Read Time:29 Second

FEDORA-2024-1a493abc67

Packages in this update:

python3.10-3.10.16-1.fc40

Update description:

Python 3.10.16 security release.

Security content in this release

gh-122792: Changed IPv4-mapped ipaddress.IPv6Address to consistently use the mapped IPv4 address value for deciding properties. Properties which have their behavior fixed are is_multicast, is_reserved, is_link_local, is_global, and is_unspecified.
CVE-2024-9287: gh-124651: Properly quote template strings in venv activation scripts.
gh-103848: Added checks to ensure that [ bracketed ] hosts found by urllib.parse.urlsplit() are of IPv6 or IPvFuture format.

USN-7178-1: DPDK vulnerability

It was discovered that DPDK incorrectly handled the Vhost library checksum offload feature. An malicious guest could possibly use this...

December 19, 2024

LSN-0108-1: Kernel Live Patch Security Notice

In the Linux kernel, the following vulnerability has been resolved: tls: fix use-after-free on failed backlog decryption When the decrypt...

December 19, 2024

Stored XSS with Filter Bypass – blogenginev3.3.8

Posted by Andrey Stoykov on Dec 18 # Exploit Title: Stored XSS with Filter Bypass - blogenginev3.3.8 # Date: 12/2024...

December 19, 2024

[SYSS-2024-085]: Broadcom CA Client Automation – Improper Privilege Management (CWE-269)

Posted by Matthias Deeg via Fulldisclosure on Dec 18 Advisory ID: SYSS-2024-085 Product: CA Client Automation (CA DSM) Manufacturer: Broadcom...

December 19, 2024

webkitgtk-2.46.5-1.fc40

FEDORA-2024-03a1955920 Packages in this update: webkitgtk-2.46.5-1.fc40 Update description: Update to 2.46.5: Fix several crashes and rendering issues. CVE-2024-54479, CVE-2024-54502, CVE-2024-54508,...

December 19, 2024

webkitgtk-2.46.5-1.fc41

FEDORA-2024-32bc143584 Packages in this update: webkitgtk-2.46.5-1.fc41 Update description: Update to 2.46.5: Fix several crashes and rendering issues. CVE-2024-54479, CVE-2024-54502, CVE-2024-54508,...

December 19, 2024

US Organizations Still Using Kaspersky Products Despite Ban

Smashing Security podcast #398: Fake CAPTCHAs, Harmageddon, and Krispy Kreme

Mailbox Insecurity

New Malware Can Kill Engineering Processes in ICS Environments

EU Opens Door for AI Training Using Personal Data

Crypto-Hackers Steal $2.2bn as North Koreans Dominate

Recorded Future CEO Calls Russia’s “Undesirable” Listing a “Compliment”

Vulnerability Exploit Assessment Tool EPSS Exposed to Adversarial Attack

Interpol Calls for an End to “Pig Butchering” Terminology

python3.10-3.10.16-1.fc40

FEDORA-2024-1a493abc67

Packages in this update:

Update description:

Security content in this release

USN-7178-1: DPDK vulnerability

LSN-0108-1: Kernel Live Patch Security Notice

Stored XSS with Filter Bypass – blogenginev3.3.8

[SYSS-2024-085]: Broadcom CA Client Automation – Improper Privilege Management (CWE-269)

webkitgtk-2.46.5-1.fc40

webkitgtk-2.46.5-1.fc41