FEDORA-2024-b5da13e80a

Packages in this update:

suricata-7.0.7-1.fc41

Update description:

Various security, performance, accuracy, and stability issues have been fixed.

Read More

FEDORA-2024-8b08786765

Packages in this update:

suricata-7.0.7-1.fc40

Update description:

Various security, performance, accuracy, and stability issues have been fixed.

Read More

USN-7040-1 fixed a vulnerability in ConfigObj. This update
provides the corresponding update for Ubuntu 14.04 LTS.

Original advisory details:

It was discovered that ConfigObj contains regex that is susceptible to
catastrophic backtracking. An attacker could possibly use this issue to
cause a regular expression denial of service.

Read More

USN-7014-1 fixed a vulnerability in nginx. This update
provides the corresponding update for Ubuntu 14.04 LTS.

Original advisory details:

It was discovered that the nginx ngx_http_mp4 module incorrectly handled
certain malformed mp4 files. In environments where the mp4 directive is in
use, a remote attacker could possibly use this issue to cause nginx to
crash, resulting in a denial of service.

Read More

USN-6968-1 fixed CVE-2024-7348 in PostgreSQL-12, PostgreSQL-14, and
PostgreSQL-16.

This update provides the corresponding updates for PostgreSQL-9.3 in
Ubuntu 14.04 LTS and PostgreSQL-10 in Ubuntu 18.04 LTS.

Original advisory details:

Noah Misch discovered that PostgreSQL incorrectly handled certain
SQL objects. An attacker could possibly use this issue to execute
arbitrary SQL functions as the superuser.

Read More

USN-7015-1 fixed several vulnerabilities in Python. This update provides the
corresponding update for CVE-2023-27043 for python2.7 and python3.5 in
Ubuntu 14.04 LTS.

Original advisory details:

It was discovered that the Python email module incorrectly parsed email
addresses that contain special characters. A remote attacker could
possibly use this issue to bypass certain protection mechanisms.
(CVE-2023-27043)

It was discovered that Python allowed excessive backtracking while parsing
certain tarfile headers. A remote attacker could possibly use this issue
to cause Python to consume resources, leading to a denial of service.
(CVE-2024-6232)

It was discovered that the Python email module incorrectly quoted newlines
for email headers. A remote attacker could possibly use this issue to
perform header injection. (CVE-2024-6923)

It was discovered that the Python http.cookies module incorrectly handled
parsing cookies that contained backslashes for quoted characters. A remote
attacker could possibly use this issue to cause Python to consume
resources, leading to a denial of service. (CVE-2024-7592)

It was discovered that the Python zipfile module incorrectly handled
certain malformed zip files. A remote attacker could possibly use this
issue to cause Python to stop responding, resulting in a denial of
service. (CVE-2024-8088)

Read More

It was discovered that HAProxy did not properly limit the creation of new
HTTP/2 streams. A remote attacker could possibly use this issue to cause
HAProxy to consume excessive resources, leading to a denial of service.

Read More

FEDORA-2024-1949806a59

Packages in this update:

wireshark-4.2.8-1.fc40

Update description:

New version 4.2.8
Fix for CVE-2024-9781

Read More

Damien Schaeffer discovered that Thunderbird did not properly manage
certain memory operations when processing content in the Animation
timelines. An attacker could potentially exploit this issue to achieve
arbitrary code execution.

Read More

Damien Schaeffer discovered that Firefox did not properly manage memory in
the content process when handling Animation timelines, leading to a use
after free vulnerability. An attacker could possibly use this issue to
achieve remote code execution.

Read More