This vulnerability allows local attackers to escalate privileges on affected installations of G DATA Total Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.0. The following CVEs are assigned: CVE-2024-6871.
Category Archives: Advisories
chromium-130.0.6723.116-1.el9 dav1d-1.5.0-2.el9 ffmpeg-5.1.4-3.el9 libavif-0.11.1-5.el9 libavif0.10-0.10.1-2.el9 libheif-1.16.1-2.el9 vlc-3.0.21-9.el9 xine-lib-1.2.13-4.el9
FEDORA-EPEL-2024-398707b664
Packages in this update:
chromium-130.0.6723.116-1.el9
dav1d-1.5.0-2.el9
ffmpeg-5.1.4-3.el9
libavif0.10-0.10.1-2.el9
libavif-0.11.1-5.el9
libheif-1.16.1-2.el9
vlc-3.0.21-9.el9
xine-lib-1.2.13-4.el9
Update description:
Update dav1d to version 1.5.0 to address previously unaddressed security issues that are not feasibly addressable by backporting upstream changes.
This contains an ABI change (in dav1d 1.3.0), for which all dependent packages were rebuilt.
EPEL Updates Policy Exception: https://pagure.io/epel/issue/299
Update chromium to version 130.0.6723.116.
USN-7100-1: Linux kernel vulnerabilities
Supraja Sridhara, Benedict Schlüter, Mark Kuhne, Andrin Bertschi, and
Shweta Shinde discovered that the Confidential Computing framework in
the Linux kernel for x86 platforms did not properly handle 32-bit
emulation on TDX and SEV. An attacker with access to the VMM could use
this to cause a denial of service (guest crash) or possibly execute
arbitrary code. (CVE-2024-25744)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– ARM64 architecture;
– MIPS architecture;
– PowerPC architecture;
– RISC-V architecture;
– User-Mode Linux (UML);
– x86 architecture;
– Block layer subsystem;
– Android drivers;
– Serial ATA and Parallel ATA drivers;
– ATM drivers;
– Drivers core;
– Null block device driver;
– Character device driver;
– ARM SCMI message protocol;
– GPU drivers;
– HID subsystem;
– Hardware monitoring drivers;
– I3C subsystem;
– InfiniBand drivers;
– Input Device core drivers;
– Input Device (Miscellaneous) drivers;
– IOMMU subsystem;
– IRQ chip drivers;
– ISDN/mISDN subsystem;
– LED subsystem;
– Multiple devices driver;
– Media drivers;
– VMware VMCI Driver;
– MMC subsystem;
– Network drivers;
– Near Field Communication (NFC) drivers;
– NVME drivers;
– Device tree and open firmware driver;
– Parport drivers;
– PCI subsystem;
– Pin controllers subsystem;
– Remote Processor subsystem;
– S/390 drivers;
– SCSI drivers;
– QCOM SoC drivers;
– Direct Digital Synthesis drivers;
– Thunderbolt and USB4 drivers;
– TTY drivers;
– Userspace I/O drivers;
– DesignWare USB3 driver;
– USB Gadget drivers;
– USB Host Controller drivers;
– USB Type-C Connector System Software Interface driver;
– USB over IP driver;
– VHOST drivers;
– File systems infrastructure;
– BTRFS file system;
– Ext4 file system;
– F2FS file system;
– JFS file system;
– NILFS2 file system;
– NTFS3 file system;
– Proc file system;
– SMB network file system;
– Core kernel;
– DMA mapping infrastructure;
– RCU subsystem;
– Tracing infrastructure;
– Radix Tree data structure library;
– Kernel userspace event delivery library;
– Objagg library;
– Memory management;
– Amateur Radio drivers;
– Bluetooth subsystem;
– Ethernet bridge;
– CAN network layer;
– Networking core;
– Ethtool driver;
– IPv4 networking;
– IPv6 networking;
– IUCV driver;
– KCM (Kernel Connection Multiplexor) sockets driver;
– MAC80211 subsystem;
– Multipath TCP;
– Netfilter;
– Network traffic control;
– SCTP protocol;
– Sun RPC protocol;
– TIPC protocol;
– TLS protocol;
– Wireless networking;
– AppArmor security module;
– Landlock security;
– Simplified Mandatory Access Control Kernel framework;
– FireWire sound drivers;
– SoC audio core drivers;
– USB sound devices;
(CVE-2024-43817, CVE-2024-42304, CVE-2024-46756, CVE-2024-42318,
CVE-2024-41090, CVE-2024-41063, CVE-2024-44987, CVE-2024-46844,
CVE-2024-46677, CVE-2024-44988, CVE-2024-42297, CVE-2024-26893,
CVE-2024-46673, CVE-2024-26800, CVE-2024-42305, CVE-2024-46731,
CVE-2024-41091, CVE-2024-46810, CVE-2024-41072, CVE-2022-48666,
CVE-2024-38602, CVE-2024-46780, CVE-2024-46750, CVE-2024-43858,
CVE-2024-41020, CVE-2024-46755, CVE-2024-46829, CVE-2024-41068,
CVE-2024-45003, CVE-2024-42280, CVE-2024-42283, CVE-2024-43873,
CVE-2024-46746, CVE-2024-44969, CVE-2024-46807, CVE-2024-41081,
CVE-2024-44971, CVE-2024-26607, CVE-2024-43880, CVE-2024-42281,
CVE-2024-42274, CVE-2024-43908, CVE-2024-42267, CVE-2024-47665,
CVE-2024-45011, CVE-2024-46707, CVE-2024-42310, CVE-2024-42309,
CVE-2024-44965, CVE-2024-46747, CVE-2024-42259, CVE-2024-46804,
CVE-2024-46679, CVE-2024-45007, CVE-2024-45009, CVE-2024-46771,
CVE-2024-46739, CVE-2024-41060, CVE-2024-46676, CVE-2024-46822,
CVE-2024-42272, CVE-2024-41059, CVE-2024-43839, CVE-2024-46817,
CVE-2024-47669, CVE-2024-44999, CVE-2024-42285, CVE-2024-44986,
CVE-2024-43828, CVE-2024-43879, CVE-2024-44998, CVE-2024-46724,
CVE-2024-41015, CVE-2024-45025, CVE-2024-43849, CVE-2024-46818,
CVE-2024-43830, CVE-2024-46725, CVE-2024-43834, CVE-2024-42302,
CVE-2024-36484, CVE-2024-43853, CVE-2024-46782, CVE-2024-46740,
CVE-2024-46732, CVE-2024-43869, CVE-2024-42312, CVE-2024-42292,
CVE-2024-43884, CVE-2024-44934, CVE-2024-44995, CVE-2024-43894,
CVE-2024-46675, CVE-2024-43870, CVE-2024-44990, CVE-2024-42287,
CVE-2024-41065, CVE-2024-42301, CVE-2024-42290, CVE-2024-46702,
CVE-2024-46719, CVE-2024-46745, CVE-2024-46758, CVE-2024-46757,
CVE-2024-44935, CVE-2024-42276, CVE-2024-43890, CVE-2023-52918,
CVE-2024-41077, CVE-2024-43905, CVE-2024-38611, CVE-2024-42269,
CVE-2024-42284, CVE-2024-41073, CVE-2024-46722, CVE-2024-41017,
CVE-2024-47667, CVE-2024-45021, CVE-2024-43867, CVE-2024-41098,
CVE-2024-43909, CVE-2024-46723, CVE-2024-45026, CVE-2024-42114,
CVE-2024-44944, CVE-2024-43835, CVE-2024-44982, CVE-2024-43907,
CVE-2024-46828, CVE-2024-43856, CVE-2024-46832, CVE-2024-44954,
CVE-2024-43846, CVE-2024-41070, CVE-2024-43892, CVE-2024-44985,
CVE-2024-42306, CVE-2024-43889, CVE-2024-44958, CVE-2024-46798,
CVE-2024-44989, CVE-2024-42313, CVE-2024-46737, CVE-2024-42289,
CVE-2024-43829, CVE-2024-46744, CVE-2023-52889, CVE-2024-46689,
CVE-2024-47663, CVE-2024-46791, CVE-2024-43863, CVE-2024-43893,
CVE-2024-43841, CVE-2024-46777, CVE-2024-46800, CVE-2024-45028,
CVE-2024-44952, CVE-2024-43883, CVE-2024-44946, CVE-2024-43882,
CVE-2024-44960, CVE-2024-38577, CVE-2024-46814, CVE-2024-42288,
CVE-2024-44947, CVE-2024-41071, CVE-2024-41042, CVE-2024-41064,
CVE-2024-42311, CVE-2024-42270, CVE-2024-43861, CVE-2024-46752,
CVE-2024-42296, CVE-2024-41022, CVE-2024-42246, CVE-2024-43871,
CVE-2024-42265, CVE-2024-43854, CVE-2024-41019, CVE-2024-46815,
CVE-2024-46743, CVE-2024-42126, CVE-2024-26661, CVE-2024-41012,
CVE-2024-46761, CVE-2024-45008, CVE-2024-46805, CVE-2024-45006,
CVE-2024-42295, CVE-2024-46783, CVE-2024-42286, CVE-2024-46714,
CVE-2024-42299, CVE-2024-46781, CVE-2024-43914, CVE-2024-44966,
CVE-2024-44974, CVE-2024-45018, CVE-2024-46840, CVE-2024-46819,
CVE-2024-40915, CVE-2024-46759, CVE-2024-43860, CVE-2024-47668,
CVE-2024-39472, CVE-2024-47660, CVE-2024-47659, CVE-2024-46795,
CVE-2024-43875, CVE-2024-46738, CVE-2024-42271, CVE-2024-26669,
CVE-2024-44983, CVE-2024-41078, CVE-2024-46685, CVE-2024-46713,
CVE-2024-46721, CVE-2024-46763, CVE-2024-41011, CVE-2024-43902,
CVE-2024-42277, CVE-2024-44948)
chromium-130.0.6723.116-1.fc39
FEDORA-2024-9c44ad3527
Packages in this update:
chromium-130.0.6723.116-1.fc39
Update description:
Update to 130.0.6723.116
chromium-130.0.6723.116-1.fc40
FEDORA-2024-011c4d53e5
Packages in this update:
chromium-130.0.6723.116-1.fc40
Update description:
Update to 130.0.6723.116
chromium-130.0.6723.116-1.el8
FEDORA-EPEL-2024-d396fc832a
Packages in this update:
chromium-130.0.6723.116-1.el8
Update description:
Update to 130.0.6723.116
chromium-130.0.6723.116-1.fc41
FEDORA-2024-1e45ea2e6c
Packages in this update:
chromium-130.0.6723.116-1.fc41
Update description:
Update to 130.0.6723.116
ZDI-24-1471: Panda Security Dome PSANHost Link Following Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Panda Security Dome. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-8424.
USN-7098-1: OpenJDK 17 vulnerabilities
Andy Boothe discovered that the Networking component of OpenJDK 17 did not
properly handle access under certain circumstances. An unauthenticated
attacker could possibly use this issue to cause a denial of service.
(CVE-2024-21208)
It was discovered that the Hotspot component of OpenJDK 17 did not properly
handle vectorization under certain circumstances. An unauthenticated
attacker could possibly use this issue to access unauthorized resources
and expose sensitive information. (CVE-2024-21210, CVE-2024-21235)
It was discovered that the Serialization component of OpenJDK 17 did not
properly handle deserialization under certain circumstances. An
unauthenticated attacker could possibly use this issue to cause a denial
of service. (CVE-2024-21217)
It was discovered that the Hotspot component of OpenJDK 17 was not properly
bounding certain UTF-8 strings, which could lead to a buffer overflow. An
attacker could possibly use this issue to cause a denial of service or
execute arbitrary code. This issue was only addressed in Ubuntu 18.04 LTS.
(CVE-2024-21131)
It was discovered that the Hotspot component of OpenJDK 17 could be made to
run into an infinite loop. If an automated system were tricked into
processing excessively large symbols, an attacker could possibly use this
issue to cause a denial of service. This issue was only addressed in Ubuntu
18.04 LTS. (CVE-2024-21138)
It was discovered that the Hotspot component of OpenJDK 17 did not properly
perform range check elimination. An attacker could possibly use this issue
to cause a denial of service, execute arbitrary code or bypass Java
sandbox restrictions. This issue was only addressed in Ubuntu 18.04 LTS.
(CVE-2024-21140)
Sergey Bylokhov discovered that OpenJDK 17 did not properly manage memory
when handling 2D images. An attacker could possibly use this issue to
obtain sensitive information. This issue was only addressed in Ubuntu
18.04 LTS. (CVE-2024-21145)
It was discovered that the Hotspot component of OpenJDK 17 incorrectly
handled memory when performing range check elimination under certain
circumstances. An attacker could possibly use this issue to cause a
denial of service, execute arbitrary code or bypass Java sandbox
restrictions. This issue was only addressed in Ubuntu 18.04 LTS.
(CVE-2024-21147)
USN-7097-1: OpenJDK 11 vulnerabilities
Andy Boothe discovered that the Networking component of OpenJDK 11 did not
properly handle access under certain circumstances. An unauthenticated
attacker could possibly use this issue to cause a denial of service.
(CVE-2024-21208)
It was discovered that the Hotspot component of OpenJDK 11 did not properly
handle vectorization under certain circumstances. An unauthenticated
attacker could possibly use this issue to access unauthorized resources
and expose sensitive information. (CVE-2024-21210, CVE-2024-21235)
It was discovered that the Serialization component of OpenJDK 11 did not
properly handle deserialization under certain circumstances. An
unauthenticated attacker could possibly use this issue to cause a denial
of service. (CVE-2024-21217)
It was discovered that the Hotspot component of OpenJDK 11 was not properly
bounding certain UTF-8 strings, which could lead to a buffer overflow. An
attacker could possibly use this issue to cause a denial of service or
execute arbitrary code. This issue was only addressed in Ubuntu 18.04 LTS.
(CVE-2024-21131)
It was discovered that the Hotspot component of OpenJDK 11 could be made to
run into an infinite loop. If an automated system were tricked into
processing excessively large symbols, an attacker could possibly use this
issue to cause a denial of service. This issue was only addressed in Ubuntu
18.04 LTS. (CVE-2024-21138)
It was discovered that the Hotspot component of OpenJDK 11 did not properly
perform range check elimination. An attacker could possibly use this issue
to cause a denial of service, execute arbitrary code or bypass Java
sandbox restrictions. This issue was only addressed in Ubuntu 18.04 LTS.
(CVE-2024-21140)
Yakov Shafranovich discovered that the Concurrency component of OpenJDK 11
incorrectly performed header validation in the Pack200 archive format. An
attacker could possibly use this issue to cause a denial of service. This
issue was only addressed in Ubuntu 18.04 LTS. (CVE-2024-21144)
Sergey Bylokhov discovered that OpenJDK 11 did not properly manage memory
when handling 2D images. An attacker could possibly use this issue to
obtain sensitive information. This issue was only addressed in Ubuntu
18.04 LTS. (CVE-2024-21145)
It was discovered that the Hotspot component of OpenJDK 11 incorrectly
handled memory when performing range check elimination under certain
circumstances. An attacker could possibly use this issue to cause a
denial of service, execute arbitrary code or bypass Java sandbox
restrictions. This issue was only addressed in Ubuntu 18.04 LTS.
(CVE-2024-21147)