Category Archives: Advisories

USN-6776-1: Linux kernel vulnerabilities

Read Time:27 Second

Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux
kernel contained a race condition during device removal, leading to a use-
after-free vulnerability. A physically proximate attacker could possibly
use this to cause a denial of service (system crash). (CVE-2023-47233)

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– Networking core;
– IPv4 networking;
– MAC80211 subsystem;
– Tomoyo security module;
(CVE-2024-26614, CVE-2023-52530, CVE-2024-26622)

Read More

chromium-125.0.6422.60-1.fc38

Read Time:38 Second

FEDORA-2024-3a548f46a8

Packages in this update:

chromium-125.0.6422.60-1.fc38

Update description:

update to 125.0.6422.60

* High CVE-2024-4947: Type Confusion in V8
* High CVE-2024-4948: Use after free in Dawn
* Medium CVE-2024-4949: Use after free in V8
* Low CVE-2024-4950: Inappropriate implementation in Downloads

update to 124.0.6367.201

* High CVE-2024-4671: Use after free in Visuals

update to 124.0.6367.155

High CVE-2024-4558: Use after free in ANGLE
High CVE-2024-4559: Heap buffer overflow in WebAudio

update to 124.0.6367.118

* High CVE-2024-4331: Use after free in Picture In Picture
* High CVE-2024-4368: Use after free in Dawn

update to 124.0.6367.91

Read More

chromium-125.0.6422.60-1.fc40

Read Time:17 Second

FEDORA-2024-c01c1f5f82

Packages in this update:

chromium-125.0.6422.60-1.fc40

Update description:

update to 125.0.6422.60

* High CVE-2024-4947: Type Confusion in V8
* High CVE-2024-4948: Use after free in Dawn
* Medium CVE-2024-4949: Use after free in V8
* Low CVE-2024-4950: Inappropriate implementation in Downloads

Read More

chromium-125.0.6422.60-1.fc39

Read Time:17 Second

FEDORA-2024-382a7dba53

Packages in this update:

chromium-125.0.6422.60-1.fc39

Update description:

update to 125.0.6422.60

* High CVE-2024-4947: Type Confusion in V8
* High CVE-2024-4948: Use after free in Dawn
* Medium CVE-2024-4949: Use after free in V8
* Low CVE-2024-4950: Inappropriate implementation in Downloads

Read More

USN-6775-1: Linux kernel vulnerabilities

Read Time:25 Second

Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux
kernel contained a race condition during device removal, leading to a use-
after-free vulnerability. A physically proximate attacker could possibly
use this to cause a denial of service (system crash). (CVE-2023-47233)

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– MAC80211 subsystem;
– Tomoyo security module;
(CVE-2024-26622, CVE-2023-52530)

Read More

USN-6774-1: Linux kernel vulnerabilities

Read Time:52 Second

Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux
kernel contained a race condition during device removal, leading to a use-
after-free vulnerability. A physically proximate attacker could possibly
use this to cause a denial of service (system crash). (CVE-2023-47233)

Sander Wiebing, Alvise de Faveri Tron, Herbert Bos, and Cristiano Giuffrida
discovered that the Linux kernel mitigations for the initial Branch History
Injection vulnerability (CVE-2022-0001) were insufficient for Intel
processors. A local attacker could potentially use this to expose sensitive
information. (CVE-2024-2201)

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– Hardware random number generator core;
– Ext4 file system;
– JFS file system;
– Bluetooth subsystem;
– Networking core;
– IPv4 networking;
– Logical Link layer;
– Netlink;
– Tomoyo security module;
(CVE-2024-26704, CVE-2023-52615, CVE-2024-26805, CVE-2023-52604,
CVE-2024-26614, CVE-2023-52602, CVE-2024-26635, CVE-2024-26622,
CVE-2023-52601, CVE-2024-26801)

Read More

USN-6773-1: .NET vulnerabilities

Read Time:20 Second

It was discovered that .NET did not properly handle memory in it’s
Double Parse routine. An attacker could possibly use this issue to
achieve remote code execution. (CVE-2024-30045)

It was discovered that .NET did not properly handle the usage of a
shared resource. An attacker could possibly use this to cause a dead-lock
condition, resulting in a denial of service. (CVE-2024-30046)

Read More