A buffer overflow was discovered in the vhost code of DPDK, a set of
libraries for fast packet processing, which could result in denial of
service or the execution of arbitrary code by malicious
guests/containers.
Category Archives: Advisories
USN-7163-1: Linux kernel vulnerability
A security issue was discovered in the Linux kernel.
An attacker could possibly use this to compromise the system.
This update corrects flaws in the following subsystem:
– Network traffic control;
sympa-6.2.74-1.el10_0
FEDORA-EPEL-2024-5b320e416d
Packages in this update:
sympa-6.2.74-1.el10_0
Update description:
Update to 6.2.74, fix for CVE-2024-55919
Full changelog: https://github.com/sympa-community/sympa/releases/tag/6.2.74
sympa-6.2.74-1.fc40
FEDORA-2024-14c006b8bb
Packages in this update:
sympa-6.2.74-1.fc40
Update description:
Update to 6.2.74, fix for CVE-2024-55919
Full changelog: https://github.com/sympa-community/sympa/releases/tag/6.2.74
sympa-6.2.74-1.el8
FEDORA-EPEL-2024-1183ac8862
Packages in this update:
sympa-6.2.74-1.el8
Update description:
Update to 6.2.74, fix for CVE-2024-55919
Full changelog: https://github.com/sympa-community/sympa/releases/tag/6.2.74
sympa-6.2.74-1.fc41
FEDORA-2024-88ad2bee84
Packages in this update:
sympa-6.2.74-1.fc41
Update description:
Update to 6.2.74, fix for CVE-2024-55919
Full changelog: https://github.com/sympa-community/sympa/releases/tag/6.2.74
sympa-6.2.74-1.el9
FEDORA-EPEL-2024-a5952fc093
Packages in this update:
sympa-6.2.74-1.el9
Update description:
Update to 6.2.74, fix for CVE-2024-55919
Full changelog: https://github.com/sympa-community/sympa/releases/tag/6.2.74
USN-7161-1: Docker vulnerabilities
Yair Zak discovered that Docker could unexpectedly forward DNS requests
from internal networks in an unexpected manner. An attacker could possibly
use this issue to exfiltrate data by encoding information in DNS queries
to controlled nameservers. This issue was only addressed in
Ubuntu 24.04 LTS. (CVE-2024-29018)
Cory Snider discovered that Docker did not properly handle authorization
plugin request processing. An attacker could possibly use this issue to
bypass authorization controls by forwarding API requests without their
full body, leading to unauthorized actions. (CVE-2024-41110)
USN-7162-1: curl vulnerability
Harry Sintonen discovered that curl incorrectly handled credentials from
.netrc files when following HTTP redirects. In certain configurations, the
password for the first host could be leaked to the followed-to host,
contrary to expectations.
ZDI-24-1693: Dell Avamar Web Restore Login Action SQL Injection Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Dell Avamar. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.2. The following CVEs are assigned: CVE-2024-47484.