Category Archives: Advisories

USN-7043-1: cups-filters vulnerabilities

Read Time:33 Second

Simone Margaritelli discovered that the cups-filters cups-browsed component
could be used to create arbitrary printers from outside the local network.
In combination with issues in other printing components, a remote attacker
could possibly use this issue to connect to a system, created manipulated
PPD files, and execute arbitrary code when a printer is used. This update
disables support for the legacy CUPS printer discovery protocol.
(CVE-2024-47176)

Simone Margaritelli discovered that cups-filters incorrectly sanitized IPP
data when creating PPD files. A remote attacker could possibly use this
issue to manipulate PPD files and execute arbitrary code when a printer is
used. (CVE-2024-47076)

Read More

USN-7042-1: cups-browsed vulnerability

Read Time:19 Second

Simone Margaritelli discovered that cups-browsed could be used to create
arbitrary printers from outside the local network. In combination with
issues in other printing components, a remote attacker could possibly use
this issue to connect to a system, created manipulated PPD files, and
execute arbitrary code when a printer is used. This update disables support
for the legacy CUPS printer discovery protocol.

Read More

chromium-129.0.6668.70-1.fc41

Read Time:17 Second

FEDORA-2024-8008ddbd4e

Packages in this update:

chromium-129.0.6668.70-1.fc41

Update description:

Update to 129.0.6668.70

High CVE-2024-9120: Use after free in Dawn
High CVE-2024-9121: Inappropriate implementation in V8
High CVE-2024-9122: Type Confusion in V8
High CVE-2024-9123: Integer overflow in Skia

Read More

USN-7039-1: Linux kernel vulnerabilities

Read Time:42 Second

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– GPU drivers;
– Input Device (Tablet) drivers;
– Modular ISDN driver;
– Multiple devices driver;
– Network drivers;
– Near Field Communication (NFC) drivers;
– SCSI drivers;
– GCT GDM724x LTE driver;
– USB subsystem;
– VFIO drivers;
– GFS2 file system;
– JFS file system;
– NILFS2 file system;
– Networking core;
– IPv4 networking;
– L2TP protocol;
– Netfilter;
– RxRPC session sockets;
(CVE-2024-26651, CVE-2024-38583, CVE-2023-52527, CVE-2024-26880,
CVE-2022-48850, CVE-2024-26733, CVE-2021-47188, CVE-2024-42154,
CVE-2023-52809, CVE-2024-42228, CVE-2022-48863, CVE-2022-48836,
CVE-2022-48838, CVE-2024-26677, CVE-2024-27437, CVE-2022-48857,
CVE-2022-48791, CVE-2021-47181, CVE-2024-26851, CVE-2024-40902,
CVE-2022-48851, CVE-2024-38570)

Read More

aws-24.0.0-3.fc41

Read Time:37 Second

FEDORA-2024-7908ee39a9

Packages in this update:

aws-24.0.0-3.fc41

Update description:

CVE-2024-41708: Ada Web Server did not use a cryptographically secure pseudorandom number generator.

AWS.Utils.Random and AWS.Utils.Random_String used Ada.Numerics.Discrete_Random, which is not designed to be cryptographically secure. Random_String also introduced a bias in the generated pseudorandom string values, where the values “1” and “2” had a much higher frequency than any other character.

The internal state of the Mersenne Twister PRNG could be revealed, and lead to a session hijacking attack.

This update fixes the problem by using /dev/urandom instead of Discrete_Random.

More details: https://docs.adacore.com/corp/security-advisories/SEC.AWS-0040-v2.pdf

Read More

USN-7021-3: Linux kernel vulnerabilities

Read Time:22 Second

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– GPU drivers;
– BTRFS file system;
– F2FS file system;
– GFS2 file system;
– BPF subsystem;
– Netfilter;
– RxRPC session sockets;
– Integrity Measurement Architecture(IMA) framework;
(CVE-2024-39494, CVE-2024-38570, CVE-2024-27012, CVE-2024-39496,
CVE-2024-42160, CVE-2024-41009, CVE-2024-42228, CVE-2024-26677)

Read More

aws-24.0.0-3.fc42

Read Time:18 Second

FEDORA-2024-b87003097a

Packages in this update:

aws-24.0.0-3.fc42

Update description:

Automatic update for aws-24.0.0-3.fc42.

Changelog

* Thu Sep 26 2024 Björn Persson <Bjorn@Rombobjörn.se> – 2:24.0.0-3
– Fixed to use /dev/urandom instead of a non-cryptographic PRNG.
Resolves: CVE-2024-41708 (RHBZ#2314766)

Read More