Category Archives: Advisories

Advisories

USN-7198-1: rlottie vulnerabilities

Read Time:1 Minute, 0 Second

Paolo Giai discovered a series of stack-based overflow vulnerabilities in
the blit and gray_render_cubic functions of a custom fork of the rlottie
library. An attacker could possibly use this issue to leak sensitive
information. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04
LTS. (CVE-2021-31315, CVE-2021-31321)

Paolo Giai discovered a series of type confusion vulnerabilities in the
VDasher constructor and the LOTCompLayerItem::LOTCompLayerItem function
of a custom fork of the rlottie library. An attacker could possibly use
this issue to leak sensitive information. This issue only affected Ubuntu
20.04 LTS. (CVE-2021-31317, CVE-2021-31318)

Paolo Giai discovered an integer overflow vulnerability in the
LOTGradient::populate function of a custom fork of the rlottie library.
An attacker could possibly use this issue to leak sensitive information.
This issue only affected Ubuntu 20.04 LTS. (CVE-2021-31319)

Paolo Giai discovered a series of heap buffer overflow vulnerabilities
in the VGradientCache::generateGradientColorTable and
LOTGradient::populate functions of a custom fork of the rlottie library.
An attacker could possibly use this issue to achieve remote code execution.
This issue only affected Ubuntu 20.04 LTS. (CVE-2021-31320, CVE-2021-31322)

Read More

Advisories

Multiple vulnerabilities in SonicWall SonicOS could allow a remote attacker to bypass authentication.

Read Time:19 Second

Multiple vulnerabilities have been discovered in SonicWall SonicOS that could allow for authentication bypass. SonicOS is SonicWall’s operating system designed for their firewalls and other security devices. Successful exploitation of the most severe of these vulnerabilities could allow for authentication bypass on the affected system. Depending on the privileges associated with the system, an attacker could then; view, change, or delete data.

Read More

Advisories

xen-4.19.1-3.fc41

Read Time:20 Second

FEDORA-2025-933a9a977e

Packages in this update:

xen-4.19.1-3.fc41

Update description:

work around debugedit bug to fix aarch64 builds
xen-hypervisor %post doesn’t load all needed grub2 modules
update to xen-4.19.1 which includes
Deadlock in x86 HVM standard VGA handling [XSA-463, CVE-2024-45818]
libxl leaks data to PVH guests via ACPI tables [XSA-464, CVE-2024-45819]

Read More

Advisories

USN-7197-1: Go Networking vulnerability

Read Time:16 Second

Guido Vranken discovered that Go Networking handled input to the Parse
functions inefficiently. An attacker could possibly use this issue to
cause denial of service. This update addresses the issue in the
golang-golang-x-net and golang-golang-x-net-dev packages, as well as the
library vendored within adsys and juju-core.

Read More

Advisories

USN-7185-2: Linux kernel (Azure) vulnerabilities

Read Time:1 Minute, 23 Second

Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux
kernel contained an integer overflow vulnerability. A local attacker could
use this to cause a denial of service (system crash). (CVE-2022-36402)

Zheng Wang discovered a use-after-free in the Renesas Ethernet AVB driver
in the Linux kernel during device removal. A privileged attacker could use
this to cause a denial of service (system crash). (CVE-2023-35827)

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– GPU drivers;
– I2C subsystem;
– InfiniBand drivers;
– IRQ chip drivers;
– Network drivers;
– Pin controllers subsystem;
– S/390 drivers;
– TTY drivers;
– USB Host Controller drivers;
– USB Mass Storage drivers;
– Framebuffer layer;
– Ext4 file system;
– File systems infrastructure;
– Bluetooth subsystem;
– DMA mapping infrastructure;
– Memory management;
– 9P file system network protocol;
– IPv4 networking;
– IPv6 networking;
– Logical Link layer;
– MAC80211 subsystem;
– Netfilter;
– NFC subsystem;
– Phonet protocol;
– Network traffic control;
– VMware vSockets driver;
– Wireless networking;
(CVE-2024-42090, CVE-2024-42156, CVE-2021-47082, CVE-2024-26921,
CVE-2023-52594, CVE-2024-36968, CVE-2024-38633, CVE-2024-42077,
CVE-2021-47076, CVE-2021-47501, CVE-2023-52507, CVE-2024-42153,
CVE-2024-39301, CVE-2024-36946, CVE-2024-43884, CVE-2023-52509,
CVE-2024-36004, CVE-2023-52486, CVE-2024-50264, CVE-2024-45006,
CVE-2024-36941, CVE-2024-43856, CVE-2024-40912, CVE-2024-49967,
CVE-2024-53057, CVE-2024-26777, CVE-2024-36270, CVE-2024-26625,
CVE-2024-45021, CVE-2024-35886, CVE-2024-44947, CVE-2024-44944,
CVE-2024-35847, CVE-2024-40959, CVE-2024-42101, CVE-2024-38619)

Read More

Advisories

USN-7169-4: Linux kernel (Azure) vulnerabilities

Read Time:14 Second

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– Ext4 file system;
– Network traffic control;
– VMware vSockets driver;
(CVE-2024-49967, CVE-2024-53057, CVE-2024-50264)

Read More

Advisories

USN-7196-1: Linux kernel (Azure) vulnerabilities

Read Time:8 Minute, 6 Second

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– ARM64 architecture;
– MIPS architecture;
– PowerPC architecture;
– RISC-V architecture;
– S390 architecture;
– User-Mode Linux (UML);
– x86 architecture;
– Block layer subsystem;
– Android drivers;
– ATM drivers;
– Drivers core;
– Ublk userspace block driver;
– Bluetooth drivers;
– Character device driver;
– Hardware crypto device drivers;
– Buffer Sharing and Synchronization framework;
– DMA engine subsystem;
– Qualcomm firmware drivers;
– GPIO subsystem;
– GPU drivers;
– HID subsystem;
– Hardware monitoring drivers;
– I2C subsystem;
– I3C subsystem;
– IIO subsystem;
– InfiniBand drivers;
– Input Device core drivers;
– Input Device (Miscellaneous) drivers;
– IOMMU subsystem;
– IRQ chip drivers;
– LED subsystem;
– Mailbox framework;
– Multiple devices driver;
– Media drivers;
– Fastrpc Driver;
– VMware VMCI Driver;
– MMC subsystem;
– Ethernet bonding driver;
– Network drivers;
– Mellanox network drivers;
– Microsoft Azure Network Adapter (MANA) driver;
– Near Field Communication (NFC) drivers;
– NVME drivers;
– Device tree and open firmware driver;
– Parport drivers;
– PCI subsystem;
– Pin controllers subsystem;
– x86 platform drivers;
– Power supply drivers;
– Remote Processor subsystem;
– S/390 drivers;
– SCSI subsystem;
– QCOM SoC drivers;
– SPI subsystem;
– Direct Digital Synthesis drivers;
– Thunderbolt and USB4 drivers;
– TTY drivers;
– UFS subsystem;
– Userspace I/O drivers;
– DesignWare USB3 driver;
– USB Gadget drivers;
– USB Host Controller drivers;
– USB Type-C Connector System Software Interface driver;
– USB over IP driver;
– Virtio Host (VHOST) subsystem;
– Framebuffer layer;
– Xen hypervisor drivers;
– File systems infrastructure;
– BTRFS file system;
– Ext4 file system;
– F2FS file system;
– JFS file system;
– Network file systems library;
– Network file system (NFS) client;
– Network file system (NFS) server daemon;
– NILFS2 file system;
– File system notification infrastructure;
– NTFS3 file system;
– Proc file system;
– SMB network file system;
– Tracing file system;
– Bitmap API;
– BPF subsystem;
– Memory Management;
– Objagg library;
– Perf events;
– Virtio network driver;
– VMware vSockets driver;
– KCM (Kernel Connection Multiplexor) sockets driver;
– Control group (cgroup);
– DMA mapping infrastructure;
– Locking primitives;
– Padata parallel execution mechanism;
– Scheduler infrastructure;
– Tracing infrastructure;
– Radix Tree data structure library;
– Kernel userspace event delivery library;
– KUnit for arithmetic overflow checks;
– Memory management;
– Bluetooth subsystem;
– Ethernet bridge;
– CAN network layer;
– Networking core;
– Ethtool driver;
– IPv4 networking;
– IPv6 networking;
– MAC80211 subsystem;
– Multipath TCP;
– Netfilter;
– Network traffic control;
– SCTP protocol;
– TIPC protocol;
– Wireless networking;
– AppArmor security module;
– Landlock security;
– SELinux security module;
– Simplified Mandatory Access Control Kernel framework;
– FireWire sound drivers;
– AMD SoC Alsa drivers;
– Texas InstrumentS Audio (ASoC/HDA) drivers;
– SoC Audio for Freescale CPUs drivers;
– Intel ASoC drivers;
– Amlogic Meson SoC drivers;
– SoC audio core drivers;
– USB sound devices;
– Real-Time Linux Analysis tools;
(CVE-2024-44979, CVE-2024-47658, CVE-2024-44970, CVE-2024-43913,
CVE-2024-46816, CVE-2024-46738, CVE-2024-46777, CVE-2024-46730,
CVE-2024-46811, CVE-2024-44954, CVE-2024-42317, CVE-2024-42279,
CVE-2024-45002, CVE-2024-43826, CVE-2024-44967, CVE-2024-46721,
CVE-2024-46763, CVE-2024-43856, CVE-2024-42284, CVE-2024-42289,
CVE-2024-46806, CVE-2024-46776, CVE-2024-43843, CVE-2024-42298,
CVE-2024-43832, CVE-2024-42321, CVE-2024-42292, CVE-2024-44982,
CVE-2024-43842, CVE-2024-46772, CVE-2024-46702, CVE-2024-45017,
CVE-2024-43888, CVE-2024-47683, CVE-2024-46714, CVE-2024-43899,
CVE-2024-45025, CVE-2024-46751, CVE-2024-45020, CVE-2024-44977,
CVE-2024-46853, CVE-2024-46753, CVE-2024-46792, CVE-2024-46675,
CVE-2024-46805, CVE-2024-43890, CVE-2024-46703, CVE-2024-43841,
CVE-2024-44960, CVE-2024-46846, CVE-2024-46798, CVE-2024-44965,
CVE-2024-46812, CVE-2024-43835, CVE-2024-43839, CVE-2024-43886,
CVE-2024-46843, CVE-2024-50264, CVE-2024-46706, CVE-2024-46851,
CVE-2024-46758, CVE-2024-45027, CVE-2024-43887, CVE-2024-42278,
CVE-2024-46701, CVE-2024-46708, CVE-2024-46817, CVE-2024-46871,
CVE-2024-46771, CVE-2024-42304, CVE-2024-43877, CVE-2024-44996,
CVE-2024-46741, CVE-2024-46842, CVE-2024-43902, CVE-2024-43818,
CVE-2024-47662, CVE-2024-44931, CVE-2024-46793, CVE-2024-46746,
CVE-2024-46782, CVE-2024-43914, CVE-2024-43824, CVE-2024-46767,
CVE-2024-43871, CVE-2024-44971, CVE-2024-47666, CVE-2024-45008,
CVE-2024-42263, CVE-2024-46815, CVE-2024-46824, CVE-2024-45015,
CVE-2024-45000, CVE-2024-46841, CVE-2024-46770, CVE-2024-44942,
CVE-2024-46679, CVE-2024-46724, CVE-2024-46759, CVE-2024-43845,
CVE-2024-46795, CVE-2024-46818, CVE-2024-44988, CVE-2024-46807,
CVE-2024-46787, CVE-2024-43894, CVE-2024-46803, CVE-2024-44947,
CVE-2024-46786, CVE-2024-46689, CVE-2024-46686, CVE-2024-42290,
CVE-2024-46868, CVE-2024-43857, CVE-2024-43909, CVE-2023-52889,
CVE-2024-44944, CVE-2024-44973, CVE-2024-43905, CVE-2024-44938,
CVE-2024-43864, CVE-2024-46850, CVE-2024-43867, CVE-2024-43819,
CVE-2024-46691, CVE-2024-47664, CVE-2024-46821, CVE-2024-46867,
CVE-2024-46716, CVE-2024-43881, CVE-2024-46788, CVE-2024-43912,
CVE-2024-43904, CVE-2024-46727, CVE-2024-46680, CVE-2024-44985,
CVE-2024-46813, CVE-2024-47668, CVE-2024-42277, CVE-2024-42291,
CVE-2024-45003, CVE-2024-42309, CVE-2024-44937, CVE-2024-44953,
CVE-2024-46718, CVE-2024-42276, CVE-2024-45028, CVE-2024-43863,
CVE-2024-46866, CVE-2024-42258, CVE-2024-42273, CVE-2024-46717,
CVE-2024-46797, CVE-2024-46854, CVE-2024-44972, CVE-2024-46791,
CVE-2024-45010, CVE-2024-43825, CVE-2024-46775, CVE-2024-46745,
CVE-2024-46808, CVE-2024-46831, CVE-2024-45018, CVE-2024-42319,
CVE-2024-46822, CVE-2024-43883, CVE-2024-46722, CVE-2024-46694,
CVE-2024-45009, CVE-2024-42320, CVE-2024-46825, CVE-2024-43821,
CVE-2024-46749, CVE-2024-45006, CVE-2024-43895, CVE-2024-44950,
CVE-2024-43827, CVE-2024-43876, CVE-2024-47659, CVE-2024-44989,
CVE-2024-46804, CVE-2024-46754, CVE-2024-46766, CVE-2024-46728,
CVE-2024-46828, CVE-2024-46826, CVE-2024-46810, CVE-2024-44963,
CVE-2024-44934, CVE-2024-43829, CVE-2024-42268, CVE-2024-43850,
CVE-2024-43853, CVE-2024-43854, CVE-2024-43892, CVE-2024-43859,
CVE-2024-42285, CVE-2024-44962, CVE-2024-46725, CVE-2024-46814,
CVE-2024-44935, CVE-2024-42264, CVE-2024-42260, CVE-2024-46858,
CVE-2024-46778, CVE-2024-46774, CVE-2024-46848, CVE-2024-45013,
CVE-2024-43837, CVE-2024-46683, CVE-2024-46757, CVE-2024-46726,
CVE-2024-43831, CVE-2024-46737, CVE-2024-43893, CVE-2024-46823,
CVE-2024-42302, CVE-2024-44990, CVE-2024-46755, CVE-2024-46707,
CVE-2024-43833, CVE-2024-44940, CVE-2024-42259, CVE-2024-46855,
CVE-2024-46827, CVE-2024-46809, CVE-2024-46836, CVE-2024-43907,
CVE-2024-42312, CVE-2024-46692, CVE-2024-42297, CVE-2024-46864,
CVE-2024-42299, CVE-2024-45011, CVE-2024-46838, CVE-2024-44993,
CVE-2024-46802, CVE-2024-44966, CVE-2024-46739, CVE-2024-46780,
CVE-2024-44961, CVE-2024-42316, CVE-2024-47660, CVE-2024-46859,
CVE-2024-46762, CVE-2024-43861, CVE-2024-45012, CVE-2024-46784,
CVE-2024-43908, CVE-2024-46832, CVE-2024-44969, CVE-2024-46750,
CVE-2024-44958, CVE-2024-46740, CVE-2024-46829, CVE-2024-43873,
CVE-2024-49984, CVE-2024-44983, CVE-2024-42288, CVE-2024-46735,
CVE-2024-46676, CVE-2024-43823, CVE-2024-46779, CVE-2024-46744,
CVE-2024-42310, CVE-2024-44980, CVE-2024-46870, CVE-2024-42307,
CVE-2024-46768, CVE-2024-44984, CVE-2024-45007, CVE-2024-46710,
CVE-2024-44978, CVE-2024-46723, CVE-2024-46845, CVE-2024-44999,
CVE-2024-42311, CVE-2024-43884, CVE-2024-44939, CVE-2024-44974,
CVE-2024-42314, CVE-2024-42318, CVE-2024-39472, CVE-2024-46693,
CVE-2024-46794, CVE-2024-46844, CVE-2024-46695, CVE-2024-46720,
CVE-2024-46860, CVE-2024-46835, CVE-2024-47665, CVE-2024-46715,
CVE-2024-42305, CVE-2024-46773, CVE-2024-45030, CVE-2024-46697,
CVE-2024-46705, CVE-2024-42286, CVE-2024-46834, CVE-2024-46681,
CVE-2024-53057, CVE-2024-42303, CVE-2024-46678, CVE-2024-46756,
CVE-2023-52918, CVE-2024-43860, CVE-2024-43911, CVE-2024-43880,
CVE-2024-43910, CVE-2024-44975, CVE-2024-44959, CVE-2024-46747,
CVE-2024-43846, CVE-2024-42274, CVE-2024-46672, CVE-2024-43852,
CVE-2024-46709, CVE-2024-42306, CVE-2024-42281, CVE-2024-46849,
CVE-2024-46719, CVE-2024-43830, CVE-2024-46685, CVE-2024-44998,
CVE-2024-42313, CVE-2024-43820, CVE-2024-44991, CVE-2024-47674,
CVE-2024-46785, CVE-2024-45021, CVE-2024-46677, CVE-2024-43870,
CVE-2024-46698, CVE-2024-43900, CVE-2024-44956, CVE-2024-43849,
CVE-2024-46687, CVE-2024-42296, CVE-2024-46830, CVE-2024-47669,
CVE-2024-46732, CVE-2024-46733, CVE-2024-46852, CVE-2024-43906,
CVE-2024-43847, CVE-2024-42294, CVE-2024-46731, CVE-2024-45029,
CVE-2024-47667, CVE-2024-42272, CVE-2024-45022, CVE-2024-43879,
CVE-2024-46765, CVE-2024-45026, CVE-2024-44986, CVE-2024-44995,
CVE-2024-47663, CVE-2024-42262, CVE-2024-43889, CVE-2024-44987,
CVE-2024-43866, CVE-2024-42265, CVE-2024-46847, CVE-2024-46673,
CVE-2024-46783, CVE-2024-46761, CVE-2024-46840, CVE-2024-42301,
CVE-2024-43868, CVE-2024-45005, CVE-2024-42322, CVE-2024-43828,
CVE-2024-43834, CVE-2024-43891, CVE-2024-46861, CVE-2024-42261,
CVE-2024-43875, CVE-2024-43840, CVE-2024-42287, CVE-2024-46752,
CVE-2024-46711, CVE-2024-46713, CVE-2024-44943, CVE-2024-46743,
CVE-2024-43869, CVE-2024-46781, CVE-2024-44946, CVE-2024-42283,
CVE-2024-47661, CVE-2024-43817, CVE-2024-46819, CVE-2024-42267,
CVE-2024-46729, CVE-2024-46857, CVE-2024-42295, CVE-2024-46760,
CVE-2024-42315, CVE-2024-45019, CVE-2024-44948, CVE-2024-44941,
CVE-2024-42269, CVE-2024-44957, CVE-2024-49967)

Read More