Read Time:6 Second
FEDORA-2024-39f1a828ed
Packages in this update:
httpd-2.4.61-1.fc40
Update description:
version update
security update
Category Archives: Advisories
httpd-2.4.61-1.fc39
Read Time:6 Second
FEDORA-2024-e7e73befad
Packages in this update:
httpd-2.4.61-1.fc39
Update description:
version update
security update
USN-6866-1: Linux kernel vulnerabilities
Read Time:1 Minute, 26 Second
It was discovered that the ext4 file system implementation in the Linux
kernel did not properly validate data state on write operations. An
attacker could use this to construct a malicious ext4 file system image
that, when mounted, could cause a denial of service (system crash).
(CVE-2021-33631)
It was discovered that the ATA over Ethernet (AoE) driver in the Linux
kernel contained a race condition, leading to a use-after-free
vulnerability. An attacker could use this to cause a denial of service or
possibly execute arbitrary code. (CVE-2023-6270)
Sander Wiebing, Alvise de Faveri Tron, Herbert Bos, and Cristiano Giuffrida
discovered that the Linux kernel mitigations for the initial Branch History
Injection vulnerability (CVE-2022-0001) were insufficient for Intel
processors. A local attacker could potentially use this to expose sensitive
information. (CVE-2024-2201)
Gui-Dong Han discovered that the software RAID driver in the Linux kernel
contained a race condition, leading to an integer overflow vulnerability. A
privileged attacker could possibly use this to cause a denial of service
(system crash). (CVE-2024-23307)
Bai Jiaju discovered that the Xceive XC4000 silicon tuner device driver in
the Linux kernel contained a race condition, leading to an integer overflow
vulnerability. An attacker could possibly use this to cause a denial of
service (system crash). (CVE-2024-24861)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– Block layer subsystem;
– Hardware random number generator core;
– GPU drivers;
– AFS file system;
– Memory management;
– Netfilter;
(CVE-2024-26642, CVE-2024-26922, CVE-2024-26720, CVE-2024-26736,
CVE-2024-26898, CVE-2021-47063, CVE-2023-52615)
USN-6305-3: PHP regression
Read Time:26 Second
USN-6305-2 fixed a vulnerability in PHP. The update caused a regression
in Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. This update fix it.
Original advisory details:
It was discovered that PHP incorrectly handled certain XML files.
An attacker could possibly use this issue to expose sensitive information.
(CVE-2023-3823)
It was discovered that PHP incorrectly handled certain PHAR files.
An attacker could possibly use this issue to cause a crash,
expose sensitive information or execute arbitrary code.
(CVE-2023-3824)
USN-6865-1: Linux kernel vulnerabilities
Read Time:1 Minute, 22 Second
It was discovered that the ext4 file system implementation in the Linux
kernel did not properly validate data state on write operations. An
attacker could use this to construct a malicious ext4 file system image
that, when mounted, could cause a denial of service (system crash).
(CVE-2021-33631)
It was discovered that the ATA over Ethernet (AoE) driver in the Linux
kernel contained a race condition, leading to a use-after-free
vulnerability. An attacker could use this to cause a denial of service or
possibly execute arbitrary code. (CVE-2023-6270)
Sander Wiebing, Alvise de Faveri Tron, Herbert Bos, and Cristiano Giuffrida
discovered that the Linux kernel mitigations for the initial Branch History
Injection vulnerability (CVE-2022-0001) were insufficient for Intel
processors. A local attacker could potentially use this to expose sensitive
information. (CVE-2024-2201)
Gui-Dong Han discovered that the software RAID driver in the Linux kernel
contained a race condition, leading to an integer overflow vulnerability. A
privileged attacker could possibly use this to cause a denial of service
(system crash). (CVE-2024-23307)
Bai Jiaju discovered that the Xceive XC4000 silicon tuner device driver in
the Linux kernel contained a race condition, leading to an integer overflow
vulnerability. An attacker could possibly use this to cause a denial of
service (system crash). (CVE-2024-24861)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– Block layer subsystem;
– Hardware random number generator core;
– Memory management;
– Netfilter;
(CVE-2024-26898, CVE-2023-52615, CVE-2024-26642, CVE-2024-26720)
cockpit-320-1.fc39
Read Time:18 Second
FEDORA-2024-9eb3674b7c
Packages in this update:
cockpit-320-1.fc39
Update description:
Automatic update for cockpit-320-1.fc39.
Changelog for cockpit
* Wed Jul 03 2024 Packit <hello@packit.dev> – 320-1
– pam-ssh-add: Fix insecure killing of session ssh-agent [CVE-2024-6126]
– sosreport: Read report directory from sos config (fix page on Debian/Ubuntu)
mingw-python3-3.11.8-2.fc40
Read Time:7 Second
FEDORA-2024-1ecab28e50
Packages in this update:
mingw-python3-3.11.8-2.fc40
Update description:
Backport fix for CVE-2024-4032.
mingw-python3-3.11.8-2.fc39
Read Time:7 Second
FEDORA-2024-fefc75bce4
Packages in this update:
mingw-python3-3.11.8-2.fc39
Update description:
Backport fix for CVE-2024-4032.
USN-6862-1: Firefox vulnerabilities
Read Time:57 Second
Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code. (CVE-2024-5689,
CVE-2024-5690, CVE-2024-5691, CVE-2024-5693, CVE-2024-5697, CVE-2024-5698,
CVE-2024-5699, CVE-2024-5700, CVE-2024-5701)
Lukas Bernhard discovered that Firefox did not properly manage memory
during garbage collection. An attacker could potentially exploit this
issue to cause a denial of service, or execute arbitrary code.
(CVE-2024-5688)
Lukas Bernhard discovered that Firefox did not properly manage memory in
the JavaScript engine. An attacker could potentially exploit this issue to
obtain sensitive information. (CVE-2024-5694)
Irvan Kurniawan discovered that Firefox did not properly handle certain
allocations in the probabilistic heap checker. An attacker could
potentially exploit this issue to cause a denial of service.
(CVE-2024-5695)
Irvan Kurniawan discovered that Firefox did not properly handle certain
text fragments in input tags. An attacker could potentially exploit this
issue to cause a denial of service. (CVE-2024-5696)
firmitas-0.1.3-1.fc40
Read Time:20 Second
FEDORA-2024-71ef04b872
Packages in this update:
firmitas-0.1.3-1.fc40
Update description:
Cryptography v42 is the new thing.
Please follow the steps provided here https://github.com/fedora-infra/firmitas/blob/main/README.md for testing.
References
https://github.com/fedora-infra/firmitas/security/dependabot/1
https://github.com/fedora-infra/firmitas/security/dependabot/2
https://github.com/fedora-infra/firmitas/security/dependabot/3