Read Time:8 Second
FEDORA-2024-c07c365ba7
Packages in this update:
yt-dlp-2024.07.07-1.fc39
Update description:
Update to 2024.07.07
Update to 2024.07.02
Category Archives: Advisories
USN-6885-1: Apache HTTP Server vulnerabilities
Read Time:1 Minute, 12 Second
Marc Stern discovered that the Apache HTTP Server incorrectly handled
serving WebSocket protocol upgrades over HTTP/2 connections. A remote
attacker could possibly use this issue to cause the server to crash,
resulting in a denial of service. (CVE-2024-36387)
Orange Tsai discovered that the Apache HTTP Server mod_proxy module
incorrectly sent certain request URLs with incorrect encodings to backends.
A remote attacker could possibly use this issue to bypass authentication.
(CVE-2024-38473)
Orange Tsai discovered that the Apache HTTP Server mod_rewrite module
incorrectly handled certain substitutions. A remote attacker could possibly
use this issue to execute scripts in directories not directly reachable
by any URL, or cause a denial of service. Some environments may require
using the new UnsafeAllow3F flag to handle unsafe substitutions.
(CVE-2024-38474, CVE-2024-38475, CVE-2024-39573)
Orange Tsai discovered that the Apache HTTP Server incorrectly handled
certain response headers. A remote attacker could possibly use this issue
to obtain sensitive information, execute local scripts, or perform SSRF
attacks. (CVE-2024-38476)
Orange Tsai discovered that the Apache HTTP Server mod_proxy module
incorrectly handled certain requests. A remote attacker could possibly use
this issue to cause the server to crash, resulting in a denial of service.
(CVE-2024-38477)
It was discovered that the Apache HTTP Server incorrectly handled certain
handlers configured via AddType. A remote attacker could possibly use this
issue to obtain source code. (CVE-2024-39884)
krb5-1.21.2-6.fc41
Read Time:22 Second
FEDORA-2024-36514cd080
Packages in this update:
krb5-1.21.2-6.fc41
Update description:
Automatic update for krb5-1.21.2-6.fc41.
Changelog
* Mon Jul 8 2024 Julien Rische <jrische@redhat.com> – 1.21.2-6
– CVE-2024-37370 CVE-2024-37371: GSS message token handling
Resolves: rhbz#2294678 rhbz#2294680
– Fix double free in klist’s show_ccache()
Resolves: rhbz#2257301
– Do not include files with “~” termination in krb5-tests
USN-6884-1: Nova vulnerability
Read Time:9 Second
Martin Kaesberger discovered that Nova incorrectly handled QCOW2 image
processing. An authenticated user could use this issue to access arbitrary
files on the server, possibly exposing sensitive information.
USN-6883-1: OpenStack Glance vulnerability
Read Time:9 Second
Martin Kaesberger discovered that Glance incorrectly handled QCOW2 image
processing. An authenticated user could use this issue to access arbitrary
files on the server, possibly exposing sensitive information.
USN-6882-1: Cinder vulnerability
Read Time:9 Second
Martin Kaesberger discovered that Cinder incorrectly handled QCOW2 image
processing. An authenticated user could use this issue to access arbitrary
files on the server, possibly exposing sensitive information.
USN-6881-1: Exim vulnerability
Read Time:9 Second
It was discovered that Exim did not enforce STARTTLS sync point on client
side. An attacker could possibly use this issue to perform response
injection during MTA SMTP sending.
qt6-qtbase-6.7.2-3.fc40
Read Time:6 Second
FEDORA-2024-9bf3ff4133
Packages in this update:
qt6-qtbase-6.7.2-3.fc40
Update description:
Fix CVE-2024-39936.
golang-1.21.12-1.fc39
Read Time:6 Second
FEDORA-2024-5b06c85574
Packages in this update:
golang-1.21.12-1.fc39
Update description:
This update fixes CVE-2024-24791
golang-1.22.5-1.fc40
Read Time:6 Second
FEDORA-2024-96a7a68962
Packages in this update:
golang-1.22.5-1.fc40
Update description:
This update fixes CVE-2024-24791