Category Archives: Advisories

webkitgtk-2.44.3-2.fc40

Read Time:21 Second

FEDORA-2024-6b8845e3f0

Packages in this update:

webkitgtk-2.44.3-2.fc40

Update description:

Fix web process cache suspend/resume when sandbox is enabled.
Fix accelerated images disappearing after scrolling.
Fix video flickering with DMA-BUF sink.
Fix pointer lock on X11.
Fix movement delta on mouse events in GTK3.
Undeprecate console message API and make it available in 2022 API.
Fix several crashes and rendering issues.

Read More

xen-4.17.4-3.fc39

Read Time:12 Second

FEDORA-2024-ed546e3543

Packages in this update:

xen-4.17.4-3.fc39

Update description:

error handling in x86 IOMMU identity mapping [XSA-460, CVE-2024-31145]
PCI device pass-through with shared resources [XSA-461, CVE-2024-31146]

Read More

xen-4.18.2-5.fc40

Read Time:12 Second

FEDORA-2024-91ddad6c8b

Packages in this update:

xen-4.18.2-5.fc40

Update description:

error handling in x86 IOMMU identity mapping [XSA-460, CVE-2024-31145]
PCI device pass-through with shared resources [XSA-461, CVE-2024-31146]

Read More

USN-6909-3: Bind vulnerabilities

Read Time:30 Second

USN-6909-1 fixed vulnerabilities in Bind. This update provides
the corresponding updates for Ubuntu 16.04 LTS.

Original advisory details:

Toshifumi Sakaguchi discovered that Bind incorrectly handled having a very
large number of RRs existing at the same time. A remote attacker could
possibly use this issue to cause Bind to consume resources, leading to a
denial of service. (CVE-2024-1737)

It was discovered that Bind incorrectly handled a large number of SIG(0)
signed requests. A remote attacker could possibly use this issue to cause
Bind to consume resources, leading to a denial of service. (CVE-2024-1975)

Read More

USN-6963-1: GNOME Shell vulnerability

Read Time:12 Second

It was discovered that GNOME Shell incorrectly opened the portal helper
automatically when detecting a captive network portal. A remote attacker
could possibly use this issue to load arbitrary web pages containing
JavaScript, leading to resource consumption or other attacks.

Read More