Category Archives: Advisories

iwd-3.3-1.fc40 libell-0.71-1.fc40

Read Time:26 Second

FEDORA-2024-0fa283c43a

Packages in this update:

iwd-3.3-1.fc40
libell-0.71-1.fc40

Update description:

iwd 3.3:

Fix issue with handling External Authentication.

iwd 3.2:

Fix issue with GCC 15 and -std=c23 build errors.
Add support for using PMKSA over SAE if available.
Add support for HighUtilization/StationCount thresholds.
Add support for disabling Multicast RX option.

ell 0.71:

Fix issue with GCC 15 and -std=c23 build errors.

ell 0.70:

Add support for helper function for safe memcpy.

Read More

iwd-3.3-1.fc41 libell-0.71-1.fc41

Read Time:26 Second

FEDORA-2024-256818da09

Packages in this update:

iwd-3.3-1.fc41
libell-0.71-1.fc41

Update description:

iwd 3.3:

Fix issue with handling External Authentication.

iwd 3.2:

Fix issue with GCC 15 and -std=c23 build errors.
Add support for using PMKSA over SAE if available.
Add support for HighUtilization/StationCount thresholds.
Add support for disabling Multicast RX option.

ell 0.71:

Fix issue with GCC 15 and -std=c23 build errors.

ell 0.70:

Add support for helper function for safe memcpy.

Read More

A Vulnerability in Apache Struts2 Could Allow for Remote Code Execution

Read Time:30 Second

A vulnerability has been discovered in Apache Struts2, which could allow for remote code execution. Apache Struts2 is an open-source web application framework used for developing Java web applications. Successful exploitation of this vulnerability could allow for remote code execution in the context of the affected service account. Depending on the privileges associated with the service account, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Services whose accounts are configured to have less rights on the system could be less impacted than those who operate with administrative user rights.

Read More

CyberDanube Security Research 20241219-0 | Authenticated Remote Code Execution in Ewon Flexy 205

Read Time:15 Second

Posted by Thomas Weber | CyberDanube via Fulldisclosure on Dec 21

CyberDanube Security Research 20241219-0
——————————————————————————-
title| Authenticated Remote Code Execution
product| Ewon Flexy 205
vulnerable version| <= v14.8s0 (#2633)
fixed version| –
CVE number| CVE-2024-9154
impact| High
homepage| https://www.hms-networks.com/
found| 2024-09-03…

Read More

USN-7179-1: Linux kernel vulnerabilities

Read Time:1 Minute, 4 Second

Andy Nguyen discovered that the Bluetooth L2CAP implementation in the Linux
kernel contained a type-confusion error. A physically proximate remote
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2020-12351)

Andy Nguyen discovered that the Bluetooth A2MP implementation in the Linux
kernel did not properly initialize memory in some situations. A physically
proximate remote attacker could use this to expose sensitive information
(kernel memory). (CVE-2020-12352)

Andy Nguyen discovered that the Bluetooth HCI event packet parser in the
Linux kernel did not properly handle event advertisements of certain sizes,
leading to a heap-based buffer overflow. A physically proximate remote
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2020-24490)

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– GPU drivers;
– Media drivers;
– Network drivers;
– SMB network file system;
– Bluetooth subsystem;
– Amateur Radio drivers;
– Network traffic control;
– VMware vSockets driver;
(CVE-2024-43904, CVE-2024-35963, CVE-2024-35967, CVE-2024-40973,
CVE-2024-26822, CVE-2024-35965, CVE-2024-40910, CVE-2024-38553,
CVE-2024-53057, CVE-2024-50264, CVE-2024-35966)

Read More

USN-7173-2: Linux kernel vulnerabilities

Read Time:42 Second

Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not
properly handle certain error conditions, leading to a NULL pointer
dereference. A local attacker could possibly trigger this vulnerability to
cause a denial of service. (CVE-2022-38096)

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– GPU drivers;
– Network drivers;
– SCSI subsystem;
– Ext4 file system;
– Bluetooth subsystem;
– Memory management;
– Amateur Radio drivers;
– Network traffic control;
– Sun RPC protocol;
– VMware vSockets driver;
(CVE-2023-52821, CVE-2024-40910, CVE-2024-43892, CVE-2024-49967,
CVE-2024-50264, CVE-2024-36952, CVE-2024-38553, CVE-2021-47101,
CVE-2021-47001, CVE-2024-35965, CVE-2024-35963, CVE-2024-35966,
CVE-2024-35967, CVE-2024-53057, CVE-2024-38597)

Read More

swiftlint-0.57.1-1.fc42

Read Time:28 Second

FEDORA-2024-87d30b4fbf

Packages in this update:

swiftlint-0.57.1-1.fc42

Update description:

Automatic update for swiftlint-0.57.1-1.fc42.

Changelog

* Fri Dec 20 2024 Davide Cavalca <dcavalca@fedoraproject.org> – 0.57.1-1
– Update to 0.57.1; Fixes: RHBZ#2280939, RHBZ#2301323, RHBZ#2280426,
RHBZ#2280433, RHBZ#2280449, RHBZ#2280455, RHBZ#2280469, RHBZ#2280475,
RHBZ#2280487, RHBZ#2302835, RHBZ#2307674
* Sat Jul 20 2024 Fedora Release Engineering <releng@fedoraproject.org> – 0.53.0-5
– Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild

Read More

USN-7166-3: Linux kernel (HWE) vulnerabilities

Read Time:3 Minute, 46 Second

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– ARM32 architecture;
– RISC-V architecture;
– S390 architecture;
– x86 architecture;
– Block layer subsystem;
– ACPI drivers;
– Drivers core;
– ATA over ethernet (AOE) driver;
– TPM device driver;
– Clock framework and drivers;
– Buffer Sharing and Synchronization framework;
– EFI core;
– GPIO subsystem;
– GPU drivers;
– HID subsystem;
– I2C subsystem;
– InfiniBand drivers;
– Input Device core drivers;
– Mailbox framework;
– Media drivers;
– Ethernet bonding driver;
– Network drivers;
– Mellanox network drivers;
– Microsoft Azure Network Adapter (MANA) driver;
– STMicroelectronics network drivers;
– NTB driver;
– Virtio pmem driver;
– PCI subsystem;
– x86 platform drivers;
– S/390 drivers;
– SCSI subsystem;
– SPI subsystem;
– Thermal drivers;
– USB Device Class drivers;
– USB Type-C Port Controller Manager driver;
– VFIO drivers;
– Virtio Host (VHOST) subsystem;
– Framebuffer layer;
– 9P distributed file system;
– BTRFS file system;
– Ceph distributed file system;
– File systems infrastructure;
– Ext4 file system;
– F2FS file system;
– GFS2 file system;
– JFS file system;
– Network file system (NFS) client;
– Network file system (NFS) server daemon;
– NILFS2 file system;
– Network file system (NFS) superblock;
– Bluetooth subsystem;
– Network traffic control;
– Network sockets;
– TCP network protocol;
– BPF subsystem;
– Perf events;
– Kernel thread helper (kthread);
– Padata parallel execution mechanism;
– Arbitrary resource management;
– Static call mechanism;
– Tracing infrastructure;
– Memory management;
– Ethernet bridge;
– CAN network layer;
– Networking core;
– IPv4 networking;
– IPv6 networking;
– MAC80211 subsystem;
– Multipath TCP;
– Netfilter;
– Netlink;
– SCTP protocol;
– TIPC protocol;
– SELinux security module;
– Simplified Mandatory Access Control Kernel framework;
– AudioScience HPI driver;
– Amlogic Meson SoC drivers;
– USB sound devices;
(CVE-2024-49944, CVE-2024-49907, CVE-2024-50062, CVE-2024-36893,
CVE-2024-49985, CVE-2024-49903, CVE-2024-49886, CVE-2024-50180,
CVE-2024-47757, CVE-2024-49938, CVE-2024-49902, CVE-2024-47709,
CVE-2024-49884, CVE-2024-49967, CVE-2024-49977, CVE-2024-47734,
CVE-2024-49954, CVE-2024-49963, CVE-2024-47747, CVE-2024-50008,
CVE-2024-47696, CVE-2024-50038, CVE-2024-46695, CVE-2024-47705,
CVE-2024-49957, CVE-2024-38538, CVE-2024-50019, CVE-2024-38544,
CVE-2024-50003, CVE-2024-50095, CVE-2024-50000, CVE-2024-49981,
CVE-2024-49863, CVE-2024-47710, CVE-2024-49983, CVE-2024-26947,
CVE-2024-46852, CVE-2024-49871, CVE-2024-49936, CVE-2024-47720,
CVE-2024-49881, CVE-2024-47672, CVE-2024-50040, CVE-2024-49997,
CVE-2024-50044, CVE-2023-52532, CVE-2024-47740, CVE-2024-44942,
CVE-2024-49948, CVE-2023-52621, CVE-2024-49959, CVE-2024-47718,
CVE-2024-50188, CVE-2024-47699, CVE-2024-47756, CVE-2024-47723,
CVE-2024-46849, CVE-2024-50035, CVE-2024-50189, CVE-2024-47684,
CVE-2024-49900, CVE-2024-50024, CVE-2024-49851, CVE-2024-49860,
CVE-2024-49924, CVE-2024-49946, CVE-2024-44940, CVE-2023-52904,
CVE-2024-47679, CVE-2024-47748, CVE-2023-52917, CVE-2024-47735,
CVE-2024-46858, CVE-2024-35904, CVE-2024-47673, CVE-2024-49878,
CVE-2024-47739, CVE-2024-49973, CVE-2024-49935, CVE-2024-49875,
CVE-2024-49896, CVE-2024-47690, CVE-2024-50007, CVE-2024-49933,
CVE-2024-49958, CVE-2024-49913, CVE-2024-49883, CVE-2024-47742,
CVE-2024-41016, CVE-2024-50002, CVE-2024-49969, CVE-2024-46853,
CVE-2024-50031, CVE-2024-47698, CVE-2024-47749, CVE-2024-50059,
CVE-2024-49966, CVE-2024-50093, CVE-2024-27072, CVE-2024-50186,
CVE-2024-49895, CVE-2024-38632, CVE-2024-49995, CVE-2024-38545,
CVE-2024-38667, CVE-2024-36968, CVE-2024-49952, CVE-2024-50001,
CVE-2024-47697, CVE-2024-50045, CVE-2024-49856, CVE-2024-49852,
CVE-2024-47712, CVE-2023-52639, CVE-2024-49975, CVE-2024-42158,
CVE-2024-49962, CVE-2024-50181, CVE-2024-42156, CVE-2024-46855,
CVE-2024-47693, CVE-2024-47670, CVE-2024-47706, CVE-2024-50184,
CVE-2024-49965, CVE-2024-39463, CVE-2024-50191, CVE-2024-49866,
CVE-2024-49890, CVE-2024-49877, CVE-2024-49879, CVE-2024-49927,
CVE-2024-50039, CVE-2024-46859, CVE-2024-47674, CVE-2024-50096,
CVE-2024-50013, CVE-2024-46854, CVE-2024-49868, CVE-2024-49882,
CVE-2024-47671, CVE-2024-50179, CVE-2024-44931, CVE-2024-50046,
CVE-2024-50006, CVE-2024-49892, CVE-2024-49949, CVE-2024-42079,
CVE-2024-46865, CVE-2024-47692, CVE-2024-47713, CVE-2024-47701,
CVE-2024-49889, CVE-2024-49894, CVE-2024-50015, CVE-2024-49858,
CVE-2024-49955, CVE-2024-49867, CVE-2024-35951, CVE-2024-50033,
CVE-2024-49982, CVE-2024-47695, CVE-2024-50049, CVE-2024-49930,
CVE-2024-50041, CVE-2024-47737, CVE-2024-47685)

Read More

USN-7159-4: Linux kernel (IoT) vulnerabilities

Read Time:44 Second

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– ARM32 architecture;
– ARM64 architecture;
– S390 architecture;
– x86 architecture;
– Power management core;
– GPU drivers;
– InfiniBand drivers;
– Network drivers;
– S/390 drivers;
– TTY drivers;
– BTRFS file system;
– EROFS file system;
– F2FS file system;
– File systems infrastructure;
– BPF subsystem;
– Socket messages infrastructure;
– Bluetooth subsystem;
– Ethernet bridge;
– Networking core;
– IPv4 networking;
– SELinux security module;
(CVE-2022-48938, CVE-2024-42156, CVE-2024-36953, CVE-2024-38538,
CVE-2021-47501, CVE-2024-42068, CVE-2024-26947, CVE-2024-46724,
CVE-2024-36968, CVE-2023-52497, CVE-2024-35951, CVE-2023-52488,
CVE-2024-44940, CVE-2022-48733, CVE-2023-52498, CVE-2022-48943,
CVE-2024-35904, CVE-2024-42077, CVE-2024-36938, CVE-2023-52639,
CVE-2024-42240, CVE-2024-44942, CVE-2021-47076)

Read More

chromium-131.0.6778.204-1.el10_0

Read Time:19 Second

FEDORA-EPEL-2024-b98ed0b39c

Packages in this update:

chromium-131.0.6778.204-1.el10_0

Update description:

Update to 131.0.6778.204

High CVE-2024-12692: Type Confusion in V8
High CVE-2024-12693: Out of bounds memory access in V8
High CVE-2024-12694: Use after free in Compositing
High CVE-2024-12695: Out of bounds write in V8

Read More