FEDORA-2024-c0b1d26de3

Packages in this update:

chromium-130.0.6723.58-1.fc39

Update description:

Update to 130.0.6723.58

* High CVE-2024-9954: Use after free in AI
* Medium CVE-2024-9955: Use after free in Web Authentication
* Medium CVE-2024-9956: Inappropriate implementation in Web Authentication
* Medium CVE-2024-9957: Use after free in UI
* Medium CVE-2024-9958: Inappropriate implementation in PictureInPicture
* Medium CVE-2024-9959: Use after free in DevTools
* Medium CVE-2024-9960: Use after free in Dawn
* Medium CVE-2024-9961: Use after free in Parcel Tracking
* Medium CVE-2024-9962: Inappropriate implementation in Permissions
* Medium CVE-2024-9963: Insufficient data validation in Downloads
* Low CVE-2024-9964: Inappropriate implementation in Payments
* Low CVE-2024-9965: Insufficient data validation in DevTools
* Low CVE-2024-9966: Inappropriate implementation in Navigations

Read More

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Schneider Electric EcoStruxure Data Center Expert. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.5. The following CVEs are assigned: CVE-2015-0250.

Read More

What is the Vulnerability?CVE-2024-40711 is a critical unauthenticated Remote Code Execution (RCE) vulnerability in Veeam Backup & Replication software. Threat actors could execute arbitrary code on a vulnerable system without authentication, which poses a significant risk to organizations using Veeam for backup and data protection. The vulnerability has been added to Known Exploited Vulnerabilities Catalog (KEV) on October 17, 2024, and is known to be used in Ransomware Campaigns.What is the recommended Mitigation?Veeam has released security patches addressing CVE-2024-40711, along with 5 other lower severity vulnerabilities in Veeam Backup & Replication. https://www.veeam.com/kb4649What FortiGuard Coverage is available?FortiGuard recommends users to apply the patch provided by the vendor and follow instructions as mentioned on the vendor’s advisory. FortiGuard IPS protection is currently being investigated to address CVE-2024-40711.The FortiGuard Incident Response team can be engaged to help with any suspected compromise.

Read More

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– x86 architecture;
– Cryptographic API;
– CPU frequency scaling framework;
– HW tracing;
– ISDN/mISDN subsystem;
– Media drivers;
– Network drivers;
– NVME drivers;
– S/390 drivers;
– SCSI drivers;
– USB subsystem;
– VFIO drivers;
– Watchdog drivers;
– JFS file system;
– IRQ subsystem;
– Core kernel;
– Memory management;
– Amateur Radio drivers;
– IPv4 networking;
– IPv6 networking;
– IUCV driver;
– Network traffic control;
– TIPC protocol;
– XFRM subsystem;
– Integrity Measurement Architecture(IMA) framework;
– SoC Audio for Freescale CPUs drivers;
– USB sound devices;
(CVE-2024-36971, CVE-2024-42271, CVE-2024-38630, CVE-2024-38602,
CVE-2024-42223, CVE-2024-44940, CVE-2023-52528, CVE-2024-41097,
CVE-2024-27051, CVE-2024-42157, CVE-2024-46673, CVE-2024-39494,
CVE-2024-42089, CVE-2024-41073, CVE-2024-26810, CVE-2024-26960,
CVE-2024-38611, CVE-2024-31076, CVE-2024-26754, CVE-2023-52510,
CVE-2024-40941, CVE-2024-45016, CVE-2024-38627, CVE-2024-38621,
CVE-2024-39487, CVE-2024-27436, CVE-2024-40901, CVE-2024-26812,
CVE-2024-42244, CVE-2024-42229, CVE-2024-43858, CVE-2024-42280,
CVE-2024-26641, CVE-2024-42284, CVE-2024-26602)

Read More

FEDORA-2024-884a589289

Packages in this update:

thunderbird-128.3.2-1.fc41

Update description:

Update to 128.3.2

https://www.thunderbird.net/en-US/thunderbird/128.3.2esr/releasenotes/

Update to 128.3.1

https://www.thunderbird.net/en-US/thunderbird/128.3.1esr/releasenotes/

Update to 128.3.0

https://www.mozilla.org/en-US/security/advisories/mfsa2024-49/
https://www.thunderbird.net/en-US/thunderbird/128.3.0esr/releasenotes/

Read More

It was discovered that the JFS file system contained an out-of-bounds read
vulnerability when printing xattr debug information. A local attacker could
use this to cause a denial of service (system crash).

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– GPU drivers;
– Greybus drivers;
– Modular ISDN driver;
– Multiple devices driver;
– Network drivers;
– SCSI drivers;
– VFIO drivers;
– F2FS file system;
– GFS2 file system;
– JFS file system;
– NILFS2 file system;
– Kernel debugger infrastructure;
– Bluetooth subsystem;
– IPv4 networking;
– L2TP protocol;
– Netfilter;
– RxRPC session sockets;
(CVE-2024-42154, CVE-2023-52527, CVE-2024-26733, CVE-2024-42160,
CVE-2021-47188, CVE-2024-38570, CVE-2024-26851, CVE-2024-26984,
CVE-2024-26677, CVE-2024-39480, CVE-2024-27398, CVE-2022-48791,
CVE-2024-42224, CVE-2024-38583, CVE-2024-40902, CVE-2023-52809,
CVE-2024-39495, CVE-2024-26651, CVE-2024-26880, CVE-2024-42228,
CVE-2024-27437, CVE-2022-48863)

Read More

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– Microsoft Azure Network Adapter (MANA) driver;
– Watchdog drivers;
– Netfilter;
– Network traffic control;
(CVE-2024-27397, CVE-2024-45016, CVE-2024-45001, CVE-2024-38630)

Read More

USN-7059-1 fixed a vulnerability in OATH Toolkit library. This
update provides the corresponding update for Ubuntu 24.10.

Original advisory details:

Fabian Vogt discovered that OATH Toolkit incorrectly handled file
permissions. A remote attacker could possibly use this issue to
overwrite root owned files, leading to a privilege escalation attack.
(CVE-2024-47191)

Read More

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– Watchdog drivers;
– Netfilter;
– Memory management;
– Network traffic control;
(CVE-2024-27397, CVE-2024-38630, CVE-2024-45016, CVE-2024-26960)

Read More

FEDORA-2024-180560c54b

Packages in this update:

dotnet8.0-8.0.110-1.fc39

Update description:

This is the October 2024 security release of .NET 8. The SDK version is 8.0.110 and the Runtime version is 8.0.10.

Release Notes:

SDK: https://github.com/dotnet/core/blob/main/release-notes/8.0/8.0.10/8.0.110.md
Runtime: https://github.com/dotnet/core/blob/main/release-notes/8.0/8.0.10/8.0.10.md

Read More