Category Archives: Advisories

APPLE-SA-07-29-2024-2 iOS 17.6 and iPadOS 17.6

Read Time:26 Second

Posted by Apple Product Security via Fulldisclosure on Jul 29

APPLE-SA-07-29-2024-2 iOS 17.6 and iPadOS 17.6

iOS 17.6 and iPadOS 17.6 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT214117.

Apple maintains a Security Releases page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

AppleMobileFileIntegrity
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch
2nd…

Read More

APPLE-SA-07-29-2024-1 Safari 17.6

Read Time:24 Second

Posted by Apple Product Security via Fulldisclosure on Jul 29

APPLE-SA-07-29-2024-1 Safari 17.6

Safari 17.6 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT214121.

Apple maintains a Security Releases page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

Safari
Available for: macOS Monterey and macOS Ventura
Impact: Visiting a website that frames malicious content may lead to UI…

Read More

Bunch of IoT CVEs

Read Time:29 Second

Posted by Willem Westerhof | Secura on Jul 29

Hi all,

A list of CVE’s in a bunch of IoT devices that never made it to the general public through other means, but have either
been fixed, or never will be fixed, since they are a couple of years old.

Use CVE-2020-11915.

Use CVE-2020-11916.

Use CVE-2020-11917.

Use CVE-2020-11918.

Use CVE-2020-11919.

Use CVE-2020-11920.

Use CVE-2020-11921.

Use CVE-2020-11922.

Use CVE-2020-11923.

Use CVE-2020-11924.

Use CVE-2020-11925.

Use…

Read More

golang-github-acme-lego-4.17.4-4.fc41

Read Time:1 Minute, 39 Second

FEDORA-2024-f6f91d983c

Packages in this update:

golang-github-acme-lego-4.17.4-4.fc41

Update description:

Automatic update for golang-github-acme-lego-4.17.4-4.fc41.

Changelog

* Mon Jul 29 2024 Mikel Olasagasti Uranga <mikel@olasagasti.info> – 4.17.4-4
– Update to 4.17.4 – Closes rhbz#2009869 rhbz#2171504 rhbz#2268886
rhbz#2294003 rhbz#2225838
* Mon Jul 29 2024 Mikel Olasagasti Uranga <mikel@olasagasti.info> – 4.17.4-3
– Update to 4.17.4 – Closes rhbz#2009869 rhbz#2171504 rhbz#2268886
rhbz#2294003 rhbz#2225838
* Mon Jul 29 2024 Mikel Olasagasti Uranga <mikel@olasagasti.info> – 4.17.4-2
– Update to 4.17.4 – Closes rhbz#2009869 rhbz#2171504 rhbz#2268886
rhbz#2294003 rhbz#2225838
* Mon Jul 29 2024 Mikel Olasagasti Uranga <mikel@olasagasti.info> – 4.17.4-1
– Update to 4.17.4 – Closes rhbz#2009869 rhbz#2171504 rhbz#2268886
rhbz#2294003 rhbz#2225838
* Thu Jul 18 2024 Fedora Release Engineering <releng@fedoraproject.org> – 4.4.0-16
– Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Sun Feb 11 2024 Maxwell G <maxwell@gtmx.me> – 4.4.0-15
– Rebuild for golang 1.22.0
* Wed Jan 24 2024 Fedora Release Engineering <releng@fedoraproject.org> – 4.4.0-14
– Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Fri Jan 19 2024 Fedora Release Engineering <releng@fedoraproject.org> – 4.4.0-13
– Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Thu Jul 20 2023 Fedora Release Engineering <releng@fedoraproject.org> – 4.4.0-11
– Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> – 4.4.0-10
– Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Wed Aug 10 2022 Maxwell G <gotmax@e.email> – 4.4.0-9
– Rebuild to fix FTBFS

Read More

USN-6926-1: Linux kernel vulnerabilities

Read Time:1 Minute, 43 Second

黄思聪 discovered that the NFC Controller Interface (NCI) implementation in
the Linux kernel did not properly handle certain memory allocation failure
conditions, leading to a null pointer dereference vulnerability. A local
attacker could use this to cause a denial of service (system crash).
(CVE-2023-46343)

It was discovered that a race condition existed in the Bluetooth subsystem
in the Linux kernel when modifying certain settings values through debugfs.
A privileged local attacker could use this to cause a denial of service.
(CVE-2024-24857, CVE-2024-24858, CVE-2024-24859)

Chenyuan Yang discovered that the Unsorted Block Images (UBI) flash device
volume management subsystem did not properly validate logical eraseblock
sizes in certain situations. An attacker could possibly use this to cause a
denial of service (system crash). (CVE-2024-25739)

Supraja Sridhara, Benedict Schlüter, Mark Kuhne, Andrin Bertschi, and
Shweta Shinde discovered that the Confidential Computing framework in the
Linux kernel for x86 platforms did not properly handle 32-bit emulation on
TDX and SEV. An attacker with access to the VMM could use this to cause a
denial of service (guest crash) or possibly execute arbitrary code.
(CVE-2024-25744)

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– GPU drivers;
– HID subsystem;
– I2C subsystem;
– MTD block device drivers;
– Network drivers;
– TTY drivers;
– USB subsystem;
– File systems infrastructure;
– F2FS file system;
– SMB network file system;
– BPF subsystem;
– B.A.T.M.A.N. meshing protocol;
– Bluetooth subsystem;
– Networking core;
– IPv4 networking;
– IPv6 networking;
– Netfilter;
– Unix domain sockets;
– AppArmor security module;
(CVE-2023-52435, CVE-2024-27013, CVE-2024-35984, CVE-2023-52620,
CVE-2024-35997, CVE-2023-52436, CVE-2024-26884, CVE-2024-26901,
CVE-2023-52469, CVE-2024-35978, CVE-2024-26886, CVE-2024-35982,
CVE-2024-36902, CVE-2024-26857, CVE-2024-26923, CVE-2023-52443,
CVE-2024-27020, CVE-2024-36016, CVE-2024-26840, CVE-2024-26934,
CVE-2023-52449, CVE-2024-26882, CVE-2023-52444, CVE-2023-52752)

Read More

USN-6924-1: Linux kernel vulnerabilities

Read Time:18 Second

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– ARM SCMI message protocol;
– InfiniBand drivers;
– TTY drivers;
– TLS protocol;
(CVE-2024-26584, CVE-2024-36016, CVE-2024-26585, CVE-2021-47131,
CVE-2024-26907, CVE-2022-48655, CVE-2024-26583)

Read More

USN-6921-1: Linux kernel vulnerabilities

Read Time:36 Second

Benedict Schlüter, Supraja Sridhara, Andrin Bertschi, and Shweta Shinde
discovered that an untrusted hypervisor could inject malicious #VC
interrupts and compromise the security guarantees of AMD SEV-SNP. This flaw
is known as WeSee. A local attacker in control of the hypervisor could use
this to expose sensitive information or possibly execute arbitrary code in
the trusted execution environment. (CVE-2024-25742)

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– DMA engine subsystem;
– HID subsystem;
– I2C subsystem;
– PHY drivers;
– TTY drivers;
– IPv4 networking;
(CVE-2024-35990, CVE-2024-35997, CVE-2024-35992, CVE-2024-35984,
CVE-2024-36008, CVE-2024-36016)

Read More