Read Time:10 Second
FEDORA-2024-cd1f01e5d9
Packages in this update:
wireshark-4.2.5-1.fc40
Update description:
New version 4.2.5. Includes fixes for CVE-2024-4853, CVE-2024-4854, CVE-2024-4855.
Category Archives: Advisories
roundcubemail-1.5.7-1.el9
Read Time:26 Second
FEDORA-EPEL-2024-1f1aef9c1c
Packages in this update:
roundcubemail-1.5.7-1.el9
Update description:
Release 1.5.7
Enigma: Fix finding of a private key when decrypting a message using GnuPG v2.3
Fix TinyMCE localization installation (#9266)
Makefile: Use phpDocumentor v3.4 for the Framework docs (#9313)
Fix command injection via crafted im_convert_path/im_identify_path on Windows
Fix cross-site scripting (XSS) vulnerability in handling list columns from user preferences
Fix cross-site scripting (XSS) vulnerability in handling SVG animate attributes
roundcubemail-1.6.7-1.fc39
Read Time:34 Second
FEDORA-2024-a591b4dc74
Packages in this update:
roundcubemail-1.6.7-1.fc39
Update description:
Release 1.6.7
Makefile: Use phpDocumentor v3.4 for the Framework docs (#9313)
Fix bug where HTML entities in URLs were not decoded on HTML to plain text conversion (#9312)
Fix bug in collapsing/expanding folders with some special characters in names (#9324)
Fix PHP8 warnings (#9363, #9365, #9429)
Fix missing field labels in CSV import, for some locales (#9393)
Fix command injection via crafted im_convert_path/im_identify_path on Windows
Fix cross-site scripting (XSS) vulnerability in handling list columns from user preferences
Fix cross-site scripting (XSS) vulnerability in handling SVG animate attributes
roundcubemail-1.6.7-1.fc40
Read Time:34 Second
FEDORA-2024-680b8ba54e
Packages in this update:
roundcubemail-1.6.7-1.fc40
Update description:
Release 1.6.7
Makefile: Use phpDocumentor v3.4 for the Framework docs (#9313)
Fix bug where HTML entities in URLs were not decoded on HTML to plain text conversion (#9312)
Fix bug in collapsing/expanding folders with some special characters in names (#9324)
Fix PHP8 warnings (#9363, #9365, #9429)
Fix missing field labels in CSV import, for some locales (#9393)
Fix command injection via crafted im_convert_path/im_identify_path on Windows
Fix cross-site scripting (XSS) vulnerability in handling list columns from user preferences
Fix cross-site scripting (XSS) vulnerability in handling SVG animate attributes
cacti-1.2.27-1.el9 cacti-spine-1.2.27-1.el9
Read Time:21 Second
FEDORA-EPEL-2024-17176c2215
Packages in this update:
cacti-1.2.27-1.el9
cacti-spine-1.2.27-1.el9
Update description:
Update cacti and cacti-spine to version 1.2.27. This includes the upstream fixes for many CVEs, including a critical remote code execution bug.
https://github.com/Cacti/cacti/blob/release/1.2.27/CHANGELOG
https://github.com/Cacti/spine/blob/release/1.2.27/CHANGELOG
cacti-1.2.27-1.el7 cacti-spine-1.2.27-1.el7
Read Time:21 Second
FEDORA-EPEL-2024-d0445178a9
Packages in this update:
cacti-1.2.27-1.el7
cacti-spine-1.2.27-1.el7
Update description:
Update cacti and cacti-spine to version 1.2.27. This includes the upstream fixes for many CVEs, including a critical remote code execution bug.
https://github.com/Cacti/cacti/blob/release/1.2.27/CHANGELOG
https://github.com/Cacti/spine/blob/release/1.2.27/CHANGELOG
cacti-1.2.27-1.el8 cacti-spine-1.2.27-1.el8
Read Time:21 Second
FEDORA-EPEL-2024-4ea9ddc0f7
Packages in this update:
cacti-1.2.27-1.el8
cacti-spine-1.2.27-1.el8
Update description:
Update cacti and cacti-spine to version 1.2.27. This includes the upstream fixes for many CVEs, including a critical remote code execution bug.
https://github.com/Cacti/cacti/blob/release/1.2.27/CHANGELOG
https://github.com/Cacti/spine/blob/release/1.2.27/CHANGELOG
USN-6782-1: Thunderbird vulnerabilities
Read Time:39 Second
Multiple security issues were discovered in Thunderbird. If a user were
tricked into opening a specially crafted website in a browsing context, an
attacker could potentially exploit these to cause a denial of service,
obtain sensitive information, bypass security restrictions, cross-site
tracing, or execute arbitrary code. (CVE-2024-4767, CVE-2024-4768,
CVE-2024-4769, CVE-2024-4777)
Thomas Rinsma discovered that Thunderbird did not properly handle type check
when handling fonts in PDF.js. An attacker could potentially exploit this
issue to execute arbitrary javascript code in PDF.js. (CVE-2024-4367)
Irvan Kurniawan discovered that Thunderbird did not properly handle certain
font styles when saving a page to PDF. An attacker could potentially
exploit this issue to cause a denial of service. (CVE-2024-4770)
cacti-1.2.27-1.fc39 cacti-spine-1.2.27-1.fc39
Read Time:21 Second
FEDORA-2024-27a594f71d
Packages in this update:
cacti-1.2.27-1.fc39
cacti-spine-1.2.27-1.fc39
Update description:
Update cacti and cacti-spine to version 1.2.27. This includes the upstream fixes for many CVEs, including a critical remote code execution bug.
https://github.com/Cacti/cacti/blob/release/1.2.27/CHANGELOG
https://github.com/Cacti/spine/blob/release/1.2.27/CHANGELOG
ZDI-24-491: WithSecure Elements Endpoint Protection Link Following Local Privilege Escalation Vulnerability
Read Time:15 Second
This vulnerability allows local attackers to escalate privileges on affected installations of WithSecure Elements Endpoint Protection. User interaction on the part of an administrator is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.3. The following CVEs are assigned: CVE-2024-4454.