FEDORA-2024-7989718224

Packages in this update:

libreoffice-7.6.7.2-1.fc39

Update description:

7.6.7.2

Read More

Le Dinh Hai discovered that Spreadsheet::ParseExcel was passing unvalidated
input from a file into a string-type “eval”. An attacker could craft a
malicious file to achieve arbitrary code execution.

Read More

FEDORA-2024-b4b4426a4f

Packages in this update:

firefox-126.0-7.fc38

Update description:

Fixed DBus service to not run without Gnome search requests

new upstream update (126.0)

New upstream version (125.0.3)

Latest upstream release.

Read More

Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code. (CVE-2024-4767,
CVE-2024-4768, CVE-2024-4769, CVE-2024-4771, CVE-2024-4772, CVE-2024-4773,
CVE-2024-4774, CVE-2024-4775, CVE-2024-4776, CVE-2024-4777, CVE-2024-4778)

Jan-Ivar Bruaroey discovered that Firefox did not properly manage memory
when audio input connected with multiple consumers. An attacker could
potentially exploit this issue to cause a denial of service, or execute
arbitrary code. (CVE-2024-4764)

Thomas Rinsma discovered that Firefox did not properly handle type check
when handling fonts in PDF.js. An attacker could potentially exploit this
issue to execute arbitrary javascript code in PDF.js. (CVE-2024-4367)

Irvan Kurniawan discovered that Firefox did not properly handle certain
font styles when saving a page to PDF. An attacker could potentially
exploit this issue to cause a denial of service. (CVE-2024-4770)

Read More

Posted by Asterisk Development Team via Fulldisclosure on May 20

The Asterisk Development Team would like to announce security release
Asterisk 20.8.1.

The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/20.8.1
and
https://downloads.asterisk.org/pub/telephony/asterisk

Repository: https://github.com/asterisk/asterisk
Tag: 20.8.1

## Change Log for Release asterisk-20.8.1

### Links:

– [Full ChangeLog](…

Read More

Posted by Asterisk Development Team via Fulldisclosure on May 20

The Asterisk Development Team would like to announce security release
Asterisk 21.3.1.

The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/21.3.1
and
https://downloads.asterisk.org/pub/telephony/asterisk

Repository: https://github.com/asterisk/asterisk
Tag: 21.3.1

## Change Log for Release asterisk-21.3.1

### Links:

– [Full ChangeLog](…

Read More

Posted by Asterisk Development Team via Fulldisclosure on May 20

The Asterisk Development Team would like to announce security release
Asterisk 18.23.1.

The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/18.23.1
and
https://downloads.asterisk.org/pub/telephony/asterisk

Repository: https://github.com/asterisk/asterisk
Tag: 18.23.1

## Change Log for Release asterisk-18.23.1

### Links:

– [Full ChangeLog](…

Read More

Posted by Andrea Intilangelo on May 20

CVE-2024-34058: Nethserver 7 & 8 stored cross-site scripting (XSS) in WebTop package

Use CVE-2024-34058.

Additional info:

NethServer is an Open Source operating system for the Linux enthusiast, designed for small offices and medium
enterprises. From their website: “It’s simple, secure and flexible” and “ready to deliver your messages, to protect
your network with the built-in firewall, share your files and much more,…

Read More

FEDORA-EPEL-2024-07403ba3a8

Packages in this update:

chromium-125.0.6422.60-3.el7

Update description:

update to 125.0.6422.60

High CVE-2024-4947: Type Confusion in V8
High CVE-2024-4948: Use after free in Dawn
Medium CVE-2024-4949: Use after free in V8
Low CVE-2024-4950: Inappropriate implementation in Downloads

Read More

Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux
kernel contained a race condition during device removal, leading to a use-
after-free vulnerability. A physically proximate attacker could possibly
use this to cause a denial of service (system crash). (CVE-2023-47233)

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– Block layer subsystem;
– Userspace I/O drivers;
– Ceph distributed file system;
– Ext4 file system;
– JFS file system;
– NILFS2 file system;
– Bluetooth subsystem;
– Networking core;
– IPv4 networking;
– IPv6 networking;
– Logical Link layer;
– MAC80211 subsystem;
– Netlink;
– NFC subsystem;
– Tomoyo security module;
(CVE-2023-52524, CVE-2023-52530, CVE-2023-52601, CVE-2023-52439,
CVE-2024-26635, CVE-2023-52602, CVE-2024-26614, CVE-2024-26704,
CVE-2023-52604, CVE-2023-52566, CVE-2021-46981, CVE-2024-26622,
CVE-2024-26735, CVE-2024-26805, CVE-2024-26801, CVE-2023-52583)

Read More