Read Time:6 Second
FEDORA-2024-903b88b49e
Packages in this update:
qt6-qtbase-6.6.2-2.fc39
Update description:
Fix for CVE-2024-39936.
Category Archives: Advisories
USN-6889-1: .NET vulnerabilities
Read Time:26 Second
It was discovered that .NET did not properly handle object
deserialization. An attacker could possibly use this issue to cause
a denial of service. (CVE-2024-30105)
Radek Zikmund discovered that .NET did not properly manage memory. An
attacker could use this issue to cause a denial of service or possibly
execute arbitrary code. (CVE-2024-35264)
It was discovered that .NET did not properly parse X.509 Content and
ObjectIdentifiers. An attacker could possibly use this issue to cause
a denial of service. (CVE-2024-38095)
USN-6890-1: Firefox vulnerabilities
Read Time:54 Second
Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code. (CVE-2024-6601,
CVE-2024-6604, CVE-2024-6607, CVE-2024-6608, CVE-2024-6610, CVE-2024-6611,
CVE-2024-6612, CVE-2024-6613, CVE-2024-6614, CVE-2024-6615)
It was discovered that Firefox did not properly manage certain memory
operations in the NSS. An attacker could potentially exploit this issue to
cause a denial of service, or execute arbitrary code. (CVE-2024-6602,
CVE-2024-6609)
Irvan Kurniawan discovered that Firefox did not properly manage memory
during thread creation. An attacker could potentially exploit this
issue to cause a denial of service, or execute arbitrary code.
(CVE-2024-6603)
It was discovered that Firefox incorrectly handled array accesses in the
clipboard component, leading to an out-of-bounds read vulnerability. An
attacker could possibly use this issue to cause a denial of service or
expose sensitive information. (CVE-2024-6606)
GLSA 202407-24: HarfBuzz: Denial of Service
GLSA 202407-25: Buildah: Multiple Vulnerabilities
DSA-5728-1 exim4 – security update
Read Time:13 Second
Phillip Szelat discovered that Exim, a mail transport agent, does not
properly parse a multiline RFC 2231 header filename, allowing a remote
attacker to bypass a $mime_filename based extension-blocking protection
mechanism.
DSA-5727-1 firefox-esr – security update
Read Time:10 Second
Multiple security issues have been found in the Mozilla Firefox web
browser, which could potentially result in the execution of arbitrary
code or privilege escalation.
krb5-1.21.3-1.fc39
Read Time:45 Second
FEDORA-2024-df2c70dba9
Packages in this update:
krb5-1.21.3-1.fc39
Update description:
This update fixes multiple CVEs and rebases to the latest upstream version:
* Tue Jul 09 2024 Julien Rische <jrische@redhat.com> – 1.21.3-1
– New upstream version (1.21.3)
– CVE-2024-26458: Memory leak in src/lib/rpc/pmap_rmt.c
Resolves: rhbz#2266732
– CVE-2024-26461: Memory leak in src/lib/gssapi/krb5/k5sealv3.c
Resolves: rhbz#2266741
– CVE-2024-26462: Memory leak in src/kdc/ndr.c
Resolves: rhbz#2266743
– Add missing SPDX license identifiers
Resolves: rhbz#2265333
* Mon Jul 08 2024 Julien Rische <jrische@redhat.com> – 1.21.2-6
– CVE-2024-37370 CVE-2024-37371: GSS message token handling
Resolves: rhbz#2294678 rhbz#2294680
– Fix double free in klist’s show_ccache()
Resolves: rhbz#2257301
– Do not include files with “~” termination in krb5-tests
firefox-128.0-1.fc39
Read Time:6 Second
FEDORA-2024-fc815ee65f
Packages in this update:
firefox-128.0-1.fc39
Update description:
Updated to latest upstream (128.0)
firefox-128.0-1.fc40
Read Time:6 Second
FEDORA-2024-f9e8f7d3a7
Packages in this update:
firefox-128.0-1.fc40
Update description:
Updated to latest upstream (128.0)