rabbitmq-server-4.0.5-2.fc42
Automatic update for rabbitmq-server-4.0.5-2.fc42.
* Thu Jan 2 2025 Richard W.M. Jones <rjones@redhat.com> – 4.0.5-2
– Remove downstream patch which allowed remote connections (RHBZ#2333072)
– Move license to MPL 2.0 (RHBZ#2333074)
A CVSS score 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘CrisprXiang With FDU and Hao Huang with FDU’ was reported to the affected vendor on: 2025-01-03, 0 days ago. The vendor is given until 2025-05-03 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
What is the Attack?FortiGuard Labs Threat Team has observed recent attacks by a Threat Actor dubbed “EC2 Grouper” that leverages AWS tools for PowerShell to carry out cloud-based attacks. It leverages APIs to inventory EC2 types and available regions before executing further API calls iteratively. The Threat Actor is seen using techniques that enable remote access and lateral movement within cloud environments. EC2 Grouper is a highly active threat actor frequently involved in cloud identity compromises, observed across numerous customer environments over the years. To learn more, see the detailed Threat Blog: Catching “EC2 Grouper”- No Indicators Required! | FortiGuard LabsWhat is the recommended Mitigation?Detecting illicit use of valid cloud credentials is challenging, as most attacks lack unique indicators. By correlating weak signals, such as environmental anomalies and API usage patterns, composite alerting enhances detection accuracy significantly. For detailed guidance and Threat report, visit Fortinet’s Threat Blog | FortiGuard LabsWhat FortiGuard Coverage is available?Lacework FortiCNAPP: Cloud detection and response (CDR) addresses cloud identity compromises and uses composite alerting for enhanced detection.Lacework FortiCNAPP enhances detection efficacy and integrates CIEM to assess the impact of compromised identities.Read more about how Lacework FortiCNAPP can secure your cloud environment.
libxmp-4.6.1-2.fc41
Latest upstream release. Changelog:
Fixes:
CVE-2023-45679: Attempt to free an uninitialized memory pointer in vorbis_deinit()
CVE-2023-45680: Null pointer dereference in vorbis_deinit()
CVE-2023-45681: Out of bounds heap buffer write
CVE-2023-45676: Multi-byte write heap buffer overflow in start_decoder()
CVE-2023-45677: Heap buffer out of bounds write in start_decoder()
CVE-2023-45682: Wild address read in vorbis_decode_packet_rest()
libxmp-4.6.1-2.fc40
Latest upstream release. Changelog:
Fixes:
CVE-2023-45679: Attempt to free an uninitialized memory pointer in vorbis_deinit()
CVE-2023-45680: Null pointer dereference in vorbis_deinit()
CVE-2023-45681: Out of bounds heap buffer write
CVE-2023-45676: Multi-byte write heap buffer overflow in start_decoder()
CVE-2023-45677: Heap buffer out of bounds write in start_decoder()
CVE-2023-45682: Wild address read in vorbis_decode_packet_rest()
xmlrpc-c-1.60.04-2.fc42
Automatic update for xmlrpc-c-1.60.04-2.fc42.
* Thu Jan 2 2025 Jonathan Wright <jonathan@almalinux.org> – 1.60.4-2
– Use global macro to override make smp_flags
* Thu Jan 2 2025 Jonathan Wright <jonathan@almalinux.org> – 1.60.4-1
– update to 1.60.4 rhbz#2334236
– re-enable builds against libxml2, no more bundled libexpat
– fixes rhbz#2310136
– fixes rhbz#2310146
– fixes rhbz#2310152
* Wed Sep 4 2024 Miroslav Suchý <msuchy@redhat.com> – 1.59.03-3
– convert license to SPDX
Automatic update for xmlrpc-c-1.60.04-1.fc42.
xmlrpc-c-1.60.04-1.fc42
Automatic update for xmlrpc-c-1.60.04-1.fc42.
* Thu Jan 2 2025 Jonathan Wright <jonathan@almalinux.org> – 1.60.4-1
– update to 1.60.4 rhbz#2334236
– re-enable builds against libxml2, no more bundled libexpat
– fixes rhbz#2310136
– fixes rhbz#2310146
– fixes rhbz#2310152
* Wed Sep 4 2024 Miroslav Suchý <msuchy@redhat.com> – 1.59.03-3
– convert license to SPDX
mingw-poppler-24.02.0-4.fc41
Backport fix for CVE-2024-56378.
mingw-poppler-24.02.0-4.fc40
Backport fix for CVE-2024-56378.
gimp-2.10.38-12.fc40
This update fixes issues with loading TGA and XCF files.
