It was discovered that FRR incorrectly handled certain malformed BGP and
OSPF packets. A remote attacker could use this issue to cause FRR to crash,
resulting in a denial of service, or possibly execute arbitrary code.
Category Archives: Advisories
tomcat-9.0.89-1.fc39
FEDORA-2024-2bf73514cd
Packages in this update:
tomcat-9.0.89-1.fc39
Update description:
This update includes a rebase from 9.0.83 to 9.0.89.
#2269611 CVE-2024-24549 tomcat: CVE-2024-24549: Apache Tomcat: HTTP/2 header handling DoS
#2269612 CVE-2024-23672 tomcat: Apache Tomcat: WebSocket DoS with incomplete closing handshake
USN-6793-1: Git vulnerabilities
It was discovered that Git incorrectly handled certain submodules.
An attacker could possibly use this issue to execute arbitrary code.
This issue was fixed in Ubuntu 22.04 LTS, Ubuntu 23.10 and Ubuntu 24.04 LTS.
(CVE-2024-32002)
It was discovered that Git incorrectly handled certain cloned repositories.
An attacker could possibly use this issue to execute arbitrary code.
(CVE-2024-32004)
It was discovered that Git incorrectly handled local clones with hardlinked
files/directories. An attacker could possibly use this issue to place a
specialized repository on their target’s local system. (CVE-2024-32020)
It was discovered that Git incorrectly handled certain symlinks. An attacker
could possibly use this issue to impact availability and integrity
creating hardlinked arbitrary files into users repository’s objects/directory.
(CVE-2024-32021)
It was discovered that Git incorrectly handled certain cloned repositories.
An attacker could possibly use this issue to execute arbitrary code.
(CVE-2024-32465)
USN-6787-1: Jinja2 vulnerability
It was discovered that Jinja2 incorrectly handled certain HTML attributes
that were accepted by the xmlattr filter. An attacker could use this issue
to inject arbitrary HTML attribute keys and values to potentially execute
a cross-site scripting (XSS) attack.
USN-6791-1: Unbound vulnerability
It was discovered that Unbound could take part in a denial of service
amplification attack known as DNSBomb. This update introduces certain
resource limits to make the impact from Unbound significantly lower.
USN-6790-1: amavisd-new vulnerability
It was discovered that amavisd-new incorrectly handled certain MIME email
messages with multiple boundary parameters. A remote attacker could
possibly use this issue to bypass checks for banned files or malware.
USN-6789-1: LibreOffice vulnerability
Amel Bouziane-Leblond discovered that LibreOffice incorrectly handled
graphic on-click bindings. If a user were tricked into clicking a graphic
in a specially crafted document, a remote attacker could possibly run
arbitrary script.
USN-6788-1: WebKitGTK vulnerabilities
Several security issues were discovered in the WebKitGTK Web and JavaScript
engines. If a user were tricked into viewing a malicious website, a remote
attacker could exploit a variety of issues related to web browser security,
including cross-site scripting attacks, denial of service attacks, and
arbitrary code execution.
thunderbird-115.11.0-1.fc40
FEDORA-2024-7ade906120
Packages in this update:
thunderbird-115.11.0-1.fc40
Update description:
Update to 115.11.0
https://www.mozilla.org/en-US/security/advisories/mfsa2024-23/
https://www.thunderbird.net/en-US/thunderbird/115.11.0/releasenotes/
https://www.thunderbird.net/en-US/thunderbird/115.10.0/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2024-20/
USN-6786-1: Netatalk vulnerabilities
It was discovered that Netatalk did not properly protect an SMB and AFP
default configuration. A remote attacker could possibly use this issue to
execute arbitrary code.