FEDORA-2024-35147eb6ad

Packages in this update:

opentofu-1.8.0-1.fc39

Update description:

Update to 1.8.0

Fix for CVE-2024-6257 CVE-2024-6104 CVE-2024-24789

Read More

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– IPv4 networking;
(CVE-2024-26882)

Read More

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– ARM SCMI message protocol;
– InfiniBand drivers;
– TTY drivers;
– TLS protocol;
(CVE-2024-26584, CVE-2024-36016, CVE-2024-26585, CVE-2021-47131,
CVE-2024-26907, CVE-2022-48655, CVE-2024-26583)

Read More

Benedict Schlüter, Supraja Sridhara, Andrin Bertschi, and Shweta Shinde
discovered that an untrusted hypervisor could inject malicious #VC
interrupts and compromise the security guarantees of AMD SEV-SNP. This flaw
is known as WeSee. A local attacker in control of the hypervisor could use
this to expose sensitive information or possibly execute arbitrary code in
the trusted execution environment. (CVE-2024-25742)

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– DMA engine subsystem;
– HID subsystem;
– I2C subsystem;
– PHY drivers;
– TTY drivers;
– IPv4 networking;
(CVE-2024-35990, CVE-2024-35997, CVE-2024-35992, CVE-2024-35984,
CVE-2024-36008, CVE-2024-36016)

Read More

Benedict Schlüter, Supraja Sridhara, Andrin Bertschi, and Shweta Shinde
discovered that an untrusted hypervisor could inject malicious #VC
interrupts and compromise the security guarantees of AMD SEV-SNP. This flaw
is known as WeSee. A local attacker in control of the hypervisor could use
this to expose sensitive information or possibly execute arbitrary code in
the trusted execution environment. (CVE-2024-25742)

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– TTY drivers;
– SMB network file system;
– Netfilter;
– Bluetooth subsystem;
(CVE-2024-26886, CVE-2024-26952, CVE-2023-52752, CVE-2024-27017,
CVE-2024-36016)

Read More

It was discovered that a race condition existed in the Bluetooth subsystem
in the Linux kernel when modifying certain settings values through debugfs.
A privileged local attacker could use this to cause a denial of service.
(CVE-2024-24857, CVE-2024-24858, CVE-2024-24859)

Chenyuan Yang discovered that the Unsorted Block Images (UBI) flash device
volume management subsystem did not properly validate logical eraseblock
sizes in certain situations. An attacker could possibly use this to cause a
denial of service (system crash). (CVE-2024-25739)

Read More

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Azure VSTS CLI. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 9.8.

Read More

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Azure Arc Jumpstart. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 9.8.

Read More

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft 3D Builder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 3.3.

Read More

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Azure. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 9.8.

Read More