USN-7059-1 fixed a vulnerability in OATH Toolkit library. This
update provides the corresponding update for Ubuntu 24.10.
Original advisory details:
Fabian Vogt discovered that OATH Toolkit incorrectly handled file
permissions. A remote attacker could possibly use this issue to
overwrite root owned files, leading to a privilege escalation attack.
(CVE-2024-47191)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– Watchdog drivers;
– Netfilter;
– Memory management;
– Network traffic control;
(CVE-2024-27397, CVE-2024-38630, CVE-2024-45016, CVE-2024-26960)
dotnet8.0-8.0.110-1.fc39
This is the October 2024 security release of .NET 8. The SDK version is 8.0.110 and the Runtime version is 8.0.10.
Release Notes:
SDK: https://github.com/dotnet/core/blob/main/release-notes/8.0/8.0.10/8.0.110.md
Runtime: https://github.com/dotnet/core/blob/main/release-notes/8.0/8.0.10/8.0.10.md
dotnet8.0-8.0.110-1.fc40
This is the October 2024 security release of .NET 8. The SDK version is 8.0.110 and the Runtime version is 8.0.10.
Release Notes:
SDK: https://github.com/dotnet/core/blob/main/release-notes/8.0/8.0.10/8.0.110.md
Runtime: https://github.com/dotnet/core/blob/main/release-notes/8.0/8.0.10/8.0.10.md
dotnet8.0-8.0.110-1.fc41
This is the October 2024 security release of .NET 8. The SDK version is 8.0.110 and the Runtime version is 8.0.10.
Release Notes:
SDK: https://github.com/dotnet/core/blob/main/release-notes/8.0/8.0.10/8.0.110.md
Runtime: https://github.com/dotnet/core/blob/main/release-notes/8.0/8.0.10/8.0.10.md
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– Microsoft Azure Network Adapter (MANA) driver;
– Network traffic control;
(CVE-2024-45016, CVE-2024-45001)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Cloud Edge. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 9.8. The following CVEs are assigned: CVE-2024-48904.
The vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric EcoStruxure Data Center Expert. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.2. The following CVEs are assigned: CVE-2024-8531.
The vulnerability allows remote attackers to disclose sensitive information on affected installations of Schneider Electric EcoStruxure Data Center Expert. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 5.9. The following CVEs are assigned: CVE-2024-8530.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric Zelio Soft 2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-8422.
