doctl-1.120.0-1.fc42
Automatic update for doctl-1.120.0-1.fc42.
* Sun Dec 15 2024 Mikel Olasagasti Uranga <mikel@olasagasti.info> – 1.120.0-1
– Update to 1.120.0 – Closes rhbz#2272525 rhbz#2292680 rhbz#2294002
rhbz#2331944 rhbz#2331970
Multiple multiple vulnerabilities were discovered in plugins for the
GStreamer media framework and its codecs and demuxers, which may result
in denial of service or potentially the execution of arbitrary code if
a malformed media file is opened.
USN-7157-1 fixed vulnerabilities in PHP. The patch for
CVE-2024-8932 caused a regression in php7.4. This
update fixes the problem.
Original advisory details:
It was discovered that PHP incorrectly handled certain inputs when
processed with convert.quoted-printable decode filters.
An attacker could possibly use this issue to expose sensitive
information or cause a crash. (CVE-2024-11233)
It was discovered that PHP incorrectly handled certain HTTP requests.
An attacker could possibly use this issue to performing arbitrary
HTTP requests originating from the server, thus potentially
gaining access to resources not normally available to the external
user. (CVE-2024-11234)
It was discovered that PHP incorrectly handled certain inputs.
An attacker could possibly use this issue to cause a crash or
execute arbitrary code. (CVE-2024-11236, CVE-2024-8932)
It was discovered that PHP incorrectly handled certain MySQL requests.
An attacker could possibly use this issue to cause the client to
disclose the content of its heap containing data from other SQL requests
and possible other data belonging to different users of the same server.
(CVE-2024-8929)
It was discovered that PHP incorrectly handled certain inputs when
processed with convert.quoted-printable decode filters.
An attacker could possibly use this issue to expose sensitive
information or cause a crash. (CVE-2024-11233)
It was discovered that PHP incorrectly handled certain HTTP requests.
An attacker could possibly use this issue to performing arbitrary
HTTP requests originating from the server, thus potentially
gaining access to resources not normally available to the external
user. (CVE-2024-11234)
It was discovered that PHP incorrectly handled certain inputs.
An attacker could possibly use this issue to cause a crash or
execute arbitrary code. (CVE-2024-11236, CVE-2024-8932)
It was discovered that PHP incorrectly handled certain MySQL requests.
An attacker could possibly use this issue to cause the client to
disclose the content of its heap containing data from other SQL requests
and possible other data belonging to different users of the same server.
(CVE-2024-8929)
mingw-directxmath-3.20-1.fc41
mingw-gstreamer1-1.24.10-1.fc41
mingw-gstreamer1-plugins-bad-free-1.24.10-1.fc41
mingw-gstreamer1-plugins-base-1.24.10-1.fc41
mingw-gstreamer1-plugins-good-1.24.10-1.fc41
Update to gstreamer-1.24.10, fixes multiple CVEs.
mingw-directxmath-3.20-1.fc40
mingw-gstreamer1-1.24.10-1.fc40
mingw-gstreamer1-plugins-bad-free-1.24.10-1.fc40
mingw-gstreamer1-plugins-base-1.24.10-1.fc40
mingw-gstreamer1-plugins-good-1.24.10-1.fc40
mingw-orc-0.4.40-1.fc40
Update to 1.24.10, fixes multiple CVEs.
curl-8.9.1-3.fc41
fix HSTS subdomain overwrites parent cache entry (CVE-2024-9681)
What are the Vulnerabilities?Ivanti has released security updates to address multiple critical flaws in its Cloud Services Application (CSA) that could lead to privilege escalation and code execution. More details below:CVE-2024-11639, CVSS: 10.0 (Maximum Severity), authentication bypass vulnerability in the admin web console of Ivanti CSA before 5.0.3 allows a remote unauthenticated attacker to gain administrative access CVE-2024-11772, CVSS: 9.1 (Critical): Command injection in the admin web console of Ivanti CSA before version 5.0.3 allows a remote authenticated attacker with admin privileges to achieve remote code execution. CVE-2024-11773, CVSS: 9.1 (Critical): SQL injection in the admin web console of Ivanti CSA before version 5.0.3 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements. What is the recommended Mitigation?Ivanti has released updates for Ivanti Cloud Services Application which addresses the vulnerabilities. Ivanti Advisory | Learn moreCurrently, there is no known public exploitation of these vulnerabilities, as per the vendor.What FortiGuard Coverage is available?FortiGuard recommends users to apply the fix provided by the vendor and follow instructions as mentioned on the vendor’s advisory. FortiGuard IPS protection coverage is under review, and this report will be updated as new coverage becomes available.The FortiGuard Incident Response team can be engaged to help with any suspected compromise.
golang-x-crypto-0.31.0-2.fc40
Fix CVE-2024-45337
