Multiple vulnerabilities have been found in the Symfony PHP framework
which could lead to privilege escalation, information disclosure,
incorrect validation or an open redirect.
Category Archives: Advisories
DSA-5808-1 ghostscript – security update
Multiple security issues were discovered in Ghostscript, the GPL
PostScript/PDF interpreter, which could result in denial of service and
potentially the execution of arbitrary code if malformed document files
are processed.
DSA-5811-1 mpg123 – security update
An out-of-bounds write vulnerability when handling crafted streams was
discovered in mpg123, a real time MPEG 1.0/2.0/2.5 audio player/decoder
for layers 1, 2 and 3, which could result in the execution of arbitrary
code.
DSA-5810-1 chromium – security update
Security issues were discovered in Chromium which could result
in the execution of arbitrary code, denial of service, or information
disclosure.
USN-7099-1: OpenJDK 21 vulnerabilities
Andy Boothe discovered that the Networking component of OpenJDK 21 did not
properly handle access under certain circumstances. An unauthenticated
attacker could possibly use this issue to cause a denial of service.
(CVE-2024-21208)
It was discovered that the Hotspot component of OpenJDK 21 did not properly
handle vectorization under certain circumstances. An unauthenticated
attacker could possibly use this issue to access unauthorized resources
and expose sensitive information. (CVE-2024-21210, CVE-2024-21235)
It was discovered that the Serialization component of OpenJDK 21 did not
properly handle deserialization under certain circumstances. An
unauthenticated attacker could possibly use this issue to cause a denial
of service. (CVE-2024-21217)
lemonldap-ng-2.20.1-1.el8
FEDORA-EPEL-2024-c35d90e5f2
Packages in this update:
lemonldap-ng-2.20.1-1.el8
Update description:
Update to lemonldap-ng 2.20.1:
[Security] Adaptative Authentication Rules triggered by “Refresh my rights”
[Security] XSS in upgradeSession / forceUpgrade pages
downloadSamlMetadata missing from packages in 2.20.0
CDA request for id is not valid
“This application is not known” when trying to access a federation application with empty RelayState
SAML regression in 2.20.0
Internal error when captcha rule isn’t validated
lemonldap-ng-2.20.1-1.el9
FEDORA-EPEL-2024-18565c82f2
Packages in this update:
lemonldap-ng-2.20.1-1.el9
Update description:
Update to lemonldap-ng 2.20.1:
[Security] Adaptative Authentication Rules triggered by “Refresh my rights”
[Security] XSS in upgradeSession / forceUpgrade pages
downloadSamlMetadata missing from packages in 2.20.0
CDA request for id is not valid
“This application is not known” when trying to access a federation application with empty RelayState
SAML regression in 2.20.0
Internal error when captcha rule isn’t validated
lemonldap-ng-2.20.1-1.fc39
FEDORA-2024-d0a6c4ac13
Packages in this update:
lemonldap-ng-2.20.1-1.fc39
Update description:
Update to lemonldap-ng 2.20.1:
[Security] Adaptative Authentication Rules triggered by “Refresh my rights”
[Security] XSS in upgradeSession / forceUpgrade pages
downloadSamlMetadata missing from packages in 2.20.0
CDA request for id is not valid
“This application is not known” when trying to access a federation application with empty RelayState
SAML regression in 2.20.0
Internal error when captcha rule isn’t validated
lemonldap-ng-2.20.1-1.fc41
FEDORA-2024-7bc1df53fc
Packages in this update:
lemonldap-ng-2.20.1-1.fc41
Update description:
Update to lemonldap-ng 2.20.1:
[Security] Adaptative Authentication Rules triggered by “Refresh my rights”
[Security] XSS in upgradeSession / forceUpgrade pages
downloadSamlMetadata missing from packages in 2.20.0
CDA request for id is not valid
“This application is not known” when trying to access a federation application with empty RelayState
SAML regression in 2.20.0
Internal error when captcha rule isn’t validated
lemonldap-ng-2.20.1-1.fc40
FEDORA-2024-e457192aa2
Packages in this update:
lemonldap-ng-2.20.1-1.fc40
Update description:
Update to lemonldap-ng 2.20.1:
[Security] Adaptative Authentication Rules triggered by “Refresh my rights”
[Security] XSS in upgradeSession / forceUpgrade pages
downloadSamlMetadata missing from packages in 2.20.0
CDA request for id is not valid
“This application is not known” when trying to access a federation application with empty RelayState
SAML regression in 2.20.0
Internal error when captcha rule isn’t validated