Category Archives: Advisories

USN-7048-2: Vim vulnerability

Read Time:16 Second

USN-7048-1 fixed a vulnerability in Vim. This update provides the
corresponding update for Ubuntu 14.04 LTS.

Original advisory details:

Suyue Guo discovered that Vim incorrectly handled memory when flushing the
typeahead buffer, leading to heap-buffer-overflow. An attacker could
possibly use this issue to cause a denial of service.

Read More

USN-7070-1: libarchive vulnerabilities

Read Time:33 Second

It was discovered that libarchive mishandled certain memory checks,
which could result in a NULL pointer dereference. An attacker could
potentially use this issue to cause a denial of service. This issue
only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS,
Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-36227)

It was discovered that libarchive mishandled certain memory operations,
which could result in an out-of-bounds memory access. An attacker could
potentially use this issue to cause a denial of service. This issue only
affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS.
(CVE-2024-48957, CVE-2024-48958)

Read More

USN-7038-2: APR vulnerability

Read Time:18 Second

USN-7038-1 fixed a vulnerability in Apache Portable Runtime (APR) library.
This update provides the corresponding update for Ubuntu 14.04 LTS.

Original advisory details:

Thomas Stangner discovered a permission vulnerability in the Apache
Portable Runtime (APR) library. A local attacker could possibly use this
issue to read named shared memory segments, potentially exposing sensitive
application data.

Read More

Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution

Read Time:28 Second

Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Read More

USN-7069-1: Linux kernel vulnerabilities

Read Time:1 Minute, 0 Second

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– x86 architecture;
– Cryptographic API;
– CPU frequency scaling framework;
– HW tracing;
– ISDN/mISDN subsystem;
– Media drivers;
– Network drivers;
– NVME drivers;
– S/390 drivers;
– SCSI drivers;
– USB subsystem;
– VFIO drivers;
– Watchdog drivers;
– JFS file system;
– IRQ subsystem;
– Core kernel;
– Memory management;
– Amateur Radio drivers;
– IPv4 networking;
– IPv6 networking;
– IUCV driver;
– Network traffic control;
– TIPC protocol;
– XFRM subsystem;
– Integrity Measurement Architecture(IMA) framework;
– SoC Audio for Freescale CPUs drivers;
– USB sound devices;
(CVE-2024-36971, CVE-2024-42271, CVE-2024-38630, CVE-2024-38602,
CVE-2024-42223, CVE-2024-44940, CVE-2023-52528, CVE-2024-41097,
CVE-2024-27051, CVE-2024-42157, CVE-2024-46673, CVE-2024-39494,
CVE-2024-42089, CVE-2024-41073, CVE-2024-26810, CVE-2024-26960,
CVE-2024-38611, CVE-2024-31076, CVE-2024-26754, CVE-2023-52510,
CVE-2024-40941, CVE-2024-45016, CVE-2024-38627, CVE-2024-38621,
CVE-2024-39487, CVE-2024-27436, CVE-2024-40901, CVE-2024-26812,
CVE-2024-42244, CVE-2024-42229, CVE-2024-43858, CVE-2024-42280,
CVE-2024-26641, CVE-2024-42284, CVE-2024-26602)

Read More

python-fastapi-0.111.1-7.fc40 python-openapi-core-0.19.4-3.fc40 python-platformio-6.1.14-7.fc40 python-starlette-0.40.0-1.fc40

Read Time:28 Second

FEDORA-2024-f1615b58e6

Packages in this update:

python-fastapi-0.111.1-7.fc40
python-openapi-core-0.19.4-3.fc40
python-platformio-6.1.14-7.fc40
python-starlette-0.40.0-1.fc40

Update description:

Security fix for CVE-2024-47874.

Starlette 0.40.0 (October 15, 2024)

This release fixes a Denial of service (DoS) via multipart/form-data requests.

You can view the full security advisory:
GHSA-f96h-pmfr-66vw

Fixed

Add max_part_size to MultiPartParser to limit the size of parts in multipart/form-data
requests fd038f3.

Read More

python-fastapi-0.115.2-1.fc41 python-openapi-core-0.19.4-4.fc41 python-platformio-6.1.14-7.fc41 python-starlette-0.40.0-1.fc41

Read Time:36 Second

FEDORA-2024-05dedb1a53

Packages in this update:

python-fastapi-0.115.2-1.fc41
python-openapi-core-0.19.4-4.fc41
python-platformio-6.1.14-7.fc41
python-starlette-0.40.0-1.fc41

Update description:

Security fix for CVE-2024-47874.

Starlette 0.40.0 (October 15, 2024)

This release fixes a Denial of service (DoS) via multipart/form-data requests.

You can view the full security advisory:
GHSA-f96h-pmfr-66vw

Fixed

Add max_part_size to MultiPartParser to limit the size of parts in multipart/form-data
requests fd038f3.

FastAPI 0.115.2

https://github.com/fastapi/fastapi/releases/tag/0.115.2
https://github.com/fastapi/fastapi/releases/tag/0.115.1

Read More

python-openapi-core-0.19.4-4.fc42 python-platformio-6.1.16-2.fc42 python-starlette-0.40.0-1.fc42

Read Time:26 Second

FEDORA-2024-466c574575

Packages in this update:

python-openapi-core-0.19.4-4.fc42
python-platformio-6.1.16-2.fc42
python-starlette-0.40.0-1.fc42

Update description:

Security fix for CVE-2024-47874.

Starlette 0.40.0 (October 15, 2024)

This release fixes a Denial of service (DoS) via multipart/form-data requests.

You can view the full security advisory:
GHSA-f96h-pmfr-66vw

Fixed

Add max_part_size to MultiPartParser to limit the size of parts in multipart/form-data
requests fd038f3.

Read More