Category Archives: Advisories

krb5-1.21.3-2.fc40

Read Time:18 Second

FEDORA-2024-29a74ac2b0

Packages in this update:

krb5-1.21.3-2.fc40

Update description:

Security:

CVE-2024-3596: Fix for BlastRADIUS vulnerability in libkrad (support for Message-Authenticator attribute)
Marvin attack: Removal of the “RSA” method for PKINIT
Fix of miscellaneous mistakes in the code

Enhancement:

Rework of TCP request timeout (disabled by default, global timeout setting added)

Read More

krb5-1.21.3-2.fc39

Read Time:18 Second

FEDORA-2024-862f5c4156

Packages in this update:

krb5-1.21.3-2.fc39

Update description:

Security:

CVE-2024-3596: Fix for BlastRADIUS vulnerability in libkrad (support for Message-Authenticator attribute)
Marvin attack: Removal of the “RSA” method for PKINIT
Fix of miscellaneous mistakes in the code

Enhancement:

Rework of TCP request timeout (disabled by default, global timeout setting added)

Read More

USN-7085-2: X.Org X Server vulnerability

Read Time:22 Second

USN-7085-1 fixed a vulnerability in X.Org. This update provides
the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.

Original advisory details:

Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled
certain memory operations in the X Keyboard Extension. An attacker could
use this issue to cause the X Server to crash, leading to a denial of
service, or possibly execute arbitrary code.

Read More

USN-7084-2: pip vulnerability

Read Time:15 Second

USN-7084-1 fixed vulnerability in urllib3. This update provides the
corresponding update for the urllib3 module bundled into pip.

Original advisory details:

It was discovered that urllib3 didn’t strip HTTP Proxy-Authorization
header on cross-origin redirects. A remote attacker could possibly use
this issue to obtain sensitive information.

Read More

opendmarc-1.4.2-21.fc42

Read Time:27 Second

FEDORA-2024-dede8e91b1

Packages in this update:

opendmarc-1.4.2-21.fc42

Update description:

Automatic update for opendmarc-1.4.2-21.fc42.

Changelog

* Wed Oct 30 2024 Mikel Olasagasti Uranga <mikel@olasagasti.info> – 1.4.2-21
– Fix for CVE-2024-25768 – Closes rhbz#2266175 rhbz#2266174
* Tue Oct 29 2024 Mikel Olasagasti Uranga <mikel@olasagasti.info> – 1.4.2-15
– Simplify spec
– Remove checks on if systemd is present
– Remove checks on old Fedora releases
– Remove checks on EL7 or older
– Use make macros

Read More