Category Archives: Advisories

strongswan-5.9.14-1.fc41

Read Time:28 Second

FEDORA-2024-dc9e695c3a

Packages in this update:

strongswan-5.9.14-1.fc41

Update description:

Automatic update for strongswan-5.9.14-1.fc41.

Changelog

* Fri May 31 2024 Paul Wouters <paul.wouters@aiven.io> – 5.9.14-1
– Resolves: rhbz#2254560 CVE-2023-41913 buffer overflow and possible RCE
– Resolved: rhbz#2250666 Update to 5.9.14 (IKEv2 OCSP extensions, seqno/regno overflow handling
– Update to 5.9.13 (OCSP nonce set regression configuration option charon.ocsp_nonce_len)
– Update to 5.9.12 (CVE-2023-41913 fix, various IKEv2 fixes)

Read More

chromium-125.0.6422.141-1.fc40

Read Time:28 Second

FEDORA-2024-bb52629e6c

Packages in this update:

chromium-125.0.6422.141-1.fc40

Update description:

update to 125.0.6422.141

High CVE-2024-5493: Heap buffer overflow in WebRTC
High CVE-2024-5494: Use after free in Dawn
High CVE-2024-5495: Use after free in Dawn
High CVE-2024-5496: Use after free in Media Session
High CVE-2024-5497: Out of bounds memory access in Keyboard Inputs
High CVE-2024-5498: Use after free in Presentation API
High CVE-2024-5499: Out of bounds write in Streams API

Read More

chromium-125.0.6422.141-1.fc39

Read Time:28 Second

FEDORA-2024-4e0ea1c22e

Packages in this update:

chromium-125.0.6422.141-1.fc39

Update description:

update to 125.0.6422.141

High CVE-2024-5493: Heap buffer overflow in WebRTC
High CVE-2024-5494: Use after free in Dawn
High CVE-2024-5495: Use after free in Dawn
High CVE-2024-5496: Use after free in Media Session
High CVE-2024-5497: Out of bounds memory access in Keyboard Inputs
High CVE-2024-5498: Use after free in Presentation API
High CVE-2024-5499: Out of bounds write in Streams API

Read More

A Vulnerability in Check Point Security Gateways Could Allow for Credential Access

Read Time:37 Second

A vulnerability has been discovered in Check Point Security Gateway Products that could allow for credential access. A Check Point Security Gateway sits between an organization’s environment and the Internet to enforce policy and block threats and malware. Successful exploitation of this vulnerability could allow for credential access to local accounts due to an arbitrary file read vulnerability. Other sensitive files such as SSH keys and certificates may also be read. Depending on the privileges associated with the accounts, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Local accounts that are configured to have fewer rights on the system could be less impacted than those that operate with administrative rights.

Read More

USN-6804-1: GNU C Library vulnerabilities

Read Time:46 Second

It was discovered that GNU C Library nscd daemon contained a stack-based buffer
overflow. A local attacker could use this to cause a denial of service
(system crash). (CVE-2024-33599)

It was discovered that GNU C Library nscd daemon did not properly check the
cache content, leading to a null pointer dereference vulnerability. A local
attacker could use this to cause a denial of service (system crash).
(CVE-2024-33600)

It was discovered that GNU C Library nscd daemon did not properly validate
memory allocation in certain situations, leading to a null pointer dereference
vulnerability. A local attacker could use this to cause a denial of service
(system crash). (CVE-2024-33601)

It was discovered that GNU C Library nscd daemon did not properly handle memory
allocation, which could lead to memory corruption. A local attacker could use
this to cause a denial of service (system crash). (CVE-2024-33602)

Read More

ZDI-24-529: (Pwn2Own) VMware Workstation UrbBuf_getDataBuf Uninitialized Variable Information Disclosure Vulnerability

Read Time:17 Second

This vulnerability allows local attackers to disclose sensitive information on affected installations of VMware Workstation. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.0. The following CVEs are assigned: CVE-2024-22269.

Read More