Category Archives: Advisories

APPLE-SA-07-29-2024-6 macOS Monterey 12.7.6

Read Time:24 Second

Posted by Apple Product Security via Fulldisclosure on Jul 29

APPLE-SA-07-29-2024-6 macOS Monterey 12.7.6

macOS Monterey 12.7.6 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT214118.

Apple maintains a Security Releases page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

APFS
Available for: macOS Monterey
Impact: A malicious application may be able to bypass Privacy
preferences…

Read More

APPLE-SA-07-29-2024-5 macOS Ventura 13.6.8

Read Time:24 Second

Posted by Apple Product Security via Fulldisclosure on Jul 29

APPLE-SA-07-29-2024-5 macOS Ventura 13.6.8

macOS Ventura 13.6.8 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT214120.

Apple maintains a Security Releases page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

APFS
Available for: macOS Ventura
Impact: A malicious application may be able to bypass Privacy
preferences…

Read More

APPLE-SA-07-29-2024-4 macOS Sonoma 14.6

Read Time:24 Second

Posted by Apple Product Security via Fulldisclosure on Jul 29

APPLE-SA-07-29-2024-4 macOS Sonoma 14.6

macOS Sonoma 14.6 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT214119.

Apple maintains a Security Releases page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

Accounts
Available for: macOS Sonoma
Impact: A malicious application may be able to access private
information…

Read More

APPLE-SA-07-29-2024-3 iOS 16.7.9 and iPadOS 16.7.9

Read Time:26 Second

Posted by Apple Product Security via Fulldisclosure on Jul 29

APPLE-SA-07-29-2024-3 iOS 16.7.9 and iPadOS 16.7.9

iOS 16.7.9 and iPadOS 16.7.9 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT214116.

Apple maintains a Security Releases page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

CoreGraphics
Available for: iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation,
iPad Pro…

Read More

APPLE-SA-07-29-2024-2 iOS 17.6 and iPadOS 17.6

Read Time:26 Second

Posted by Apple Product Security via Fulldisclosure on Jul 29

APPLE-SA-07-29-2024-2 iOS 17.6 and iPadOS 17.6

iOS 17.6 and iPadOS 17.6 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT214117.

Apple maintains a Security Releases page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

AppleMobileFileIntegrity
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch
2nd…

Read More

APPLE-SA-07-29-2024-1 Safari 17.6

Read Time:24 Second

Posted by Apple Product Security via Fulldisclosure on Jul 29

APPLE-SA-07-29-2024-1 Safari 17.6

Safari 17.6 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT214121.

Apple maintains a Security Releases page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

Safari
Available for: macOS Monterey and macOS Ventura
Impact: Visiting a website that frames malicious content may lead to UI…

Read More

Bunch of IoT CVEs

Read Time:29 Second

Posted by Willem Westerhof | Secura on Jul 29

Hi all,

A list of CVE’s in a bunch of IoT devices that never made it to the general public through other means, but have either
been fixed, or never will be fixed, since they are a couple of years old.

Use CVE-2020-11915.

Use CVE-2020-11916.

Use CVE-2020-11917.

Use CVE-2020-11918.

Use CVE-2020-11919.

Use CVE-2020-11920.

Use CVE-2020-11921.

Use CVE-2020-11922.

Use CVE-2020-11923.

Use CVE-2020-11924.

Use CVE-2020-11925.

Use…

Read More

golang-github-acme-lego-4.17.4-4.fc41

Read Time:1 Minute, 39 Second

FEDORA-2024-f6f91d983c

Packages in this update:

golang-github-acme-lego-4.17.4-4.fc41

Update description:

Automatic update for golang-github-acme-lego-4.17.4-4.fc41.

Changelog

* Mon Jul 29 2024 Mikel Olasagasti Uranga <mikel@olasagasti.info> – 4.17.4-4
– Update to 4.17.4 – Closes rhbz#2009869 rhbz#2171504 rhbz#2268886
rhbz#2294003 rhbz#2225838
* Mon Jul 29 2024 Mikel Olasagasti Uranga <mikel@olasagasti.info> – 4.17.4-3
– Update to 4.17.4 – Closes rhbz#2009869 rhbz#2171504 rhbz#2268886
rhbz#2294003 rhbz#2225838
* Mon Jul 29 2024 Mikel Olasagasti Uranga <mikel@olasagasti.info> – 4.17.4-2
– Update to 4.17.4 – Closes rhbz#2009869 rhbz#2171504 rhbz#2268886
rhbz#2294003 rhbz#2225838
* Mon Jul 29 2024 Mikel Olasagasti Uranga <mikel@olasagasti.info> – 4.17.4-1
– Update to 4.17.4 – Closes rhbz#2009869 rhbz#2171504 rhbz#2268886
rhbz#2294003 rhbz#2225838
* Thu Jul 18 2024 Fedora Release Engineering <releng@fedoraproject.org> – 4.4.0-16
– Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Sun Feb 11 2024 Maxwell G <maxwell@gtmx.me> – 4.4.0-15
– Rebuild for golang 1.22.0
* Wed Jan 24 2024 Fedora Release Engineering <releng@fedoraproject.org> – 4.4.0-14
– Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Fri Jan 19 2024 Fedora Release Engineering <releng@fedoraproject.org> – 4.4.0-13
– Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Thu Jul 20 2023 Fedora Release Engineering <releng@fedoraproject.org> – 4.4.0-11
– Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> – 4.4.0-10
– Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Wed Aug 10 2022 Maxwell G <gotmax@e.email> – 4.4.0-9
– Rebuild to fix FTBFS

Read More

USN-6926-1: Linux kernel vulnerabilities

Read Time:1 Minute, 43 Second

黄思聪 discovered that the NFC Controller Interface (NCI) implementation in
the Linux kernel did not properly handle certain memory allocation failure
conditions, leading to a null pointer dereference vulnerability. A local
attacker could use this to cause a denial of service (system crash).
(CVE-2023-46343)

It was discovered that a race condition existed in the Bluetooth subsystem
in the Linux kernel when modifying certain settings values through debugfs.
A privileged local attacker could use this to cause a denial of service.
(CVE-2024-24857, CVE-2024-24858, CVE-2024-24859)

Chenyuan Yang discovered that the Unsorted Block Images (UBI) flash device
volume management subsystem did not properly validate logical eraseblock
sizes in certain situations. An attacker could possibly use this to cause a
denial of service (system crash). (CVE-2024-25739)

Supraja Sridhara, Benedict Schlüter, Mark Kuhne, Andrin Bertschi, and
Shweta Shinde discovered that the Confidential Computing framework in the
Linux kernel for x86 platforms did not properly handle 32-bit emulation on
TDX and SEV. An attacker with access to the VMM could use this to cause a
denial of service (guest crash) or possibly execute arbitrary code.
(CVE-2024-25744)

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– GPU drivers;
– HID subsystem;
– I2C subsystem;
– MTD block device drivers;
– Network drivers;
– TTY drivers;
– USB subsystem;
– File systems infrastructure;
– F2FS file system;
– SMB network file system;
– BPF subsystem;
– B.A.T.M.A.N. meshing protocol;
– Bluetooth subsystem;
– Networking core;
– IPv4 networking;
– IPv6 networking;
– Netfilter;
– Unix domain sockets;
– AppArmor security module;
(CVE-2023-52435, CVE-2024-27013, CVE-2024-35984, CVE-2023-52620,
CVE-2024-35997, CVE-2023-52436, CVE-2024-26884, CVE-2024-26901,
CVE-2023-52469, CVE-2024-35978, CVE-2024-26886, CVE-2024-35982,
CVE-2024-36902, CVE-2024-26857, CVE-2024-26923, CVE-2023-52443,
CVE-2024-27020, CVE-2024-36016, CVE-2024-26840, CVE-2024-26934,
CVE-2023-52449, CVE-2024-26882, CVE-2023-52444, CVE-2023-52752)

Read More