FEDORA-2024-7908ee39a9
Packages in this update:
aws-24.0.0-3.fc41
Update description:
CVE-2024-41708: Ada Web Server did not use a cryptographically secure pseudorandom number generator.
AWS.Utils.Random and AWS.Utils.Random_String used Ada.Numerics.Discrete_Random, which is not designed to be cryptographically secure. Random_String also introduced a bias in the generated pseudorandom string values, where the values “1” and “2” had a much higher frequency than any other character.
The internal state of the Mersenne Twister PRNG could be revealed, and lead to a session hijacking attack.
This update fixes the problem by using /dev/urandom instead of Discrete_Random.
More details: https://docs.adacore.com/corp/security-advisories/SEC.AWS-0040-v2.pdf
More Stories
USN-7045-1: libppd vulnerability
Simone Margaritelli discovered that libppd incorrectly sanitized IPP data when creating PPD files. A remote attacker could possibly use this...
USN-7044-1: libcupsfilters vulnerability
Simone Margaritelli discovered that libcupsfilters incorrectly sanitized IPP data when creating PPD files. A remote attacker could possibly use this...
USN-7043-1: cups-filters vulnerabilities
Simone Margaritelli discovered that the cups-filters cups-browsed component could be used to create arbitrary printers from outside the local network....
USN-7042-1: cups-browsed vulnerability
Simone Margaritelli discovered that cups-browsed could be used to create arbitrary printers from outside the local network. In combination with...
USN-7041-1: CUPS vulnerability
Simone Margaritelli discovered that CUPS incorrectly sanitized IPP data when creating PPD files. A remote attacker could possibly use this...
chromium-129.0.6668.70-1.fc41
FEDORA-2024-8008ddbd4e Packages in this update: chromium-129.0.6668.70-1.fc41 Update description: Update to 129.0.6668.70 High CVE-2024-9120: Use after free in Dawn High CVE-2024-9121:...