It was discovered that Unbound could take part in a denial of service
amplification attack known as DNSBomb. This update introduces certain
resource limits to make the impact from Unbound significantly lower.
Category Archives: Advisories
USN-6790-1: amavisd-new vulnerability
It was discovered that amavisd-new incorrectly handled certain MIME email
messages with multiple boundary parameters. A remote attacker could
possibly use this issue to bypass checks for banned files or malware.
USN-6789-1: LibreOffice vulnerability
Amel Bouziane-Leblond discovered that LibreOffice incorrectly handled
graphic on-click bindings. If a user were tricked into clicking a graphic
in a specially crafted document, a remote attacker could possibly run
arbitrary script.
USN-6788-1: WebKitGTK vulnerabilities
Several security issues were discovered in the WebKitGTK Web and JavaScript
engines. If a user were tricked into viewing a malicious website, a remote
attacker could exploit a variety of issues related to web browser security,
including cross-site scripting attacks, denial of service attacks, and
arbitrary code execution.
thunderbird-115.11.0-1.fc40
FEDORA-2024-7ade906120
Packages in this update:
thunderbird-115.11.0-1.fc40
Update description:
Update to 115.11.0
https://www.mozilla.org/en-US/security/advisories/mfsa2024-23/
https://www.thunderbird.net/en-US/thunderbird/115.11.0/releasenotes/
https://www.thunderbird.net/en-US/thunderbird/115.10.0/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2024-20/
USN-6786-1: Netatalk vulnerabilities
It was discovered that Netatalk did not properly protect an SMB and AFP
default configuration. A remote attacker could possibly use this issue to
execute arbitrary code.
ZDI-24-516: Progress Software WhatsUp Gold HttpContentActiveController Server-Side Request Forgery Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Progress Software WhatsUp Gold. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.1. The following CVEs are assigned: CVE-2024-4562.
SEC Consult SA-20240527-0 :: Multiple vulnerabilities in HAWKI didactic interface
Posted by SEC Consult Vulnerability Lab via Fulldisclosure on May 27
SEC Consult Vulnerability Lab Security Advisory < 20240527-0 >
=======================================================================
title: Multiple vulnerabilities
product: HAWKI (Interaction Design Team at the University of Applied
Sciences and Arts in Hildesheim/Germany)
vulnerable version: 1.0.0-beta.1, versions before commit 146967f
fixed version: Github commit 146967f…
SEC Consult SA-20240524-0 :: Exposed Serial Shell on multiple PLCs in Siemens CP-XXXX Series
Posted by SEC Consult Vulnerability Lab via Fulldisclosure on May 27
SEC Consult Vulnerability Lab Security Advisory < 20240524-0 >
=======================================================================
title: Exposed Serial Shell on multiple PLCs
product: Siemens CP-XXXX Series (CP-2014, CP-2016, CP-2017, CP-2019, CP-5014)
vulnerable version: All hardware revisions
fixed version: Hardware is EOL, no fix
CVE number: –
impact: Low…
fcitx5-qt-5.1.6-2.fc40 python-pyqt6-6.7.0-2.fc40 qadwaitadecorations-0.1.5-3.fc40 qgnomeplatform-0.9.2-14.fc40 qt6-6.7.1-1.fc40 qt6-qt3d-6.7.1-1.fc40 qt6-qt5compat-6.7.1-1.fc40 qt6-qtbase-6.7.1-2.fc40 qt6-qtcharts-6.7.1-1.fc40 qt6-qtcoap-6.7.1-1.fc40 qt6-qtconnectivity-6.7.1-1.fc40 qt6-qtdatavis3d-6.7.1-1.fc40 qt6-qtdeclarative-6.7.1-2.fc40 qt6-qtgraphs-6.7.1-1.fc40 qt6-qtgrpc-6.7.1-1.fc40 qt6-qthttpserver-6.7.1-1.fc40 qt6-qtimageformats-6.7.1-1.fc40 qt6-qtlanguageserver-6.7.1-2.fc40 qt6-qtlocation-6.7.1-1.fc40 qt6-qtlottie-6.7.1-1.fc40 qt6-qtmqtt-6.7.1-1.fc40 qt6-qtmultimedia-6.7.1-1.fc40 qt6-qtnetworkauth-6.7.1-1.fc40 qt6-qtopcua-6.7.1-1.fc40 qt6-qtpositioning-6.7.1-1.fc40 qt6-qtquick3d-6.7.1-1.fc40 qt6-qtquick3dphysics-6.7.1-1.fc40 qt6-qtquicktimeline-6.7.1-1.fc40 qt6-qtremoteobjects-6.7.1-1.fc40 qt6-qtscxml-6.7.1-1.fc40 qt6-qtsensors-6.7.1-1.fc40 qt6-qtserialbus-6.7.1-1.fc40 qt6-qtserialport-6.7.1-1.fc40 qt6-qtshadertools-6.7.1-2.fc40 qt6-qtspeech-6.7.1-1.fc40 qt6-qtsvg-6.7.1-1.fc40 qt6-qttools-6.7.1-1.fc40 qt6-qttranslations-6.7.1-1.fc40 qt6-qtvirtualkeyboard-6.7.1-1.fc40 qt6-qtwayland-6.7.1-1.fc40 qt6-qtwebchannel-6.7.1-1.fc40 qt6-qtwebengine-6.7.1-1.fc40 qt6-qtwebsockets-6.7.1-1.fc40 qt6-qtwebview-6.7.1-1.fc40 zeal-0.7.0-10.fc40
FEDORA-2024-bfb8617ba3
Packages in this update:
fcitx5-qt-5.1.6-2.fc40
python-pyqt6-6.7.0-2.fc40
qadwaitadecorations-0.1.5-3.fc40
qgnomeplatform-0.9.2-14.fc40
qt6-6.7.1-1.fc40
qt6-qt3d-6.7.1-1.fc40
qt6-qt5compat-6.7.1-1.fc40
qt6-qtbase-6.7.1-2.fc40
qt6-qtcharts-6.7.1-1.fc40
qt6-qtcoap-6.7.1-1.fc40
qt6-qtconnectivity-6.7.1-1.fc40
qt6-qtdatavis3d-6.7.1-1.fc40
qt6-qtdeclarative-6.7.1-2.fc40
qt6-qtgraphs-6.7.1-1.fc40
qt6-qtgrpc-6.7.1-1.fc40
qt6-qthttpserver-6.7.1-1.fc40
qt6-qtimageformats-6.7.1-1.fc40
qt6-qtlanguageserver-6.7.1-2.fc40
qt6-qtlocation-6.7.1-1.fc40
qt6-qtlottie-6.7.1-1.fc40
qt6-qtmqtt-6.7.1-1.fc40
qt6-qtmultimedia-6.7.1-1.fc40
qt6-qtnetworkauth-6.7.1-1.fc40
qt6-qtopcua-6.7.1-1.fc40
qt6-qtpositioning-6.7.1-1.fc40
qt6-qtquick3d-6.7.1-1.fc40
qt6-qtquick3dphysics-6.7.1-1.fc40
qt6-qtquicktimeline-6.7.1-1.fc40
qt6-qtremoteobjects-6.7.1-1.fc40
qt6-qtscxml-6.7.1-1.fc40
qt6-qtsensors-6.7.1-1.fc40
qt6-qtserialbus-6.7.1-1.fc40
qt6-qtserialport-6.7.1-1.fc40
qt6-qtshadertools-6.7.1-2.fc40
qt6-qtspeech-6.7.1-1.fc40
qt6-qtsvg-6.7.1-1.fc40
qt6-qttools-6.7.1-1.fc40
qt6-qttranslations-6.7.1-1.fc40
qt6-qtvirtualkeyboard-6.7.1-1.fc40
qt6-qtwayland-6.7.1-1.fc40
qt6-qtwebchannel-6.7.1-1.fc40
qt6-qtwebengine-6.7.1-1.fc40
qt6-qtwebsockets-6.7.1-1.fc40
qt6-qtwebview-6.7.1-1.fc40
zeal-0.7.0-10.fc40
Update description:
Qt 6.7.1 bugfix update.