Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux
kernel contained a race condition during device removal, leading to a use-
after-free vulnerability. A physically proximate attacker could possibly
use this to cause a denial of service (system crash). (CVE-2023-47233)

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– Block layer subsystem;
– Userspace I/O drivers;
– Ceph distributed file system;
– Ext4 file system;
– JFS file system;
– NILFS2 file system;
– Bluetooth subsystem;
– Networking core;
– IPv4 networking;
– IPv6 networking;
– Logical Link layer;
– MAC80211 subsystem;
– Netlink;
– NFC subsystem;
– Tomoyo security module;
(CVE-2023-52524, CVE-2023-52530, CVE-2023-52601, CVE-2023-52439,
CVE-2024-26635, CVE-2023-52602, CVE-2024-26614, CVE-2024-26704,
CVE-2023-52604, CVE-2023-52566, CVE-2021-46981, CVE-2024-26622,
CVE-2024-26735, CVE-2024-26805, CVE-2024-26801, CVE-2023-52583)

Read More

FEDORA-2024-7e4f058c2f

Packages in this update:

mingw-python-requests-2.32.0-1.fc39

Update description:

Update to requests-2.32.0, fixes CVE-2024-35195.

Read More

FEDORA-2024-efc4802051

Packages in this update:

mingw-python-requests-2.32.0-1.fc40

Update description:

Update to requests-2.32.0, fixes CVE-2024-35195.

Read More

FEDORA-2024-ee636be6ff

Packages in this update:

oci-cli-3.41.0-1.fc41
python-oci-2.126.4-1.fc41

Update description:

oci-cli 3.41.0

Read More

Guido Vranken discovered that idna did not properly manage certain inputs,
which could lead to significant resource consumption. An attacker could
possibly use this issue to cause a denial of service.

Read More

FEDORA-2024-7989718224

Packages in this update:

libreoffice-7.6.7.2-1.fc39

Update description:

7.6.7.2

Read More

Le Dinh Hai discovered that Spreadsheet::ParseExcel was passing unvalidated
input from a file into a string-type “eval”. An attacker could craft a
malicious file to achieve arbitrary code execution.

Read More

FEDORA-2024-b4b4426a4f

Packages in this update:

firefox-126.0-7.fc38

Update description:

Fixed DBus service to not run without Gnome search requests

new upstream update (126.0)

New upstream version (125.0.3)

Latest upstream release.

Read More

Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code. (CVE-2024-4767,
CVE-2024-4768, CVE-2024-4769, CVE-2024-4771, CVE-2024-4772, CVE-2024-4773,
CVE-2024-4774, CVE-2024-4775, CVE-2024-4776, CVE-2024-4777, CVE-2024-4778)

Jan-Ivar Bruaroey discovered that Firefox did not properly manage memory
when audio input connected with multiple consumers. An attacker could
potentially exploit this issue to cause a denial of service, or execute
arbitrary code. (CVE-2024-4764)

Thomas Rinsma discovered that Firefox did not properly handle type check
when handling fonts in PDF.js. An attacker could potentially exploit this
issue to execute arbitrary javascript code in PDF.js. (CVE-2024-4367)

Irvan Kurniawan discovered that Firefox did not properly handle certain
font styles when saving a page to PDF. An attacker could potentially
exploit this issue to cause a denial of service. (CVE-2024-4770)

Read More

Posted by Asterisk Development Team via Fulldisclosure on May 20

The Asterisk Development Team would like to announce security release
Asterisk 20.8.1.

The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/20.8.1
and
https://downloads.asterisk.org/pub/telephony/asterisk

Repository: https://github.com/asterisk/asterisk
Tag: 20.8.1

## Change Log for Release asterisk-20.8.1

### Links:

– [Full ChangeLog](…

Read More