Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– Microsoft Azure Network Adapter (MANA) driver;
– Watchdog drivers;
– Netfilter;
– Network traffic control;
(CVE-2024-45016, CVE-2024-38630, CVE-2024-45001, CVE-2024-27397)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– GPU drivers;
– BTRFS file system;
– F2FS file system;
– GFS2 file system;
– BPF subsystem;
– Netfilter;
– RxRPC session sockets;
– Integrity Measurement Architecture(IMA) framework;
(CVE-2024-27012, CVE-2024-38570, CVE-2024-42228, CVE-2024-41009,
CVE-2024-39494, CVE-2024-42160, CVE-2024-39496, CVE-2024-26677)
webkitgtk-2.46.3-1.fc40
Update to WebKitGTK 2.46.3:
Flatten layers to a plane when preseve-3d style is set.
Fix DuckDuckGo links by adding a user agent quirk.
Fix several crashes and rendering issues.
Fixes: CVE-2024-44244, CVE-2024-44296
Changes from WebKitGTK 2.46.2:
Own well-known bus name on a11y bus.
Improve memory consumption when putImageData is used repeatedly on accelerated canvas.
Disable cached web process suspension for now to prevent leaks.
Improve text kerning with different combinations of antialias and hinting settings.
Destroy all network sessions on process exit.
Fix visible rectangle calculation when there are animations.
Fix the build with ENABLE_NOTIFICATIONS=OFF.
Fix several crashes and rendering issues.
webkitgtk-2.46.3-1.fc41
Update to WebKitGTK 2.46.3:
Flatten layers to a plane when preseve-3d style is set.
Fix DuckDuckGo links by adding a user agent quirk.
Fix several crashes and rendering issues.
Fixes: CVE-2024-44244, CVE-2024-44296
Changes from WebKitGTK 2.46.2:
Own well-known bus name on a11y bus.
Improve memory consumption when putImageData is used repeatedly on accelerated canvas.
Disable cached web process suspension for now to prevent leaks.
Improve text kerning with different combinations of antialias and hinting settings.
Destroy all network sessions on process exit.
Fix visible rectangle calculation when there are animations.
Fix the build with ENABLE_NOTIFICATIONS=OFF.
Fix several crashes and rendering issues.
webkitgtk-2.46.3-1.fc39
Update to WebKitGTK 2.46.3:
Flatten layers to a plane when preseve-3d style is set.
Fix DuckDuckGo links by adding a user agent quirk.
Fix several crashes and rendering issues.
Fixes: CVE-2024-44244, CVE-2024-44296
Changes from WebKitGTK 2.46.2:
Own well-known bus name on a11y bus.
Improve memory consumption when putImageData is used repeatedly on accelerated canvas.
Disable cached web process suspension for now to prevent leaks.
Improve text kerning with different combinations of antialias and hinting settings.
Destroy all network sessions on process exit.
Fix visible rectangle calculation when there are animations.
Fix the build with ENABLE_NOTIFICATIONS=OFF.
Fix several crashes and rendering issues.
Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code. (CVE-2024-10458
CVE-2024-10459, CVE-2024-10460, CVE-2024-10461, CVE-2024-10462,
CVE-2024-10463, CVE-2024-10464, CVE-2024-10465, CVE-2024-10466,
CVE-2024-10467, CVE-2024-10468)
It was discovered that libarchive incorrectly handled certain RAR archive
files. If a user or automated system were tricked into processing a
specially crafted RAR archive, an attacker could use this issue to cause
libarchive to crash, resulting in a denial of service, or possibly execute
arbitrary code.
A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Jmini, Rotiple, D4m0n’ was reported to the affected vendor on: 2024-10-31, 0 days ago. The vendor is given until 2025-02-28 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-44284.
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 3.3. The following CVEs are assigned: CVE-2024-44283.
