FEDORA-2024-91ddad6c8b
Packages in this update:
xen-4.18.2-5.fc40
Update description:
error handling in x86 IOMMU identity mapping [XSA-460, CVE-2024-31145]
PCI device pass-through with shared resources [XSA-461, CVE-2024-31146]
xen-4.18.2-5.fc40
error handling in x86 IOMMU identity mapping [XSA-460, CVE-2024-31145]
PCI device pass-through with shared resources [XSA-461, CVE-2024-31146]
zabbix-6.0.33-1.el9
Multiple security fixes.
USN-6909-1 fixed vulnerabilities in Bind. This update provides
the corresponding updates for Ubuntu 16.04 LTS.
Original advisory details:
Toshifumi Sakaguchi discovered that Bind incorrectly handled having a very
large number of RRs existing at the same time. A remote attacker could
possibly use this issue to cause Bind to consume resources, leading to a
denial of service. (CVE-2024-1737)
It was discovered that Bind incorrectly handled a large number of SIG(0)
signed requests. A remote attacker could possibly use this issue to cause
Bind to consume resources, leading to a denial of service. (CVE-2024-1975)
Noriko Totsuka discovered that ORC incorrectly handled certain
crafted file. An attacker could possibly use this issue to execute
arbitrary code.
zabbix-6.0.33-1.fc40
Fix for multiple CVEs
zabbix-6.0.33-1.fc39
Fix for multiple CVEs
It was discovered that GNOME Shell incorrectly opened the portal helper
automatically when detecting a captive network portal. A remote attacker
could possibly use this issue to load arbitrary web pages containing
JavaScript, leading to resource consumption or other attacks.
It was discovered that LibreOffice incorrectly allowed users to enable
macros when a cryptographic signature failed to validate. If a user were
tricked into opening a specially crafted document, a remote attacker could
possibly execute arbitrary macros.
python3.9-3.9.19-5.fc39
Security fix for CVE-2024-4032 and CVE-2024-6923
python3.9-3.9.19-5.fc40
Security fix for CVE-2024-4032 and CVE-2024-6923