Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– Watchdog drivers;
– Netfilter;
– Network traffic control;
(CVE-2024-38630, CVE-2024-27397, CVE-2024-45016)
Category Archives: Advisories
USN-7071-1: Linux kernel vulnerability
A security issue was discovered in the Linux kernel.
An attacker could possibly use this to compromise the system.
This update corrects flaws in the following subsystems:
– Network traffic control;
(CVE-2024-45016)
Drupal core – Moderately critical – Improper error handling – SA-CORE-2024-002
Under certain uncommon site configurations, a bug in the CKEditor 5 module can cause some image uploads to move the entire webroot to a different location on the file system. This could be exploited by a malicious user to take down a site.
The issue is mitigated by the fact that several non-default site configurations must exist simultaneously for this to occur.
Install the latest version:
If you are using Drupal 10.2, update to Drupal 10.2.10.
Drupal 10.3 and above are not affected, nor is Drupal 7.
All versions of Drupal 10 prior to 10.2 are end-of-life and do not receive security coverage. (Drupal 8 and Drupal 9 have both reached end-of-life.)
This advisory is not covered by Drupal Steward.
Lee Rowlands of the Drupal Security Team
Benji Fisher of the Drupal Security Team
Kim Pepper
Wim Leers
xjm of the Drupal Security Team
Dave Long of the Drupal Security Team
Juraj Nemec of the Drupal Security Team
llvm-test-suite-18.1.8-3.fc40
FEDORA-2024-300397332b
Packages in this update:
llvm-test-suite-18.1.8-3.fc40
Update description:
Remove ClamAV subdirectory because of viruses in input files:
These were the findings:
MultiSource/Applications/ClamAV/inputs/rtf-test/rtf1.rtf: Eicar-Signature
MultiSource/Applications/ClamAV/inputs/clam.zip: Clamav.Test.File-6
MultiSource/Applications/ClamAV/inputs/rtf-test/docCLAMexe.rtf: Clamav.Test.File-6
MultiSource/Applications/ClamAV/inputs/rtf-test/Doc11.rtf: Clamav.Test.File-6
MultiSource/Applications/ClamAV/inputs/rtf-test/Doc1.rtf: Clamav.Test.File-6
MultiSource/Applications/ClamAV/inputs/clam.cab: Clamav.Test.File-6
MultiSource/Applications/ClamAV/inputs/rtf-test/Doc2.rtf: Clamav.Test.File-6
MultiSource/Applications/ClamAV/inputs/clam.exe.bz2: Clamav.Test.File-6
MultiSource/Applications/ClamAV/inputs/rtf-test/doc3.rtf: Clamav.Test.File-6
MultiSource/Applications/ClamAV/inputs/clam.exe: Clamav.Test.File-6
MultiSource/Applications/ClamAV/inputs/rtf-test/Doc22.rtf: Clamav.Test.File-6
Remove broken links in source tarball
Before it wasn’t possible to pass -DTEST_SUITE_SUBDIRS=CTMark to cmake
when configuring the llvm-test-suite:
— Adding directory CTMark
CMake Error at CTMark/CMakeLists.txt:1 (add_subdirectory):
add_subdirectory given source “7zip” which is not an existing directory.
CMake Error at CTMark/CMakeLists.txt:5 (add_subdirectory):
add_subdirectory given source “lencod” which is not an existing directory.
The llvm-test-suite command script pkg_test_suite.sh removes
directories with BAD or unreviewed licenses. Currently this leaves at
least two directories in a broken state:
/usr/share/llvm-test-suite/CTMark/7zip -> ../MultiSource/Benchmarks/7zip
/usr/share/llvm-test-suite/CTMark/lencod -> ../MultiSource/Applications/JM/lencod
In both cases the link target is non-existent.
Therefore I find any broken symbolic links, remove them and adapt the
CMakeLists.txt to not have the add_subdirectory(broken_link) entry in
it. Here’s an excerpt of what the pkg_test_suite.sh script shows when
running as a proof of the work it does now.
++ find test-suite-19.1.0.src -type l ‘!’ -exec test -e ‘{}’ ‘;’ -print
+ broken_symlinks=’test-suite-19.1.0.src/CTMark/7zip
test-suite-19.1.0.src/CTMark/lencod’
+ for f in $broken_symlinks
+ test -L test-suite-19.1.0.src/CTMark/7zip
+ rm -fv test-suite-19.1.0.src/CTMark/7zip
removed ‘test-suite-19.1.0.src/CTMark/7zip’
++ dirname test-suite-19.1.0.src/CTMark/7zip
+ basedir=test-suite-19.1.0.src/CTMark
++ basename test-suite-19.1.0.src/CTMark/7zip
+ dir=7zip
+ cmake_file=test-suite-19.1.0.src/CTMark/CMakeLists.txt
+ test -f test-suite-19.1.0.src/CTMark/CMakeLists.txt
+ sed -i ‘s/add_subdirectory(7zip)//g’ test-suite-19.1.0.src/CTMark/CMakeLists.txt
+ for f in $broken_symlinks
+ test -L test-suite-19.1.0.src/CTMark/lencod
+ rm -fv test-suite-19.1.0.src/CTMark/lencod
removed ‘test-suite-19.1.0.src/CTMark/lencod’
++ dirname test-suite-19.1.0.src/CTMark/lencod
+ basedir=test-suite-19.1.0.src/CTMark
++ basename test-suite-19.1.0.src/CTMark/lencod
+ dir=lencod
+ cmake_file=test-suite-19.1.0.src/CTMark/CMakeLists.txt
+ test -f test-suite-19.1.0.src/CTMark/CMakeLists.txt
+ sed -i ‘s/add_subdirectory(lencod)//g’ test-suite-19.1.0.src/CTMark/CMakeLists.txt
llvm-test-suite-19.1.0-4.fc41
FEDORA-2024-6d9aba8c3c
Packages in this update:
llvm-test-suite-19.1.0-4.fc41
Update description:
Remove ClamAV subdirectory because of viruses in input files:
These were the findings:
MultiSource/Applications/ClamAV/inputs/rtf-test/rtf1.rtf: Eicar-Signature
MultiSource/Applications/ClamAV/inputs/clam.zip: Clamav.Test.File-6
MultiSource/Applications/ClamAV/inputs/rtf-test/docCLAMexe.rtf: Clamav.Test.File-6
MultiSource/Applications/ClamAV/inputs/rtf-test/Doc11.rtf: Clamav.Test.File-6
MultiSource/Applications/ClamAV/inputs/rtf-test/Doc1.rtf: Clamav.Test.File-6
MultiSource/Applications/ClamAV/inputs/clam.cab: Clamav.Test.File-6
MultiSource/Applications/ClamAV/inputs/rtf-test/Doc2.rtf: Clamav.Test.File-6
MultiSource/Applications/ClamAV/inputs/clam.exe.bz2: Clamav.Test.File-6
MultiSource/Applications/ClamAV/inputs/rtf-test/doc3.rtf: Clamav.Test.File-6
MultiSource/Applications/ClamAV/inputs/clam.exe: Clamav.Test.File-6
MultiSource/Applications/ClamAV/inputs/rtf-test/Doc22.rtf: Clamav.Test.File-6
Remove broken links in source tarball
Before it wasn’t possible to pass -DTEST_SUITE_SUBDIRS=CTMark to cmake
when configuring the llvm-test-suite:
— Adding directory CTMark
CMake Error at CTMark/CMakeLists.txt:1 (add_subdirectory):
add_subdirectory given source “7zip” which is not an existing directory.
CMake Error at CTMark/CMakeLists.txt:5 (add_subdirectory):
add_subdirectory given source “lencod” which is not an existing directory.
The llvm-test-suite command script pkg_test_suite.sh removes
directories with BAD or unreviewed licenses. Currently this leaves at
least two directories in a broken state:
/usr/share/llvm-test-suite/CTMark/7zip -> ../MultiSource/Benchmarks/7zip
/usr/share/llvm-test-suite/CTMark/lencod -> ../MultiSource/Applications/JM/lencod
In both cases the link target is non-existent.
Therefore I find any broken symbolic links, remove them and adapt the
CMakeLists.txt to not have the add_subdirectory(broken_link) entry in
it. Here’s an excerpt of what the pkg_test_suite.sh script shows when
running as a proof of the work it does now.
++ find test-suite-19.1.0.src -type l ‘!’ -exec test -e ‘{}’ ‘;’ -print
+ broken_symlinks=’test-suite-19.1.0.src/CTMark/7zip
test-suite-19.1.0.src/CTMark/lencod’
+ for f in $broken_symlinks
+ test -L test-suite-19.1.0.src/CTMark/7zip
+ rm -fv test-suite-19.1.0.src/CTMark/7zip
removed ‘test-suite-19.1.0.src/CTMark/7zip’
++ dirname test-suite-19.1.0.src/CTMark/7zip
+ basedir=test-suite-19.1.0.src/CTMark
++ basename test-suite-19.1.0.src/CTMark/7zip
+ dir=7zip
+ cmake_file=test-suite-19.1.0.src/CTMark/CMakeLists.txt
+ test -f test-suite-19.1.0.src/CTMark/CMakeLists.txt
+ sed -i ‘s/add_subdirectory(7zip)//g’ test-suite-19.1.0.src/CTMark/CMakeLists.txt
+ for f in $broken_symlinks
+ test -L test-suite-19.1.0.src/CTMark/lencod
+ rm -fv test-suite-19.1.0.src/CTMark/lencod
removed ‘test-suite-19.1.0.src/CTMark/lencod’
++ dirname test-suite-19.1.0.src/CTMark/lencod
+ basedir=test-suite-19.1.0.src/CTMark
++ basename test-suite-19.1.0.src/CTMark/lencod
+ dir=lencod
+ cmake_file=test-suite-19.1.0.src/CTMark/CMakeLists.txt
+ test -f test-suite-19.1.0.src/CTMark/CMakeLists.txt
+ sed -i ‘s/add_subdirectory(lencod)//g’ test-suite-19.1.0.src/CTMark/CMakeLists.txt
libarchive-3.7.2-7.fc40
FEDORA-2024-80e4603b92
Packages in this update:
libarchive-3.7.2-7.fc40
Update description:
Fix for CVE-2024-48957
Automatic update for libarchive-3.7.2-6.fc40.
USN-7048-2: Vim vulnerability
USN-7048-1 fixed a vulnerability in Vim. This update provides the
corresponding update for Ubuntu 14.04 LTS.
Original advisory details:
Suyue Guo discovered that Vim incorrectly handled memory when flushing the
typeahead buffer, leading to heap-buffer-overflow. An attacker could
possibly use this issue to cause a denial of service.
USN-7070-1: libarchive vulnerabilities
It was discovered that libarchive mishandled certain memory checks,
which could result in a NULL pointer dereference. An attacker could
potentially use this issue to cause a denial of service. This issue
only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS,
Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-36227)
It was discovered that libarchive mishandled certain memory operations,
which could result in an out-of-bounds memory access. An attacker could
potentially use this issue to cause a denial of service. This issue only
affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS.
(CVE-2024-48957, CVE-2024-48958)
USN-7038-2: APR vulnerability
USN-7038-1 fixed a vulnerability in Apache Portable Runtime (APR) library.
This update provides the corresponding update for Ubuntu 14.04 LTS.
Original advisory details:
Thomas Stangner discovered a permission vulnerability in the Apache
Portable Runtime (APR) library. A local attacker could possibly use this
issue to read named shared memory segments, potentially exposing sensitive
application data.
Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution
Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.