Damien Schaeffer discovered that Firefox did not properly manage memory in
the content process when handling Animation timelines, leading to a use
after free vulnerability. An attacker could possibly use this issue to
achieve remote code execution.
Category Archives: Advisories
DSA-5792-1 webkit2gtk – security update
The following vulnerabilities have been discovered in the WebKitGTK
web engine:
CVE-2024-40866
Hafiizh and YoKo Kho discovered that visiting a malicious website
may lead to address bar spoofing.
CVE-2024-44187
Narendra Bhati discovered that a malicious website may exfiltrate
data cross-origin.
DSA-5791-1 python-reportlab – security update
Elyas Damej discovered that a sandbox mechanism in ReportLab, a Python
library to create PDF documents, could be bypassed which may result in
the execution of arbitrary code when converting malformed HTML to a PDF
document.
DSA-5790-1 node-dompurify – security update
It was discovered that DOMPurify, a sanitizer for HTML, MathML and SVG was
susceptible to nesting-based mXSS.
Secure Custom Fields
On behalf of the WordPress security team, I am announcing that we are invoking point 18 of the plugin directory guidelines and are forking Advanced Custom Fields (ACF) into a new plugin, Secure Custom Fields. SCF has been updated to remove commercial upsells and fix a security problem.
On October 3rd, the ACF team announced ACF plugin updates will come directly from their website. This was also communicated via a support notice in the WordPress.org support forum on Oct 5th. Sites that followed the ACF team’s instructions on “How to update ACF” will continue to get updates directly from WP Engine. On October 1st, 2024, WP Engine also deployed its own solution for updates and installations for plugins and themes across their customers’ sites in place of WordPress.org’s update service.
Sites that continue to use WordPress.org’s update service and have not chosen to switch to ACF updates from WP Engine can click to update to switch to Secure Custom Fields. Where sites have chosen to have plugin auto-updates from WordPress.org enabled, this update process will auto-switch them from Advanced Custom Fields to Secure Custom Fields.
This update is as minimal as possible to fix the security issue. Going forward, Secure Custom Fields is now a non-commercial plugin, and if any developers want to get involved in maintaining and improving it, please get in touch.
Similar has happened before, but not at this scale. This is a rare and unusual situation brought on by WP Engine’s legal attacks, we do not anticipate this happening for other plugins.
WP Engine has posted instructions for how to use their version of Advanced Custom Fields that uses their own update server, so you have that option, though the WordPress Security Team does not recommend it until they fix the security issues. You can uninstall Advanced Custom Fields and activate Secure Custom Fields from the plugin directory and be just fine.
There is separate, but not directly related news that Jason Bahl has left WP Engine to work for Automattic and will be making WPGraphQL a canonical community plugin. We expect others will defect as well.
DSA-5789-1 thunderbird – security update
Multiple security issues were discovered in Thunderbird, which could
result in the execution of arbitrary code.
edk2-20240813-2.fc40
FEDORA-2024-45df72afc6
Packages in this update:
edk2-20240813-2.fc40
Update description:
Security fix for CVE-2023-6237 (openssl: Excessive time spent checking invalid RSA public keys)
edk2-20240813-2.fc41
FEDORA-2024-9cc95d56ce
Packages in this update:
edk2-20240813-2.fc41
Update description:
Security fix for CVE-2023-6237 (openssl: Excessive time spent checking invalid RSA public keys)
USN-7063-1: Ubuntu Advantage Desktop Daemon vulnerability
Marco Trevisan discovered that the Ubuntu Advantage Desktop Daemon leaked
the Pro token to unprivileged users by passing the token as an argument
in plaintext. An attacker could use this issue to gain unauthorized access
to an Ubuntu Pro subscription. (CVE-2024-6388)
glibc-2.38-19.fc39
FEDORA-2024-df41d584d0
Packages in this update:
glibc-2.38-19.fc39
Update description:
Auto-sync with upstream branch release/2.38/master
Add BuildRequires:gzip for compressed character maps and info files.
Upstream commit: 4dd8641461463b667b5503ab0ea4abcf261378a9
Add crt1-2.0.o for glibc 2.0 compatibility tests
libio: Attempt wide backup free only for non-legacy code
nptl: Use <support/check.h> facilities in tst-setuid3
posix: Use <support/check.h> facilities in tst-truncate and tst-truncate64
ungetc: Fix backup buffer leak on program exit [BZ #27821]
ungetc: Fix uninitialized read when putting into unused streams [BZ #27821]
Make tst-ungetc use libsupport
stdio-common: Add test for vfscanf with matches longer than INT_MAX [BZ #27650]
support: Add FAIL test failure helper
x86: Fix bug in strchrnul-evex512 [BZ #32078]
Fix name space violation in fortify wrappers (bug 32052)
resolv: Fix tst-resolv-short-response for older GCC (bug 32042)
Update syscall lists for Linux 6.5
Add mremap tests
mremap: Update manual entry
linux: Update the mremap C implementation [BZ #31968]
resolv: Track single-request fallback via _res._flags (bug 31476)
resolv: Do not wait for non-existing second DNS response after error (bug 30081)
resolv: Allow short error responses to match any query (bug 31890)
Linux: Make __rseq_size useful for feature detection (bug 31965)
elf: Make dl-rseq-symbols Linux only
nptl: fix potential merge of __rseq_* relro symbols
s390x: Fix segfault in wcsncmp [BZ #31934]
misc: Add support for Linux uio.h RWF_NOAPPEND flag
i386: Disable Intel Xeon Phi tests for GCC 15 and above (BZ 31782)
Force DT_RPATH for –enable-hardcoded-path-in-tests
resolv: Fix some unaligned accesses in resolver [BZ #30750]
nscd: Use time_t for return type of addgetnetgrentX
elf: Also compile dl-misc.os with $(rtld-early-cflags)
CVE-2024-33601, CVE-2024-33602: nscd: netgroup: Use two buffers in addgetnetgrentX (bug 31680)
CVE-2024-33600: nscd: Avoid null pointer crashes after notfound response (bug 31678)
CVE-2024-33600: nscd: Do not send missing not-found response in addgetnetgrentX (bug 31678)
CVE-2024-33599: nscd: Stack-based buffer overflow in netgroup cache (bug 31677)
i386: ulp update for SSE2 –disable-multi-arch configurations
nptl: Fix tst-cancel30 on kernels without ppoll_time64 support
login: structs utmp, utmpx, lastlog _TIME_BITS independence (bug 30701)
login: Check default sizes of structs utmp, utmpx, lastlog
sparc: Remove 64 bit check on sparc32 wordsize (BZ 27574)