Read Time:6 Second
FEDORA-2025-e45eecf53a
Packages in this update:
webkit2gtk4.0-2.46.5-1.fc40
Update description:
Update to 2.46.5
Category Archives: Advisories
rsync-3.4.0-1.fc41
Read Time:12 Second
FEDORA-2025-ec87287710
Packages in this update:
rsync-3.4.0-1.fc41
Update description:
New version 3.4.0. Contains fixes for CVE-2024-12084, CVE-2024-12085, CVE-2024-12086, CVE-2024-12087, CVE-2024-12088, CVE-2024-12747
rsync-3.4.0-1.fc40
Read Time:12 Second
FEDORA-2025-73c1f25730
Packages in this update:
rsync-3.4.0-1.fc40
Update description:
New version 3.4.0. Contains fixes for CVE-2024-12084, CVE-2024-12085, CVE-2024-12086, CVE-2024-12087, CVE-2024-12088, CVE-2024-12747.
Multiple Vulnerabilities in Ivanti Avalanche Could Allow for Authentication Bypass
Read Time:32 Second
Multiple Vulnerabilities have been discovered in Ivanti Avalanche, the most severe of which could allow for authentication bypass. Ivanti Avalanche is a mobile device management system. Network security features allow one to manage wireless settings (including encryption and authentication) and apply those settings on a schedule throughout the network. Successful exploitation could allow for a remote unauthenticated attacker to bypass authentication. Depending on the privileges associated with the logged-on user, an attacker could then install programs; view, change, or delete data. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Critical Patches Issued for Microsoft Products, January 14, 2025
Read Time:24 Second
Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution
Read Time:28 Second
Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
USN-7207-1: Git vulnerabilities
Read Time:18 Second
It was discovered that Git incorrectly handled certain URLs when
asking for credentials. An attacker could possibly use this
issue to mislead the user into typing passwords for trusted
sites that would then be sent to untrusted sites instead.
(CVE-2024-50349)
It was discovered that git incorrectly handled line endings when
using credential helpers. (CVE-2024-52006)
USN-7195-2: Linux kernel (Azure) vulnerabilities
Read Time:1 Minute, 15 Second
Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not
properly handle certain error conditions, leading to a NULL pointer
dereference. A local attacker could possibly trigger this vulnerability to
cause a denial of service. (CVE-2022-38096)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– ARM32 architecture;
– ARM64 architecture;
– S390 architecture;
– x86 architecture;
– Power management core;
– GPU drivers;
– InfiniBand drivers;
– Network drivers;
– S/390 drivers;
– SCSI subsystem;
– TTY drivers;
– BTRFS file system;
– Ext4 file system;
– EROFS file system;
– F2FS file system;
– File systems infrastructure;
– BPF subsystem;
– Socket messages infrastructure;
– Bluetooth subsystem;
– Memory management;
– Amateur Radio drivers;
– Ethernet bridge;
– Networking core;
– IPv4 networking;
– Network traffic control;
– Sun RPC protocol;
– VMware vSockets driver;
– SELinux security module;
(CVE-2024-42240, CVE-2024-36938, CVE-2024-35967, CVE-2024-36953,
CVE-2022-48938, CVE-2024-38553, CVE-2024-35904, CVE-2024-35965,
CVE-2024-26947, CVE-2024-36968, CVE-2024-43892, CVE-2024-38597,
CVE-2023-52498, CVE-2021-47501, CVE-2024-44942, CVE-2024-42077,
CVE-2024-53057, CVE-2024-46724, CVE-2024-35963, CVE-2022-48943,
CVE-2024-42068, CVE-2024-42156, CVE-2022-48733, CVE-2023-52639,
CVE-2021-47101, CVE-2023-52821, CVE-2024-44940, CVE-2024-36952,
CVE-2021-47001, CVE-2024-38538, CVE-2024-40910, CVE-2021-47076,
CVE-2024-35966, CVE-2024-50264, CVE-2024-35951, CVE-2023-52488,
CVE-2023-52497, CVE-2024-49967)
USN-7205-1: Django vulnerability
Read Time:7 Second
It was discovered that Django incorrectly handled certain IPv6
strings. An attacker could possibly use this issue to cause a
denial of service.
SDL2_sound-2.0.4-1.fc41
Read Time:36 Second
FEDORA-2025-82714dbb22
Packages in this update:
SDL2_sound-2.0.4-1.fc41
Update description:
Latest stable release from upstream. Changelog: https://github.com/icculus/SDL_sound/releases/tag/v2.0.4 . NOTE: dr_libs are unbundled.
Fixes:
CVE-2023-45676: Multi-byte write heap buffer overflow in start_decoder()
CVE-2023-45677: Heap buffer out of bounds write in start_decoder()
CVE-2023-45679: Attempt to free an uninitialized memory pointer in vorbis_deinit()
CVE-2023-45680: Null pointer dereference in vorbis_deinit()
CVE-2023-45679: Attempt to free an uninitialized memory pointer in vorbis_deinit()
CVE-2023-45680: Null pointer dereference in vorbis_deinit()
CVE-2023-45682: Wild address read in vorbis_decode_packet_rest()