Category Archives: Advisories

Advisories

USN-7018-1: OpenSSL vulnerabilities

Read Time:1 Minute, 5 Second

Robert Merget, Marcus Brinkmann, Nimrod Aviram, and Juraj Somorovsky
discovered that certain Diffie-Hellman ciphersuites in the TLS
specification and implemented by OpenSSL contained a flaw. A remote
attacker could possibly use this issue to eavesdrop on encrypted
communications. This was fixed in this update by removing the insecure
ciphersuites from OpenSSL. (CVE-2020-1968)

Paul Kehrer discovered that OpenSSL incorrectly handled certain input
lengths in EVP functions. A remote attacker could possibly use this issue
to cause OpenSSL to crash, resulting in a denial of service.
(CVE-2021-23840)

Elison Niven discovered that OpenSSL incorrectly handled the c_rehash
script. A local attacker could possibly use this issue to execute arbitrary
commands when c_rehash is run. (CVE-2022-1292)

Chancen and Daniel Fiala discovered that OpenSSL incorrectly handled the
c_rehash script. A local attacker could possibly use this issue to execute
arbitrary commands when c_rehash is run. (CVE-2022-2068)

It was discovered that OpenSSL incorrectly handled excessively large
Diffie-Hellman parameters. An attacker could possibly use this issue
to cause a denial of service. (CVE-2023-3446)

Bahaa Naamneh discovered that OpenSSL incorrectly handled certain malformed
PKCS12 files. A remote attacker could possibly use this issue to cause
OpenSSL to crash, resulting in a denial of service. (CVE-2024-0727)

Read More

Advisories

USN-7000-2: Expat vulnerabilities

Read Time:31 Second

USN-7000-1 fixed vulnerabilities in Expat. This update
provides the corresponding updates for Ubuntu 22.04 LTS.

Original advisory details:

Shang-Hung Wan discovered that Expat did not properly handle certain
function calls when a negative input length was provided. An attacker
could use this issue to cause a denial of service or possibly execute
arbitrary code. (CVE-2024-45490)

Shang-Hung Wan discovered that Expat did not properly handle the
potential for an integer overflow on 32-bit platforms. An attacker
could use this issue to cause a denial of service or possibly execute
arbitrary code. (CVE-2024-45491, CVE-2024-45492)

Read More

Advisories

USN-7001-2: xmltok library vulnerabilities

Read Time:34 Second

USN-7001-1 fixed vulnerabilities in xmltol library. This update
provides the corresponding updates for Ubuntu 24.04 LTS.

Original advisory details:

Shang-Hung Wan discovered that Expat, contained within the xmltok library,
did not properly handle certain function calls when a negative input
length was provided. An attacker could use this issue to cause a denial of
service or possibly execute arbitrary code. (CVE-2024-45490)

Shang-Hung Wan discovered that Expat, contained within the xmltok library,
did not properly handle the potential for an integer overflow on 32-bit
platforms. An attacker could use this issue to cause a denial of service
or possibly execute arbitrary code. (CVE-2024-45491)

Read More

Advisories

chisel-1.10.0-1.fc42

Read Time:19 Second

FEDORA-2024-37a2b3fac5

Packages in this update:

chisel-1.10.0-1.fc42

Update description:

Automatic update for chisel-1.10.0-1.fc42.

Changelog

* Tue Sep 17 2024 Fabian Affolter <mail@fabian-affolter.ch> – 1.10.0-1
– Update to new upstream version (closes rhbz#2303131)
– Set version (closes rhbz#2265825)
– Fix CVE-2024-43798 (closes rhbz#2308435, closes rhbz#2308436)

Read More

Advisories

USN-7011-2: ClamAV vulnerabilities

Read Time:27 Second

USN-7011-1 fixed several vulnerabilities in ClamAV. This update provides
the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.

Original advisory details:

It was discovered that ClamAV incorrectly handled certain PDF files. A
remote attacker could possibly use this issue to cause ClamAV to crash,
resulting in a denial of service. (CVE-2024-20505)

It was discovered that ClamAV incorrectly handled logfile privileges. A
local attacker could use this issue to cause ClamAV to overwrite arbitrary
files, possibly leading to privilege escalation. (CVE-2024-20506)

Read More