Category Archives: Advisories

USN-6889-1: .NET vulnerabilities

Read Time:26 Second

It was discovered that .NET did not properly handle object
deserialization. An attacker could possibly use this issue to cause
a denial of service. (CVE-2024-30105)

Radek Zikmund discovered that .NET did not properly manage memory. An
attacker could use this issue to cause a denial of service or possibly
execute arbitrary code. (CVE-2024-35264)

It was discovered that .NET did not properly parse X.509 Content and
ObjectIdentifiers. An attacker could possibly use this issue to cause
a denial of service. (CVE-2024-38095)

Read More

USN-6890-1: Firefox vulnerabilities

Read Time:54 Second

Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code. (CVE-2024-6601,
CVE-2024-6604, CVE-2024-6607, CVE-2024-6608, CVE-2024-6610, CVE-2024-6611,
CVE-2024-6612, CVE-2024-6613, CVE-2024-6614, CVE-2024-6615)

It was discovered that Firefox did not properly manage certain memory
operations in the NSS. An attacker could potentially exploit this issue to
cause a denial of service, or execute arbitrary code. (CVE-2024-6602,
CVE-2024-6609)

Irvan Kurniawan discovered that Firefox did not properly manage memory
during thread creation. An attacker could potentially exploit this
issue to cause a denial of service, or execute arbitrary code.
(CVE-2024-6603)

It was discovered that Firefox incorrectly handled array accesses in the
clipboard component, leading to an out-of-bounds read vulnerability. An
attacker could possibly use this issue to cause a denial of service or
expose sensitive information. (CVE-2024-6606)

Read More

krb5-1.21.3-1.fc39

Read Time:45 Second

FEDORA-2024-df2c70dba9

Packages in this update:

krb5-1.21.3-1.fc39

Update description:

This update fixes multiple CVEs and rebases to the latest upstream version:

* Tue Jul 09 2024 Julien Rische <jrische@redhat.com> – 1.21.3-1
– New upstream version (1.21.3)
– CVE-2024-26458: Memory leak in src/lib/rpc/pmap_rmt.c
Resolves: rhbz#2266732
– CVE-2024-26461: Memory leak in src/lib/gssapi/krb5/k5sealv3.c
Resolves: rhbz#2266741
– CVE-2024-26462: Memory leak in src/kdc/ndr.c
Resolves: rhbz#2266743
– Add missing SPDX license identifiers
Resolves: rhbz#2265333

* Mon Jul 08 2024 Julien Rische <jrische@redhat.com> – 1.21.2-6
– CVE-2024-37370 CVE-2024-37371: GSS message token handling
Resolves: rhbz#2294678 rhbz#2294680
– Fix double free in klist’s show_ccache()
Resolves: rhbz#2257301
– Do not include files with “~” termination in krb5-tests

Read More