FEDORA-EPEL-2024-a3d9061962

Packages in this update:

chromium-129.0.6668.89-1.el8

Update description:

update to 129.0.6668.89

* High CVE-2024-7025: Integer overflow in Layout
* High CVE-2024-9369: Insufficient data validation in Mojo
* High CVE-2024-9370: Inappropriate implementation in V8

Read More

FEDORA-EPEL-2024-ae299cc269

Packages in this update:

chromium-129.0.6668.89-1.el9

Update description:

update to 129.0.6668.89

* High CVE-2024-7025: Integer overflow in Layout
* High CVE-2024-9369: Insufficient data validation in Mojo
* High CVE-2024-9370: Inappropriate implementation in V8

Read More

FEDORA-2024-5d581b2365

Packages in this update:

apache-commons-io-2.11.0-5.fc39

Update description:

Fixes possible denial of service attack on untrusted input

Read More

What is the Vulnerability?Attackers are actively exploiting CVE-2024-45519, a critical Zimbra vulnerability that allows attackers to execute arbitrary commands on vulnerable systems. CVE-2024-45519 is a vulnerability in the postjournal service used for recording email communications. This OS command injection flaw can be exploited without authentication and successful exploitation can lead to unauthorized access, privilege escalation, and potential compromise of the affected system’s integrity and confidentiality.Zimbra Collaboration (by Synacor) is a popular cloud-based collaboration software and email platform. The remote code execution vulnerability (CVE-2024-45519) in this software was disclosed on September 27, along with a proof of concept (PoC) exploit.What is the recommended Mitigation?Zimbra has released a patch for CVE-2024-45519. Organizations that haven’t implemented the latest patch are advised to do so immediately. https://blog.zimbra.com/2024/10/zimbra-cve-2024-45519-vulnerability-stay-secure-by-updating/ What FortiGuard Coverage is available?FortiGuard recommends users to apply the fix provided by the vendor. The FortiGuard Incident Response team can be engaged to help with any suspected compromise.The FortiGuard Labs team is further investigating to provide protections and will update this Threat Signal Report with more information once it becomes available.

Read More

FEDORA-EPEL-2024-851c74616f

Packages in this update:

p7zip-16.02-31.el8

Update description:

Fix wrapper to hide password from process history

Read More

FEDORA-EPEL-2024-8de34d4fda

Packages in this update:

p7zip-16.02-31.el9

Update description:

Fix wrapper to hide password from process history

Read More

FEDORA-2024-6ecf5236ae

Packages in this update:

p7zip-16.02-31.fc41

Update description:

Fix wrapper to hide password from process history

Read More

FEDORA-2024-5c99e1d579

Packages in this update:

p7zip-16.02-31.fc40

Update description:

Fix wrapper to hide password from process history

Read More

FEDORA-2024-ec78ab2c45

Packages in this update:

p7zip-16.02-31.fc39

Update description:

Fix wrapper to hide password from process history

Read More

FEDORA-2024-2ba00c906c

Packages in this update:

unbound-1.21.1-3.fc39

Update description:

Fixed builds on F41. Fixes CVE-2024-8508

https://github.com/NLnetLabs/unbound/releases/tag/release-1.21.1

Read More