Read Time:7 Second
FEDORA-2024-08e01e9f2f
Packages in this update:
libxml2-2.12.7-1.fc40
Update description:
Update to 2.12.7
Fix CVE-2024-34459.
Category Archives: Advisories
perl-Email-MIME-1.954-1.fc40
Read Time:20 Second
FEDORA-2024-032e16360b
Packages in this update:
perl-Email-MIME-1.954-1.fc40
Update description:
This update, to the latest upstream release, addresses an excessive memory use issue (CVE-2024-4140), which can cause denial of service when parsing multi-part MIME messages; the fix is the new $MAX_PARTS configuration, which limits how many parts will be considered for parsing, defaulting to 100.
perl-Email-MIME-1.954-1.el9
Read Time:20 Second
FEDORA-EPEL-2024-862672cc3e
Packages in this update:
perl-Email-MIME-1.954-1.el9
Update description:
This update, to the latest upstream release, addresses an excessive memory use issue (CVE-2024-4140), which can cause denial of service when parsing multi-part MIME messages; the fix is the new $MAX_PARTS configuration, which limits how many parts will be considered for parsing, defaulting to 100.
perl-Email-MIME-1.954-1.fc39
Read Time:20 Second
FEDORA-2024-38fb541a75
Packages in this update:
perl-Email-MIME-1.954-1.fc39
Update description:
This update, to the latest upstream release, addresses an excessive memory use issue (CVE-2024-4140), which can cause denial of service when parsing multi-part MIME messages; the fix is the new $MAX_PARTS configuration, which limits how many parts will be considered for parsing, defaulting to 100.
perl-Email-MIME-1.954-1.el8
Read Time:20 Second
FEDORA-EPEL-2024-d3360e8898
Packages in this update:
perl-Email-MIME-1.954-1.el8
Update description:
This update, to the latest upstream release, addresses an excessive memory use issue (CVE-2024-4140), which can cause denial of service when parsing multi-part MIME messages; the fix is the new $MAX_PARTS configuration, which limits how many parts will be considered for parsing, defaulting to 100.
A Vulnerability in SolarWinds Access Rights Manager Could Allow for Privilege Escalation
Read Time:27 Second
A vulnerability has been discovered in SolarWinds Access Rights Manager that could allow for privilege escalation. Successful exploitation of this vulnerability could allow for privilege escalation in the context of the affected service account. Depending on the privileges associated with the service account, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Service accounts whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution
Read Time:28 Second
Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
USN-6766-2: Linux kernel vulnerabilities
Read Time:2 Minute, 44 Second
It was discovered that the Open vSwitch implementation in the Linux kernel
could overflow its stack during recursive action operations under certain
conditions. A local attacker could use this to cause a denial of service
(system crash). (CVE-2024-1151)
Sander Wiebing, Alvise de Faveri Tron, Herbert Bos, and Cristiano Giuffrida
discovered that the Linux kernel mitigations for the initial Branch History
Injection vulnerability (CVE-2022-0001) were insufficient for Intel
processors. A local attacker could potentially use this to expose sensitive
information. (CVE-2024-2201)
Chenyuan Yang discovered that the RDS Protocol implementation in the Linux
kernel contained an out-of-bounds read vulnerability. An attacker could use
this to possibly cause a denial of service (system crash). (CVE-2024-23849)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– PowerPC architecture;
– S390 architecture;
– Core kernel;
– Block layer subsystem;
– Android drivers;
– Power management core;
– Bus devices;
– Hardware random number generator core;
– Cryptographic API;
– Device frequency;
– DMA engine subsystem;
– ARM SCMI message protocol;
– GPU drivers;
– HID subsystem;
– Hardware monitoring drivers;
– I2C subsystem;
– IIO ADC drivers;
– IIO subsystem;
– IIO Magnetometer sensors drivers;
– InfiniBand drivers;
– Media drivers;
– Network drivers;
– PCI driver for MicroSemi Switchtec;
– PHY drivers;
– SCSI drivers;
– DesignWare USB3 driver;
– BTRFS file system;
– Ceph distributed file system;
– Ext4 file system;
– F2FS file system;
– JFS file system;
– NILFS2 file system;
– NTFS3 file system;
– Pstore file system;
– SMB network file system;
– Memory management;
– CAN network layer;
– Networking core;
– HSR network protocol;
– IPv4 networking;
– IPv6 networking;
– Logical Link layer;
– Multipath TCP;
– Netfilter;
– NFC subsystem;
– SMC sockets;
– Sun RPC protocol;
– TIPC protocol;
– Unix domain sockets;
– Realtek audio codecs;
(CVE-2023-52594, CVE-2023-52601, CVE-2024-26826, CVE-2023-52622,
CVE-2024-26665, CVE-2023-52493, CVE-2023-52633, CVE-2024-26684,
CVE-2024-26663, CVE-2023-52618, CVE-2023-52588, CVE-2023-52637,
CVE-2024-26825, CVE-2023-52606, CVE-2024-26594, CVE-2024-26625,
CVE-2024-26720, CVE-2024-26614, CVE-2023-52627, CVE-2023-52602,
CVE-2024-26673, CVE-2024-26685, CVE-2023-52638, CVE-2023-52498,
CVE-2023-52619, CVE-2024-26910, CVE-2024-26689, CVE-2023-52583,
CVE-2024-26676, CVE-2024-26671, CVE-2024-26704, CVE-2024-26608,
CVE-2024-26610, CVE-2024-26592, CVE-2023-52599, CVE-2023-52595,
CVE-2024-26660, CVE-2023-52617, CVE-2024-26645, CVE-2023-52486,
CVE-2023-52631, CVE-2023-52607, CVE-2023-52608, CVE-2024-26722,
CVE-2024-26615, CVE-2023-52615, CVE-2024-26636, CVE-2023-52642,
CVE-2023-52587, CVE-2024-26712, CVE-2024-26675, CVE-2023-52614,
CVE-2024-26606, CVE-2024-26916, CVE-2024-26600, CVE-2024-26679,
CVE-2024-26829, CVE-2024-26641, CVE-2023-52623, CVE-2024-26627,
CVE-2024-26696, CVE-2024-26640, CVE-2024-26635, CVE-2023-52491,
CVE-2024-26664, CVE-2024-26602, CVE-2023-52604, CVE-2024-26717,
CVE-2023-52643, CVE-2024-26593, CVE-2023-52598, CVE-2024-26668,
CVE-2023-52435, CVE-2023-52597, CVE-2024-26715, CVE-2024-26707,
CVE-2023-52635, CVE-2024-26695, CVE-2024-26698, CVE-2023-52494,
CVE-2024-26920, CVE-2024-26808, CVE-2023-52616, CVE-2023-52492,
CVE-2024-26702, CVE-2024-26644, CVE-2023-52489, CVE-2024-26697)
git-2.45.1-1.fc39
Read Time:6 Second
FEDORA-2024-4c06645f07
Packages in this update:
git-2.45.1-1.fc39
Update description:
update to 2.45.1
git-2.45.1-1.fc40
Read Time:6 Second
FEDORA-2024-ecba8476e2
Packages in this update:
git-2.45.1-1.fc40
Update description:
update to 2.45.1