Category Archives: Advisories

webkitgtk-2.44.2-1.fc40

Read Time:34 Second

FEDORA-2024-1f37da80ec

Packages in this update:

webkitgtk-2.44.2-1.fc40

Update description:

Make gamepads visible on axis movements, and not only on button presses.
Disable the gst-libav AAC decoder.
Make user scripts and style sheets visible in the Web Inspector.
Use the geolocation portal where available, with the existing geoclue as fallback if the portal is not usable.
Use the printing portal when running sandboxed.
Use the file transfer portal for drag and drop when running sandboxed.
Avoid notifying an empty cursor rectangle to input methods.
Remove empty bar shown in detached inspector windows.
Consider keycode when activating application accelerators.
Fix several crashes and rendering issues.
Fix CVE-2024-27834

Read More

webkitgtk-2.44.2-1.fc39

Read Time:34 Second

FEDORA-2024-3b912f1f3e

Packages in this update:

webkitgtk-2.44.2-1.fc39

Update description:

Make gamepads visible on axis movements, and not only on button presses.
Disable the gst-libav AAC decoder.
Make user scripts and style sheets visible in the Web Inspector.
Use the geolocation portal where available, with the existing geoclue as fallback if the portal is not usable.
Use the printing portal when running sandboxed.
Use the file transfer portal for drag and drop when running sandboxed.
Avoid notifying an empty cursor rectangle to input methods.
Remove empty bar shown in detached inspector windows.
Consider keycode when activating application accelerators.
Fix several crashes and rendering issues.
Fix CVE-2024-27834

Read More

chromium-125.0.6422.60-1.el8

Read Time:37 Second

FEDORA-EPEL-2024-1fb3cec2e0

Packages in this update:

chromium-125.0.6422.60-1.el8

Update description:

update to 125.0.6422.60

High CVE-2024-4947: Type Confusion in V8
High CVE-2024-4948: Use after free in Dawn
Medium CVE-2024-4949: Use after free in V8
Low CVE-2024-4950: Inappropriate implementation in Downloads

update to 124.0.6367.201

* High CVE-2024-4671: Use after free in Visuals

update to 124.0.6367.155

High CVE-2024-4558: Use after free in ANGLE
High CVE-2024-4559: Heap buffer overflow in WebAudio

update to 124.0.6367.118

High CVE-2024-4331: Use after free in Picture In Picture
High CVE-2024-4368: Use after free in Dawn

Read More

chromium-125.0.6422.60-1.el9

Read Time:1 Minute, 38 Second

FEDORA-EPEL-2024-38d250bafc

Packages in this update:

chromium-125.0.6422.60-1.el9

Update description:

update to 125.0.6422.60

High CVE-2024-4947: Type Confusion in V8
High CVE-2024-4948: Use after free in Dawn
Medium CVE-2024-4949: Use after free in V8
Low CVE-2024-4950: Inappropriate implementation in Downloads

update to 124.0.6367.201

* High CVE-2024-4671: Use after free in Visuals

update to 124.0.6367.155

High CVE-2024-4558: Use after free in ANGLE
High CVE-2024-4559: Heap buffer overflow in WebAudio

update to 124.0.6367.118

* High CVE-2024-4331: Use after free in Picture In Picture
* High CVE-2024-4368: Use after free in Dawn

update to 124.0.6367.91

update to 124.0.6367.78

* Critical CVE-2024-4058: Type Confusion in ANGLE
* High CVE-2024-4059: Out of bounds read in V8 API
* High CVE-2024-4060: Use after free in Dawn

update to 124.0.6367.60

High CVE-2024-3832: Object corruption in V8
High CVE-2024-3833: Object corruption in WebAssembly
High CVE-2024-3914: Use after free in V8
High CVE-2024-3834: Use after free in Downloads
Medium CVE-2024-3837: Use after free in QUIC
Medium CVE-2024-3838: Inappropriate implementation in Autofill
Medium CVE-2024-3839: Out of bounds read in Fonts
Medium CVE-2024-3840: Insufficient policy enforcement in Site Isolation
Medium CVE-2024-3841: Insufficient data validation in Browser Switcher
Medium CVE-2024-3843: Insufficient data validation in Downloads
Low CVE-2024-3844: Inappropriate implementation in Extensions
Low CVE-2024-3845: Inappropriate implementation in Network
Low CVE-2024-3846: Inappropriate implementation in Prompts
Low CVE-2024-3847: Insufficient policy enforcement in WebUI

update to 123.0.6312.122

High CVE-2024-3157: Out of bounds write in Compositing
High CVE-2024-3516: Heap buffer overflow in ANGLE
High CVE-2024-3515: Use after free in Dawn

Read More

ZDI-24-466: Siemens Simcenter Femap IGS File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

Read Time:17 Second

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Simcenter Femap. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-32066.

Read More