Category Archives: Advisories

iwd-3.3-1.fc40 libell-0.71-1.fc40

Read Time:26 Second

FEDORA-2024-0fa283c43a

Packages in this update:

iwd-3.3-1.fc40
libell-0.71-1.fc40

Update description:

iwd 3.3:

Fix issue with handling External Authentication.

iwd 3.2:

Fix issue with GCC 15 and -std=c23 build errors.
Add support for using PMKSA over SAE if available.
Add support for HighUtilization/StationCount thresholds.
Add support for disabling Multicast RX option.

ell 0.71:

Fix issue with GCC 15 and -std=c23 build errors.

ell 0.70:

Add support for helper function for safe memcpy.

Read More

iwd-3.3-1.fc41 libell-0.71-1.fc41

Read Time:26 Second

FEDORA-2024-256818da09

Packages in this update:

iwd-3.3-1.fc41
libell-0.71-1.fc41

Update description:

iwd 3.3:

Fix issue with handling External Authentication.

iwd 3.2:

Fix issue with GCC 15 and -std=c23 build errors.
Add support for using PMKSA over SAE if available.
Add support for HighUtilization/StationCount thresholds.
Add support for disabling Multicast RX option.

ell 0.71:

Fix issue with GCC 15 and -std=c23 build errors.

ell 0.70:

Add support for helper function for safe memcpy.

Read More

A Vulnerability in Apache Struts2 Could Allow for Remote Code Execution

Read Time:30 Second

A vulnerability has been discovered in Apache Struts2, which could allow for remote code execution. Apache Struts2 is an open-source web application framework used for developing Java web applications. Successful exploitation of this vulnerability could allow for remote code execution in the context of the affected service account. Depending on the privileges associated with the service account, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Services whose accounts are configured to have less rights on the system could be less impacted than those who operate with administrative user rights.

Read More

CyberDanube Security Research 20241219-0 | Authenticated Remote Code Execution in Ewon Flexy 205

Read Time:15 Second

Posted by Thomas Weber | CyberDanube via Fulldisclosure on Dec 21

CyberDanube Security Research 20241219-0
——————————————————————————-
title| Authenticated Remote Code Execution
product| Ewon Flexy 205
vulnerable version| <= v14.8s0 (#2633)
fixed version| –
CVE number| CVE-2024-9154
impact| High
homepage| https://www.hms-networks.com/
found| 2024-09-03…

Read More

USN-7179-1: Linux kernel vulnerabilities

Read Time:1 Minute, 4 Second

Andy Nguyen discovered that the Bluetooth L2CAP implementation in the Linux
kernel contained a type-confusion error. A physically proximate remote
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2020-12351)

Andy Nguyen discovered that the Bluetooth A2MP implementation in the Linux
kernel did not properly initialize memory in some situations. A physically
proximate remote attacker could use this to expose sensitive information
(kernel memory). (CVE-2020-12352)

Andy Nguyen discovered that the Bluetooth HCI event packet parser in the
Linux kernel did not properly handle event advertisements of certain sizes,
leading to a heap-based buffer overflow. A physically proximate remote
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2020-24490)

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– GPU drivers;
– Media drivers;
– Network drivers;
– SMB network file system;
– Bluetooth subsystem;
– Amateur Radio drivers;
– Network traffic control;
– VMware vSockets driver;
(CVE-2024-43904, CVE-2024-35963, CVE-2024-35967, CVE-2024-40973,
CVE-2024-26822, CVE-2024-35965, CVE-2024-40910, CVE-2024-38553,
CVE-2024-53057, CVE-2024-50264, CVE-2024-35966)

Read More

USN-7173-2: Linux kernel vulnerabilities

Read Time:42 Second

Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not
properly handle certain error conditions, leading to a NULL pointer
dereference. A local attacker could possibly trigger this vulnerability to
cause a denial of service. (CVE-2022-38096)

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– GPU drivers;
– Network drivers;
– SCSI subsystem;
– Ext4 file system;
– Bluetooth subsystem;
– Memory management;
– Amateur Radio drivers;
– Network traffic control;
– Sun RPC protocol;
– VMware vSockets driver;
(CVE-2023-52821, CVE-2024-40910, CVE-2024-43892, CVE-2024-49967,
CVE-2024-50264, CVE-2024-36952, CVE-2024-38553, CVE-2021-47101,
CVE-2021-47001, CVE-2024-35965, CVE-2024-35963, CVE-2024-35966,
CVE-2024-35967, CVE-2024-53057, CVE-2024-38597)

Read More

swiftlint-0.57.1-1.fc42

Read Time:28 Second

FEDORA-2024-87d30b4fbf

Packages in this update:

swiftlint-0.57.1-1.fc42

Update description:

Automatic update for swiftlint-0.57.1-1.fc42.

Changelog

* Fri Dec 20 2024 Davide Cavalca <dcavalca@fedoraproject.org> – 0.57.1-1
– Update to 0.57.1; Fixes: RHBZ#2280939, RHBZ#2301323, RHBZ#2280426,
RHBZ#2280433, RHBZ#2280449, RHBZ#2280455, RHBZ#2280469, RHBZ#2280475,
RHBZ#2280487, RHBZ#2302835, RHBZ#2307674
* Sat Jul 20 2024 Fedora Release Engineering <releng@fedoraproject.org> – 0.53.0-5
– Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild

Read More