– SoC Audio for Freescale CPUs drivers;
– USB sound devices;
(CVE-2024-36971, CVE-2024-42271, CVE-2024-38630, CVE-2024-38602,
CVE-2024-42223, CVE-2024-44940, CVE-2023-52528, CVE-2024-41097,
CVE-2024-27051, CVE-2024-42157, CVE-2024-46673, CVE-2024-39494,
CVE-2024-42089, CVE-2024-41073, CVE-2024-26810, CVE-2024-26960,
CVE-2024-38611, CVE-2024-31076, CVE-2024-26754, CVE-2023-52510,
CVE-2024-40941, CVE-2024-45016, CVE-2024-38627, CVE-2024-38621,
CVE-2024-39487, CVE-2024-27436, CVE-2024-40901, CVE-2024-26812,
CVE-2024-42244, CVE-2024-42229, CVE-2024-43858, CVE-2024-42280,
CVE-2024-26641, CVE-2024-42284, CVE-2024-26602)
Daily Archives: October 15, 2024
mbedtls3.6-3.6.2-1.fc41
FEDORA-2024-8f1374ecfb
Packages in this update:
mbedtls3.6-3.6.2-1.fc41
Update description:
Update to 3.6.2
Release notes: https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.6.2
python-fastapi-0.111.1-7.fc40 python-openapi-core-0.19.4-3.fc40 python-platformio-6.1.14-7.fc40 python-starlette-0.40.0-1.fc40
FEDORA-2024-f1615b58e6
Packages in this update:
python-fastapi-0.111.1-7.fc40
python-openapi-core-0.19.4-3.fc40
python-platformio-6.1.14-7.fc40
python-starlette-0.40.0-1.fc40
Update description:
Security fix for CVE-2024-47874.
Starlette 0.40.0 (October 15, 2024)
This release fixes a Denial of service (DoS) via multipart/form-data requests.
You can view the full security advisory:
GHSA-f96h-pmfr-66vw
Fixed
Add max_part_size to MultiPartParser to limit the size of parts in multipart/form-data
requests fd038f3.
python-fastapi-0.115.2-1.fc41 python-openapi-core-0.19.4-4.fc41 python-platformio-6.1.14-7.fc41 python-starlette-0.40.0-1.fc41
FEDORA-2024-05dedb1a53
Packages in this update:
python-fastapi-0.115.2-1.fc41
python-openapi-core-0.19.4-4.fc41
python-platformio-6.1.14-7.fc41
python-starlette-0.40.0-1.fc41
Update description:
Security fix for CVE-2024-47874.
Starlette 0.40.0 (October 15, 2024)
This release fixes a Denial of service (DoS) via multipart/form-data requests.
You can view the full security advisory:
GHSA-f96h-pmfr-66vw
Fixed
Add max_part_size to MultiPartParser to limit the size of parts in multipart/form-data
requests fd038f3.
FastAPI 0.115.2
https://github.com/fastapi/fastapi/releases/tag/0.115.2
https://github.com/fastapi/fastapi/releases/tag/0.115.1
python-openapi-core-0.19.4-4.fc42 python-platformio-6.1.16-2.fc42 python-starlette-0.40.0-1.fc42
FEDORA-2024-466c574575
Packages in this update:
python-openapi-core-0.19.4-4.fc42
python-platformio-6.1.16-2.fc42
python-starlette-0.40.0-1.fc42
Update description:
Security fix for CVE-2024-47874.
Starlette 0.40.0 (October 15, 2024)
This release fixes a Denial of service (DoS) via multipart/form-data requests.
You can view the full security advisory:
GHSA-f96h-pmfr-66vw
Fixed
Add max_part_size to MultiPartParser to limit the size of parts in multipart/form-data
requests fd038f3.
yarnpkg-1.22.22-5.el9
FEDORA-EPEL-2024-78df19aaf3
Packages in this update:
yarnpkg-1.22.22-5.el9
Update description:
Sync with fedora package.
New ConfusedPilot Attack Targets AI Systems with Data Poisoning
Researchers have discovered a new cyber-attack method called ConfusedPilot that can manipulate AI-generated responses by injecting malicious content into documents referenced by AI systems
Darknet Activity Increases Ahead of 2024 Presidential Vote
Cyber threats surge ahead of the 2024 election, including phishing, ransomware and Darknet activity
UK: NCSC Offers Education Organizations Free Cyber Services
The service, developed in collaboration with Cloudflare and Accenture, is available for UK schools and most education service providers
libarchive-3.7.1-3.fc39
FEDORA-2024-ab6348928b
Packages in this update:
libarchive-3.7.1-3.fc39
Update description:
Fix for CVE-2024-48957