USN-7062-1 fixed vulnerabilities in libgsf. This update provides the
corresponding updates for Ubuntu 24.10.

Original advisory details:

It was discovered that libgsf incorrectly handled certain Compound
Document Binary files. If a user or automated system were tricked into
opening a specially crafted file, a remote attacker could possibly use
this issue to execute arbitrary code.

Read More

USN-7042-2 released an improved fix for cups-browsed. This update provides
the corresponding update for Ubuntu 24.10.

Original advisory details:

Simone Margaritelli discovered that cups-browsed could be used to create
arbitrary printers from outside the local network. In combination with
issues in other printing components, a remote attacker could possibly use
this issue to connect to a system, created manipulated PPD files, and
execute arbitrary code when a printer is used. This update disables
support for the legacy CUPS printer discovery protocol.

Read More

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Oct 20

No message preview for long message of 359314 bytes.

Read More

Posted by Jeroen Hermans via Fulldisclosure on Oct 20

CloudAware Security Advisory

CVE-2024-48939: Unauthorized enabling of API in Paxton Net2 software

========================================================================
Summary
========================================================================
Bypass of Paxton Net2 API license. Possible leaking of PII and access to
admin functionality.
No physical access to computer running Paxton Net2 is required….

Read More

Enrique Nissim and Krzysztof Okupski discovered that some AMD processors
did not properly restrict access to the System Management Mode (SMM)
configuration when the SMM Lock was enabled. A privileged local attacker
could possibly use this issue to further escalate their privileges and
execute arbitrary code within the processor’s firmware layer.

Read More

Several vulnerabilities have been discovered in the OpenJDK Java runtime,
which may result in denial of service or information disclosure.

https://security-tracker.debian.org/tracker/DSA-5794-1

Read More

Cedric Krier discovered that python-sql, a library to write SQL queries
in a pythonic way, performed insufficient sanitising which could result
in SQL injection.

https://security-tracker.debian.org/tracker/DSA-5795-1

Read More

Security issues were discovered in Chromium which could result
in the execution of arbitrary code, denial of service, or information
disclosure.

https://security-tracker.debian.org/tracker/DSA-5793-1

Read More

FEDORA-EPEL-2024-0282083260

Packages in this update:

prometheus-podman-exporter-1.13.3-1.el9

Update description:

release 1.13.3

Read More

FEDORA-2024-ee9f0f22b6

Packages in this update:

prometheus-podman-exporter-1.13.3-1.fc39

Update description:

release 1.13.3

Read More