Read Time:10 Second
FEDORA-2024-9c84a7c963
Packages in this update:
libtiff-4.6.0-5.fc40.1
Update description:
fix CVE-2024-7006 (rhbz#2302997)
fix CVE-2023-52356 (rhbz#2260112)
fix CVE-2023-6228 (rhbz#2251863)
Category Archives: Advisories
thunderbird-128.3.3-1.fc41
Read Time:27 Second
FEDORA-2024-a078d86829
Packages in this update:
thunderbird-128.3.3-1.fc41
Update description:
Update to 128.3.3
https://www.thunderbird.net/en-US/thunderbird/128.3.3esr/releasenotes/
Update to 128.3.2
https://www.thunderbird.net/en-US/thunderbird/128.3.2esr/releasenotes/
Update to 128.3.1
https://www.thunderbird.net/en-US/thunderbird/128.3.1esr/releasenotes/
Update to 128.3.0
https://www.mozilla.org/en-US/security/advisories/mfsa2024-49/
https://www.thunderbird.net/en-US/thunderbird/128.3.0esr/releasenotes/
USN-7082-1: libheif vulnerability
Read Time:16 Second
Gerrard Tai discovered that libheif did not properly validate certain
images, leading to out-of-bounds read and write vulnerability. If a user
or automated system were tricked into opening a specially crafted file, an
attacker could possibly use this issue to cause a denial of service or to
obtain sensitive information.
ZDI-24-1421: VMware HCX listExtensions SQL Injection Remote Code Execution Vulnerability
Read Time:12 Second
This vulnerability allows remote attackers to execute arbitrary code on affected installations of VMware HCX. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2024-38814.
USN-7081-1: Go vulnerabilities
Read Time:47 Second
It was discovered that the Go net/http module did not properly handle
responses to requests with an “Expect: 100-continue” header under certain
circumstances. An attacker could possibly use this issue to cause a denial
of service. (CVE-2024-24791)
It was discovered that the Go parser module did not properly handle deeply
nested literal values. An attacker could possibly use this issue to cause
a panic resulting in a denial of service. (CVE-2024-34155)
It was discovered that the Go encoding/gob module did not properly handle
message decoding under certain circumstances. An attacker could possibly
use this issue to cause a panic resulting in a denial of service.
(CVE-2024-34156)
It was discovered that the Go build module did not properly handle certain
build tag lines with deeply nested expressions. An attacker could possibly
use this issue to cause a panic resulting in a denial of service.
(CVE-2024-34158)
suricata-7.0.7-1.el9
Read Time:17 Second
FEDORA-EPEL-2024-1f36d78e1b
Packages in this update:
suricata-7.0.7-1.el9
Update description:
Various security, performance, accuracy, and stability issues have been fixed. Note, this update is a major upgrade. Please look at the following before upgrading: https://docs.suricata.io/en/suricata-7.0.6/upgrade.html#upgrading-6-0-to-7-0
suricata-7.0.7-1.el8
Read Time:17 Second
FEDORA-EPEL-2024-a534fa2702
Packages in this update:
suricata-7.0.7-1.el8
Update description:
Various security, performance, accuracy, and stability issues have been fixed. Note, this update is a major upgrade. Please look at the following before upgrading: https://docs.suricata.io/en/suricata-7.0.6/upgrade.html#upgrading-6-0-to-7-0
micropython-1.23.0-1.fc39
Read Time:6 Second
FEDORA-2024-9c81ad492a
Packages in this update:
micropython-1.23.0-1.fc39
Update description:
Update to 1.23.0
micropython-1.23.0-1.fc40
Read Time:6 Second
FEDORA-2024-f9ca680ecd
Packages in this update:
micropython-1.23.0-1.fc40
Update description:
Update to 1.23.0
micropython-1.23.0-1.fc41
Read Time:6 Second
FEDORA-2024-cd5c1dfa94
Packages in this update:
micropython-1.23.0-1.fc41
Update description:
Update to 1.23.0