FEDORA-2024-1ecab28e50

Packages in this update:

mingw-python3-3.11.8-2.fc40

Update description:

Backport fix for CVE-2024-4032.

Read More

FEDORA-2024-fefc75bce4

Packages in this update:

mingw-python3-3.11.8-2.fc39

Update description:

Backport fix for CVE-2024-4032.

Read More

Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code. (CVE-2024-5689,
CVE-2024-5690, CVE-2024-5691, CVE-2024-5693, CVE-2024-5697, CVE-2024-5698,
CVE-2024-5699, CVE-2024-5700, CVE-2024-5701)

Lukas Bernhard discovered that Firefox did not properly manage memory
during garbage collection. An attacker could potentially exploit this
issue to cause a denial of service, or execute arbitrary code.
(CVE-2024-5688)

Lukas Bernhard discovered that Firefox did not properly manage memory in
the JavaScript engine. An attacker could potentially exploit this issue to
obtain sensitive information. (CVE-2024-5694)

Irvan Kurniawan discovered that Firefox did not properly handle certain
allocations in the probabilistic heap checker. An attacker could
potentially exploit this issue to cause a denial of service.
(CVE-2024-5695)

Irvan Kurniawan discovered that Firefox did not properly handle certain
text fragments in input tags. An attacker could potentially exploit this
issue to cause a denial of service. (CVE-2024-5696)

Read More

FEDORA-2024-71ef04b872

Packages in this update:

firmitas-0.1.3-1.fc40

Update description:

Cryptography v42 is the new thing.

Please follow the steps provided here https://github.com/fedora-infra/firmitas/blob/main/README.md for testing.

References

https://github.com/fedora-infra/firmitas/security/dependabot/1
https://github.com/fedora-infra/firmitas/security/dependabot/2
https://github.com/fedora-infra/firmitas/security/dependabot/3

Read More

FEDORA-2024-139cdfb1fc

Packages in this update:

firmitas-0.1.3-1.fc39

Update description:

Cryptography v42 is the new thing.

Please follow the steps provided here https://github.com/fedora-infra/firmitas/blob/main/README.md for testing.

References

https://github.com/fedora-infra/firmitas/security/dependabot/1
https://github.com/fedora-infra/firmitas/security/dependabot/2
https://github.com/fedora-infra/firmitas/security/dependabot/3

Read More

FEDORA-EPEL-2024-775b3dac95

Packages in this update:

firmitas-0.1.3-1.el9

Update description:

Cryptography v42 is the new thing.

Please follow the steps provided here https://github.com/fedora-infra/firmitas/blob/main/README.md for testing.

References

https://github.com/fedora-infra/firmitas/security/dependabot/1
https://github.com/fedora-infra/firmitas/security/dependabot/2
https://github.com/fedora-infra/firmitas/security/dependabot/3

Read More

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software WhatsUp Gold. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2024-5008.

Read More

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software WhatsUp Gold. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 9.8. The following CVEs are assigned: CVE-2024-4884.

Read More

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software WhatsUp Gold. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 9.8. The following CVEs are assigned: CVE-2024-4885.

Read More

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software WhatsUp Gold. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 9.8. The following CVEs are assigned: CVE-2024-4883.

Read More