Read Time:7 Second
FEDORA-2024-126c4f06a8
Packages in this update:
python3.6-3.6.15-38.fc41
Update description:
Security fix for CVE-2024-9287 (rhbz#2321659)
Category Archives: Advisories
USN-7092-1: mpg123 vulnerability
Read Time:15 Second
It was discovered that mpg123 incorrectly handled certain mp3 files. If a
user or automated system were tricked into opening a specially crafted mp3
file, a remote attacker could use this issue to cause mpg123 to crash,
resulting in a denial of service, or possibly execute arbitrary code.
python3.6-3.6.15-38.fc42
Read Time:15 Second
FEDORA-2024-0bebaff45f
Packages in this update:
python3.6-3.6.15-38.fc42
Update description:
Automatic update for python3.6-3.6.15-38.fc42.
Changelog
* Mon Nov 4 2024 Lumír Balhar <lbalhar@redhat.com> – 3.6.15-38
– Security fix for CVE-2024-9287 (rhbz#2321659)
mingw-expat-2.6.3-2.fc40
Read Time:7 Second
FEDORA-2024-950b4465ed
Packages in this update:
mingw-expat-2.6.3-2.fc40
Update description:
Backport fix for CVE-2024-50602.
mingw-expat-2.6.3-2.fc39
Read Time:7 Second
FEDORA-2024-7427eaacd8
Packages in this update:
mingw-expat-2.6.3-2.fc39
Update description:
Backport fix for CVE-2024-50602.
mingw-expat-2.6.3-2.fc41
Read Time:7 Second
FEDORA-2024-25166655a5
Packages in this update:
mingw-expat-2.6.3-2.fc41
Update description:
Backport fix for CVE-2024-50602.
ZDI-CAN-25570: Symantec
Read Time:23 Second
A CVSS score 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘ Vladislav Berghici of Trend Micro Research’ was reported to the affected vendor on: 2024-11-05, 0 days ago. The vendor is given until 2025-03-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
ZDI-24-1453: X.Org Server XkbSetCompatMap Heap-based Buffer Overflow Privilege Escalation Vulnerability
Read Time:17 Second
This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-9632.
ZDI-24-1456: Linux Kernel ksmbd Session Race Condition Remote Code Execution Vulnerability
Read Time:12 Second
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Linux Kernel. Authentication is required to exploit this vulnerability. However, only systems with ksmbd enabled are vulnerable. The ZDI has assigned a CVSS rating of 8.5.
ZDI-24-1455: Linux Kernel Net Scheduler ATM Queuing Discipline Use-After-Free Local Privilege Escalation Vulnerability
Read Time:14 Second
This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8.