Read Time:29 Second

FEDORA-2024-1a493abc67

Packages in this update:

python3.10-3.10.16-1.fc40

Update description:

Python 3.10.16 security release.

Security content in this release

gh-122792: Changed IPv4-mapped ipaddress.IPv6Address to consistently use the mapped IPv4 address value for deciding properties. Properties which have their behavior fixed are is_multicast, is_reserved, is_link_local, is_global, and is_unspecified.
CVE-2024-9287: gh-124651: Properly quote template strings in venv activation scripts.
gh-103848: Added checks to ensure that [ bracketed ] hosts found by urllib.parse.urlsplit() are of IPv6 or IPvFuture format.

USN-7178-1: DPDK vulnerability

It was discovered that DPDK incorrectly handled the Vhost library checksum offload feature. An malicious guest could possibly use this...

December 19, 2024

LSN-0108-1: Kernel Live Patch Security Notice

In the Linux kernel, the following vulnerability has been resolved: tls: fix use-after-free on failed backlog decryption When the decrypt...

December 19, 2024

ZDI-24-1711: AnyDesk Link Following Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of AnyDesk. An attacker must first obtain the...

December 19, 2024

ZDI-24-1710: Autodesk Navisworks Freedom DWFX File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Navisworks Freedom. User interaction is required...

December 19, 2024

ZDI-24-1709: Autodesk Navisworks Freedom DWFX File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Navisworks Freedom. User interaction is required...

December 19, 2024

ZDI-24-1708: Autodesk Navisworks Freedom DWFX File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Navisworks Freedom. User interaction is required...

December 19, 2024

Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm

US Organizations Still Using Kaspersky Products Despite Ban

Smashing Security podcast #398: Fake CAPTCHAs, Harmageddon, and Krispy Kreme

Mailbox Insecurity

New Malware Can Kill Engineering Processes in ICS Environments

EU Opens Door for AI Training Using Personal Data

Crypto-Hackers Steal $2.2bn as North Koreans Dominate

Recorded Future CEO Calls Russia’s “Undesirable” Listing a “Compliment”

Vulnerability Exploit Assessment Tool EPSS Exposed to Adversarial Attack

python3.10-3.10.16-1.fc40

FEDORA-2024-1a493abc67

Packages in this update:

Update description:

Security content in this release

USN-7178-1: DPDK vulnerability

LSN-0108-1: Kernel Live Patch Security Notice

ZDI-24-1711: AnyDesk Link Following Information Disclosure Vulnerability

ZDI-24-1710: Autodesk Navisworks Freedom DWFX File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

ZDI-24-1709: Autodesk Navisworks Freedom DWFX File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

ZDI-24-1708: Autodesk Navisworks Freedom DWFX File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability