Category Archives: Advisories

strongswan-5.9.14-5.el10_0

Read Time:2 Minute, 17 Second

FEDORA-EPEL-2024-196be160cb

Packages in this update:

strongswan-5.9.14-5.el10_0

Update description:

Automatic update for strongswan-5.9.14-5.el10_0.

Changelog

* Sat Jul 27 2024 Michel Lind <salimma@fedoraproject.org> – 5.9.14-5
– Depend on openssl-devel-engine since we still use this deprecated feature (rhbz#2295335)
* Fri Jul 26 2024 Miroslav Suchý <msuchy@redhat.com> – 5.9.14-4
– convert license to SPDX
* Sat Jul 20 2024 Fedora Release Engineering <releng@fedoraproject.org> – 5.9.14-3
– Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Fri Jun 7 2024 Python Maint <python-maint@redhat.com> – 5.9.14-2
– Rebuilt for Python 3.13
* Fri May 31 2024 Paul Wouters <paul.wouters@aiven.io> – 5.9.14-1
– Resolves: rhbz#2254560 CVE-2023-41913 buffer overflow and possible RCE
– Resolved: rhbz#2250666 Update to 5.9.14 (IKEv2 OCSP extensions, seqno/regno overflow handling
– Update to 5.9.13 (OCSP nonce set regression configuration option charon.ocsp_nonce_len)
– Update to 5.9.12 (CVE-2023-41913 fix, various IKEv2 fixes)
* Sat Jan 27 2024 Fedora Release Engineering <releng@fedoraproject.org> – 5.9.11-3
– Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sat Jul 22 2023 Fedora Release Engineering <releng@fedoraproject.org> – 5.9.11-2
– Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Fri Jul 14 2023 Paul Wouters <paul.wouters@aiven.io – 5.9.11-1
– Resolves: rhbz#2214186 strongswan-5.9.11 is available
* Tue Jun 13 2023 Python Maint <python-maint@redhat.com> – 5.9.10-2
– Rebuilt for Python 3.12
* Thu Mar 2 2023 Paul Wouters <paul.wouters@aiven.io – 5.9.10-1
– Update to 5.9.10
* Tue Feb 28 2023 Paul Wouters <paul.wouters@aiven.io – 5.9.9-3
– Resolves: CVE-2023-26463 authorization bypass in TLS-based EAP methods
* Mon Jan 16 2023 Petr Menšík <pemensik@redhat.com> – 5.9.9-2
– Use configure paths in manual pages (#2106120)
* Sun Jan 15 2023 Petr Menšík <pemensik@redhat.com> – 5.9.9-1
– Update to 5.9.9 (#2157850)
* Thu Dec 8 2022 Jitka Plesnikova <jplesnik@redhat.com> – 5.9.8-2
– Add BR perl-generators to automatically generates run-time dependencies
for installed Perl files
* Sun Oct 16 2022 Arne Reiter <redhat@arnereiter.de> – 5.9.8-1
– Resolves rhbz#2112274 strongswan-5.9.8 is available
– Patch1 removes CFLAGS -Wno-format which interferes with -Werror=format-security
– Add BuildRequire for autoconf and automake, now required for release
– Remove obsolete patches

Read More

rclone-1.67.0-1.fc41

Read Time:39 Second

FEDORA-2024-3ef0d3c37d

Packages in this update:

rclone-1.67.0-1.fc41

Update description:

Automatic update for rclone-1.67.0-1.fc41.

Changelog

* Fri Aug 9 2024 Mikel Olasagasti Uranga <mikel@olasagasti.info> – 1.67.0-1
– Update to 1.67.0 – Closes rhbz#2251762 rhbz#2292717 rhbz#2301235
rhbz#2255106
* Fri Jul 19 2024 Fedora Release Engineering <releng@fedoraproject.org> – 1.64.2-5
– Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Sun Feb 11 2024 Maxwell G <maxwell@gtmx.me> – 1.64.2-4
– Rebuild for golang 1.22.0
* Fri Jan 26 2024 Fedora Release Engineering <releng@fedoraproject.org> – 1.64.2-3
– Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild

Read More

USN-6926-3: Linux kernel (Azure) vulnerabilities

Read Time:1 Minute, 43 Second

黄思聪 discovered that the NFC Controller Interface (NCI) implementation in
the Linux kernel did not properly handle certain memory allocation failure
conditions, leading to a null pointer dereference vulnerability. A local
attacker could use this to cause a denial of service (system crash).
(CVE-2023-46343)

It was discovered that a race condition existed in the Bluetooth subsystem
in the Linux kernel when modifying certain settings values through debugfs.
A privileged local attacker could use this to cause a denial of service.
(CVE-2024-24857, CVE-2024-24858, CVE-2024-24859)

Chenyuan Yang discovered that the Unsorted Block Images (UBI) flash device
volume management subsystem did not properly validate logical eraseblock
sizes in certain situations. An attacker could possibly use this to cause a
denial of service (system crash). (CVE-2024-25739)

Supraja Sridhara, Benedict Schlüter, Mark Kuhne, Andrin Bertschi, and
Shweta Shinde discovered that the Confidential Computing framework in the
Linux kernel for x86 platforms did not properly handle 32-bit emulation on
TDX and SEV. An attacker with access to the VMM could use this to cause a
denial of service (guest crash) or possibly execute arbitrary code.
(CVE-2024-25744)

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– GPU drivers;
– HID subsystem;
– I2C subsystem;
– MTD block device drivers;
– Network drivers;
– TTY drivers;
– USB subsystem;
– File systems infrastructure;
– F2FS file system;
– SMB network file system;
– BPF subsystem;
– B.A.T.M.A.N. meshing protocol;
– Bluetooth subsystem;
– Networking core;
– IPv4 networking;
– IPv6 networking;
– Netfilter;
– Unix domain sockets;
– AppArmor security module;
(CVE-2023-52435, CVE-2024-27013, CVE-2024-35984, CVE-2023-52620,
CVE-2024-35997, CVE-2023-52436, CVE-2024-26884, CVE-2024-26901,
CVE-2023-52469, CVE-2024-35978, CVE-2024-26886, CVE-2024-35982,
CVE-2024-36902, CVE-2024-26857, CVE-2024-26923, CVE-2023-52443,
CVE-2024-27020, CVE-2024-36016, CVE-2024-26840, CVE-2024-26934,
CVE-2023-52449, CVE-2024-26882, CVE-2023-52444, CVE-2023-52752)

Read More

yyjson-0.10.0-2.el10_0

Read Time:52 Second

FEDORA-EPEL-2024-19e0ba9d5a

Packages in this update:

yyjson-0.10.0-2.el10_0

Update description:

Automatic update for yyjson-0.10.0-2.el10_0.

Changelog

* Sat Jul 20 2024 Fedora Release Engineering <releng@fedoraproject.org> – 0.10.0-2
– Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Mon Jul 15 2024 Packit <hello@packit.dev> – 0.10.0-1
– Update to 0.10.0 upstream release
– Resolves: rhbz#2297812
* Tue Apr 9 2024 topazus <topazus@outlook.com> – 0.9.0-1
– Update to 0.9.0; fix rhbz#2274045 and rhbz#2266791
* Tue Jan 30 2024 topazus <topazus@outlook.com> – 0.8.0-3
– Fix error of -Wno-implicit-int and -Wno-implicit-function-declaration
* Sat Jan 27 2024 Fedora Release Engineering <releng@fedoraproject.org> – 0.8.0-2
– Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Tue Dec 12 2023 topazus <topazus@outlook.com> – 0.8.0-1
– initial import; rhbz#2254133

Read More

USN-6953-1: Linux kernel (Oracle) vulnerabilities

Read Time:2 Minute, 16 Second

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– ARM64 architecture;
– M68K architecture;
– User-Mode Linux (UML);
– x86 architecture;
– Accessibility subsystem;
– Character device driver;
– Clock framework and drivers;
– CPU frequency scaling framework;
– Hardware crypto device drivers;
– Buffer Sharing and Synchronization framework;
– FireWire subsystem;
– ARM SCMI message protocol;
– GPU drivers;
– HW tracing;
– InfiniBand drivers;
– Macintosh device drivers;
– Multiple devices driver;
– Media drivers;
– Network drivers;
– Pin controllers subsystem;
– S/390 drivers;
– SCSI drivers;
– SoundWire subsystem;
– Greybus lights staging drivers;
– TTY drivers;
– Framebuffer layer;
– Virtio drivers;
– 9P distributed file system;
– eCrypt file system;
– EROFS file system;
– Ext4 file system;
– F2FS file system;
– JFFS2 file system;
– Network file system client;
– NILFS2 file system;
– SMB network file system;
– Mellanox drivers;
– Kernel debugger infrastructure;
– IRQ subsystem;
– Tracing infrastructure;
– Dynamic debug library;
– 9P file system network protocol;
– Bluetooth subsystem;
– Networking core;
– IPv4 networking;
– IPv6 networking;
– Netfilter;
– NET/ROM layer;
– NFC subsystem;
– NSH protocol;
– Open vSwitch;
– Phonet protocol;
– TIPC protocol;
– TLS protocol;
– Unix domain sockets;
– Wireless networking;
– eXpress Data Path;
– XFRM subsystem;
– ALSA framework;
(CVE-2024-26584, CVE-2023-52434, CVE-2024-36933, CVE-2024-36286,
CVE-2024-36886, CVE-2024-38579, CVE-2022-48772, CVE-2024-39493,
CVE-2024-38637, CVE-2024-36016, CVE-2023-52752, CVE-2024-38558,
CVE-2024-39488, CVE-2024-38559, CVE-2024-36919, CVE-2024-36905,
CVE-2024-39489, CVE-2024-39475, CVE-2021-47131, CVE-2024-26585,
CVE-2024-38578, CVE-2024-38567, CVE-2024-38596, CVE-2024-38598,
CVE-2024-36940, CVE-2024-38552, CVE-2024-37356, CVE-2024-38780,
CVE-2024-38589, CVE-2024-36959, CVE-2024-27399, CVE-2024-36017,
CVE-2024-38661, CVE-2024-36939, CVE-2024-36904, CVE-2024-36902,
CVE-2024-38381, CVE-2024-36883, CVE-2024-37353, CVE-2024-38560,
CVE-2024-39292, CVE-2024-36934, CVE-2024-38621, CVE-2024-38599,
CVE-2024-36941, CVE-2022-48655, CVE-2024-26886, CVE-2024-36014,
CVE-2024-38613, CVE-2024-27398, CVE-2024-27019, CVE-2024-36954,
CVE-2024-39471, CVE-2024-26583, CVE-2024-35947, CVE-2024-31076,
CVE-2024-38659, CVE-2024-38549, CVE-2024-38618, CVE-2024-38565,
CVE-2024-27401, CVE-2022-48674, CVE-2024-38582, CVE-2024-38634,
CVE-2024-38627, CVE-2024-39480, CVE-2024-36015, CVE-2023-52585,
CVE-2024-36270, CVE-2024-26907, CVE-2024-38615, CVE-2024-38600,
CVE-2024-38612, CVE-2024-36946, CVE-2024-39301, CVE-2024-38601,
CVE-2024-38635, CVE-2024-33621, CVE-2024-36964, CVE-2024-38633,
CVE-2024-39467, CVE-2024-38607, CVE-2024-36971, CVE-2024-35976,
CVE-2024-38587, CVE-2023-52882, CVE-2024-36950, CVE-2024-39276,
CVE-2024-36960, CVE-2024-38583)

Read More

USN-6952-1: Linux kernel vulnerabilities

Read Time:5 Minute, 15 Second

Benedict Schlüter, Supraja Sridhara, Andrin Bertschi, and Shweta Shinde
discovered that an untrusted hypervisor could inject malicious #VC
interrupts and compromise the security guarantees of AMD SEV-SNP. This flaw
is known as WeSee. A local attacker in control of the hypervisor could use
this to expose sensitive information or possibly execute arbitrary code in
the trusted execution environment. (CVE-2024-25742)

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– ARM32 architecture;
– ARM64 architecture;
– M68K architecture;
– OpenRISC architecture;
– PowerPC architecture;
– RISC-V architecture;
– x86 architecture;
– Block layer subsystem;
– Accessibility subsystem;
– Bluetooth drivers;
– Clock framework and drivers;
– CPU frequency scaling framework;
– Hardware crypto device drivers;
– DMA engine subsystem;
– DPLL subsystem;
– FireWire subsystem;
– EFI core;
– Qualcomm firmware drivers;
– GPIO subsystem;
– GPU drivers;
– HID subsystem;
– Microsoft Hyper-V drivers;
– I2C subsystem;
– InfiniBand drivers;
– IOMMU subsystem;
– IRQ chip drivers;
– Macintosh device drivers;
– Multiple devices driver;
– Media drivers;
– EEPROM drivers;
– MMC subsystem;
– Network drivers;
– STMicroelectronics network drivers;
– Device tree and open firmware driver;
– HiSilicon SoC PMU drivers;
– PHY drivers;
– Pin controllers subsystem;
– Remote Processor subsystem;
– S/390 drivers;
– SCSI drivers;
– SPI subsystem;
– Media staging drivers;
– Thermal drivers;
– TTY drivers;
– Userspace I/O drivers;
– USB subsystem;
– DesignWare USB3 driver;
– ACRN Hypervisor Service Module driver;
– Virtio drivers;
– 9P distributed file system;
– BTRFS file system;
– eCrypt file system;
– EROFS file system;
– File systems infrastructure;
– GFS2 file system;
– JFFS2 file system;
– Network file systems library;
– Network file system client;
– Network file system server daemon;
– NILFS2 file system;
– Proc file system;
– SMB network file system;
– Tracing file system;
– Mellanox drivers;
– Memory management;
– Socket messages infrastructure;
– Slab allocator;
– Tracing infrastructure;
– User-space API (UAPI);
– Core kernel;
– BPF subsystem;
– DMA mapping infrastructure;
– RCU subsystem;
– Dynamic debug library;
– KUnit library;
– Maple Tree data structure library;
– Heterogeneous memory management;
– Amateur Radio drivers;
– Bluetooth subsystem;
– Ethernet bridge;
– Networking core;
– IPv4 networking;
– IPv6 networking;
– Multipath TCP;
– Netfilter;
– NET/ROM layer;
– NFC subsystem;
– NSH protocol;
– Open vSwitch;
– Phonet protocol;
– SMC sockets;
– TIPC protocol;
– Unix domain sockets;
– Wireless networking;
– Key management;
– ALSA framework;
– HD-audio driver;
– Kirkwood ASoC drivers;
– MediaTek ASoC drivers;
(CVE-2024-38601, CVE-2024-36935, CVE-2024-35991, CVE-2024-36032,
CVE-2024-35988, CVE-2024-36886, CVE-2024-36913, CVE-2024-36928,
CVE-2024-38553, CVE-2024-36927, CVE-2024-38615, CVE-2024-36958,
CVE-2024-36977, CVE-2024-36889, CVE-2024-38554, CVE-2024-38590,
CVE-2024-42134, CVE-2024-35857, CVE-2024-35850, CVE-2024-35986,
CVE-2024-36921, CVE-2024-38569, CVE-2024-36966, CVE-2024-38542,
CVE-2024-38585, CVE-2024-36884, CVE-2024-36006, CVE-2024-38577,
CVE-2024-36016, CVE-2024-38584, CVE-2024-36887, CVE-2024-38598,
CVE-2024-35994, CVE-2024-38603, CVE-2024-35998, CVE-2024-27401,
CVE-2024-35852, CVE-2024-36944, CVE-2024-38572, CVE-2024-36917,
CVE-2024-36943, CVE-2024-36009, CVE-2024-38587, CVE-2024-35949,
CVE-2024-36945, CVE-2024-36004, CVE-2024-36919, CVE-2024-27398,
CVE-2024-38582, CVE-2024-35847, CVE-2024-38580, CVE-2024-38602,
CVE-2024-36916, CVE-2024-36903, CVE-2024-38555, CVE-2024-36952,
CVE-2024-38589, CVE-2024-27394, CVE-2024-36933, CVE-2024-36975,
CVE-2024-38591, CVE-2024-38612, CVE-2024-36939, CVE-2024-35983,
CVE-2024-38607, CVE-2024-36929, CVE-2024-35849, CVE-2024-36941,
CVE-2024-35858, CVE-2024-38599, CVE-2024-35996, CVE-2024-36031,
CVE-2024-36931, CVE-2024-35990, CVE-2024-35851, CVE-2024-38556,
CVE-2024-36000, CVE-2024-36910, CVE-2024-38573, CVE-2024-36906,
CVE-2024-36951, CVE-2024-38604, CVE-2024-38613, CVE-2024-38547,
CVE-2024-36014, CVE-2024-36949, CVE-2024-36033, CVE-2024-38597,
CVE-2024-36880, CVE-2024-38594, CVE-2024-36894, CVE-2024-38546,
CVE-2024-36947, CVE-2024-38541, CVE-2024-35989, CVE-2024-27399,
CVE-2024-38550, CVE-2024-36922, CVE-2024-36008, CVE-2024-38540,
CVE-2024-36924, CVE-2024-36892, CVE-2024-38549, CVE-2024-36882,
CVE-2024-36908, CVE-2024-38566, CVE-2024-36005, CVE-2024-38583,
CVE-2024-36968, CVE-2024-36017, CVE-2024-38565, CVE-2024-36881,
CVE-2024-38611, CVE-2024-36897, CVE-2024-38560, CVE-2024-36923,
CVE-2024-38575, CVE-2024-36899, CVE-2024-38570, CVE-2024-36898,
CVE-2024-36896, CVE-2024-38559, CVE-2024-38588, CVE-2024-38606,
CVE-2024-38551, CVE-2024-36891, CVE-2024-38567, CVE-2024-36895,
CVE-2024-35993, CVE-2024-38552, CVE-2024-36925, CVE-2024-36964,
CVE-2024-36888, CVE-2024-36956, CVE-2024-36946, CVE-2024-38600,
CVE-2024-35997, CVE-2024-36912, CVE-2024-35984, CVE-2024-35848,
CVE-2024-38545, CVE-2024-38563, CVE-2024-36918, CVE-2024-36001,
CVE-2024-36957, CVE-2024-38576, CVE-2024-36030, CVE-2024-38574,
CVE-2024-36963, CVE-2024-36890, CVE-2024-36960, CVE-2024-36901,
CVE-2024-38614, CVE-2024-35859, CVE-2024-38593, CVE-2024-36904,
CVE-2024-36012, CVE-2024-38578, CVE-2024-36011, CVE-2024-36930,
CVE-2024-36938, CVE-2024-36893, CVE-2024-35987, CVE-2024-36905,
CVE-2024-35853, CVE-2024-36003, CVE-2024-38562, CVE-2024-38617,
CVE-2024-35855, CVE-2024-36965, CVE-2024-38596, CVE-2024-38558,
CVE-2024-38568, CVE-2024-36955, CVE-2024-36029, CVE-2024-36967,
CVE-2024-36940, CVE-2024-38595, CVE-2024-36028, CVE-2024-38610,
CVE-2024-36911, CVE-2024-35999, CVE-2024-35854, CVE-2024-38571,
CVE-2024-38548, CVE-2024-36948, CVE-2024-36002, CVE-2024-36961,
CVE-2024-36900, CVE-2024-36932, CVE-2024-36902, CVE-2024-35992,
CVE-2024-36914, CVE-2024-38592, CVE-2024-38616, CVE-2024-27400,
CVE-2024-36937, CVE-2024-36920, CVE-2024-38586, CVE-2024-36909,
CVE-2024-35846, CVE-2024-39482, CVE-2024-38579, CVE-2024-38539,
CVE-2024-27395, CVE-2024-36962, CVE-2024-36013, CVE-2024-27396,
CVE-2024-38557, CVE-2024-36953, CVE-2024-41011, CVE-2023-52882,
CVE-2024-36969, CVE-2024-36007, CVE-2024-35856, CVE-2024-38605,
CVE-2024-36915, CVE-2024-36979, CVE-2024-36954, CVE-2024-38538,
CVE-2024-36950, CVE-2024-36926, CVE-2024-38544, CVE-2024-36959,
CVE-2024-38561, CVE-2024-36883, CVE-2024-36936, CVE-2024-38564,
CVE-2024-38543, CVE-2024-36934, CVE-2024-35947, CVE-2024-38620)

Read More