Read Time:6 Second
FEDORA-2024-eef12396fc
Packages in this update:
yarnpkg-1.22.22-2.fc40
Update description:
Backport fix for CVE-2024-4067.
Category Archives: Advisories
pgadmin4-7.8-7.fc39
Read Time:8 Second
FEDORA-2024-9820d9491f
Packages in this update:
pgadmin4-7.8-7.fc39
Update description:
Backport security fixes for CVE-2024-4216, CVE-2024-4068, CVE-2024-4067.
USN-6879-1: Virtuoso Open-Source Edition vulnerabilities
Read Time:34 Second
Jingzhou Fu discovered that Virtuoso Open-Source Edition incorrectly
handled certain crafted SQL statements. An attacker could possibly use
this issue to crash the program, resulting in a denial of service.
(CVE-2023-31620, CVE-2023-31622, CVE-2023-31624, CVE-2023-31626,
CVE-2023-31627, CVE-2023-31629, CVE-2023-31630, CVE-2023-31631,
CVE-2023-48951)
Jingzhou Fu discovered that Virtuoso Open-Source Edition incorrectly
handled certain crafted SQL statements. An attacker could possibly use
this issue to crash the program, resulting in a denial of service.
This issue only affects Ubuntu 22.04 LTS and Ubuntu 24.04 LTS.
(CVE-2023-48945, CVE-2023-48946, CVE-2023-48947, CVE-2023-48950)
USN-6866-2: Linux kernel (Azure) vulnerabilities
Read Time:1 Minute, 26 Second
It was discovered that the ext4 file system implementation in the Linux
kernel did not properly validate data state on write operations. An
attacker could use this to construct a malicious ext4 file system image
that, when mounted, could cause a denial of service (system crash).
(CVE-2021-33631)
It was discovered that the ATA over Ethernet (AoE) driver in the Linux
kernel contained a race condition, leading to a use-after-free
vulnerability. An attacker could use this to cause a denial of service or
possibly execute arbitrary code. (CVE-2023-6270)
Sander Wiebing, Alvise de Faveri Tron, Herbert Bos, and Cristiano Giuffrida
discovered that the Linux kernel mitigations for the initial Branch History
Injection vulnerability (CVE-2022-0001) were insufficient for Intel
processors. A local attacker could potentially use this to expose sensitive
information. (CVE-2024-2201)
Gui-Dong Han discovered that the software RAID driver in the Linux kernel
contained a race condition, leading to an integer overflow vulnerability. A
privileged attacker could possibly use this to cause a denial of service
(system crash). (CVE-2024-23307)
Bai Jiaju discovered that the Xceive XC4000 silicon tuner device driver in
the Linux kernel contained a race condition, leading to an integer overflow
vulnerability. An attacker could possibly use this to cause a denial of
service (system crash). (CVE-2024-24861)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– Block layer subsystem;
– Hardware random number generator core;
– GPU drivers;
– AFS file system;
– Memory management;
– Netfilter;
(CVE-2024-26642, CVE-2024-26922, CVE-2024-26720, CVE-2024-26736,
CVE-2024-26898, CVE-2021-47063, CVE-2023-52615)
USN-6865-2: Linux kernel (Azure) vulnerabilities
Read Time:1 Minute, 22 Second
It was discovered that the ext4 file system implementation in the Linux
kernel did not properly validate data state on write operations. An
attacker could use this to construct a malicious ext4 file system image
that, when mounted, could cause a denial of service (system crash).
(CVE-2021-33631)
It was discovered that the ATA over Ethernet (AoE) driver in the Linux
kernel contained a race condition, leading to a use-after-free
vulnerability. An attacker could use this to cause a denial of service or
possibly execute arbitrary code. (CVE-2023-6270)
Sander Wiebing, Alvise de Faveri Tron, Herbert Bos, and Cristiano Giuffrida
discovered that the Linux kernel mitigations for the initial Branch History
Injection vulnerability (CVE-2022-0001) were insufficient for Intel
processors. A local attacker could potentially use this to expose sensitive
information. (CVE-2024-2201)
Gui-Dong Han discovered that the software RAID driver in the Linux kernel
contained a race condition, leading to an integer overflow vulnerability. A
privileged attacker could possibly use this to cause a denial of service
(system crash). (CVE-2024-23307)
Bai Jiaju discovered that the Xceive XC4000 silicon tuner device driver in
the Linux kernel contained a race condition, leading to an integer overflow
vulnerability. An attacker could possibly use this to cause a denial of
service (system crash). (CVE-2024-24861)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– Block layer subsystem;
– Hardware random number generator core;
– Memory management;
– Netfilter;
(CVE-2024-26898, CVE-2023-52615, CVE-2024-26642, CVE-2024-26720)
USN-6870-2: Linux kernel (AWS) vulnerabilities
Read Time:24 Second
It was discovered that the Intel Data Streaming and Intel Analytics
Accelerator drivers in the Linux kernel allowed direct access to the
devices for unprivileged users and virtual machines. A local attacker could
use this to cause a denial of service. (CVE-2024-21823)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystem:
– Netfilter;
(CVE-2024-26643, CVE-2024-26924)
USN-6873-2: Linux kernel (StarFive) vulnerabilities
Read Time:25 Second
It was discovered that the Intel Data Streaming and Intel Analytics
Accelerator drivers in the Linux kernel allowed direct access to the
devices for unprivileged users and virtual machines. A local attacker could
use this to cause a denial of service. (CVE-2024-21823)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystem:
– Netfilter;
(CVE-2024-26643, CVE-2024-26925, CVE-2024-26924, CVE-2024-26809)
USN-6864-2: Linux kernel vulnerabilities
Read Time:23 Second
It was discovered that the Intel Data Streaming and Intel Analytics
Accelerator drivers in the Linux kernel allowed direct access to the
devices for unprivileged users and virtual machines. A local attacker could
use this to cause a denial of service. (CVE-2024-21823)
A security issue was discovered in the Linux kernel.
An attacker could possibly use it to compromise the system.
This update corrects flaws in the following subsystem:
– Netfilter;
(CVE-2024-26924)
USN-6872-2: Linux kernel vulnerabilities
Read Time:12 Second
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystem:
– Netfilter;
(CVE-2024-26809, CVE-2024-26643, CVE-2024-26925, CVE-2024-26924)
USN-6876-1: Kopano Core vulnerabilities
Read Time:17 Second
It was discovered that Kopano Core allowed out-of-bounds access. An
attacker could use this issue to expose private information. This issue
only affected Ubuntu 18.04 LTS. (CVE-2019-19907)
It was discovered that Kopano Core allowed possible authentication
with expired passwords. An attacker could use this issue to bypass
authentication. (CVE-2022-26562)