Category Archives: Advisories

et-6.2.8-1.fc39

Read Time:11 Second

FEDORA-2024-94a155818c

Packages in this update:

et-6.2.8-1.fc39

Update description:

Update to 6.2.8, fixing CVE-2022-48257 and CVE-2022-48258

Unbundle cpp-httlib, fixing CVE-2023-26130

Read More

USN-6760-1: Gerbv vulnerability

Read Time:15 Second

George-Andrei Iosif and David Fernandez Gonzalez discovered that Gerbv did
not properly initialize a data structure when parsing certain nested
RS-274X format files. If a user were tricked into opening a specially
crafted file, an attacker could possibly use this issue to cause a denial
of service (application crash).

Read More

Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution

Read Time:26 Second

Multiple vulnerabilities have been discovered in Google Chrome, which could allow for arbitrary code execution. Successful exploitation of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Read More

LSN-0103-1: Kernel Live Patch Security Notice

Read Time:1 Minute, 37 Second

Lonial Con discovered that the netfilter subsystem in the Linux kernel
contained a memory leak when handling certain element flush operations. A
local attacker could use this to expose sensitive information (kernel
memory).(CVE-2023-4569)

Xingyuan Mo discovered that the netfilter subsystem in the Linux kernel did
not properly handle inactive elements in its PIPAPO data structure, leading
to a use-after-free vulnerability. A local attacker could use this to cause
a denial of service (system crash) or possibly execute arbitrary code.(CVE-2023-6817)

It was discovered that a race condition existed in the AppleTalk networking
subsystem of the Linux kernel, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code.(CVE-2023-51781)

Kevin Rich discovered that the netfilter subsystem in the Linux kernel did
not properly check deactivated elements in certain situations, leading to a
use-after-free vulnerability. A local attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.(CVE-2024-0193)

Lonial Con discovered that the netfilter subsystem in the Linux kernel did
not properly handle element deactivation in certain cases, leading to a
use-after-free vulnerability. A local attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.(CVE-2024-1085)

Notselwyn discovered that the netfilter subsystem in the Linux kernel did
not properly handle verdict parameters in certain cases, leading to a use-
after-free vulnerability. A local attacker could use this to cause a denial
of service (system crash) or possibly execute arbitrary code.(CVE-2024-1086)

In the Linux kernel, the following vulnerability has been
resolved: net: qualcomm: rmnet: fix global oob in rmnet_policy The variable
rmnet_link_ops assign a *bigger* maxtype which leads to a global out-of-
bounds read when parsing the netlink attributes. (CVE-2024-26597)

Read More

USN-6758-1: JSON5 vulnerability

Read Time:18 Second

It was discovered that the JSON5 parse method incorrectly handled the parsing
of keys named __proto__. An attacker could possibly use this issue to pollute
the prototype of the returned object, setting arbitrary or unexpected keys, and
cause a denial of service, allow unintended access to network services or have
other unspecified impact, depending on the application’s use of the module.

Read More

chromium-124.0.6367.91-1.fc40

Read Time:17 Second

FEDORA-2024-0539d2c8b0

Packages in this update:

chromium-124.0.6367.91-1.fc40

Update description:

update to 124.0.6367.91

update to 124.0.6367.78

* Critical CVE-2024-4058: Type Confusion in ANGLE
* High CVE-2024-4059: Out of bounds read in V8 API
* High CVE-2024-4060: Use after free in Dawn

Read More

chromium-124.0.6367.91-1.el9

Read Time:1 Minute, 6 Second

FEDORA-EPEL-2024-68b6d0dafe

Packages in this update:

chromium-124.0.6367.91-1.el9

Update description:

update to 124.0.6367.91

update to 124.0.6367.78

* Critical CVE-2024-4058: Type Confusion in ANGLE
* High CVE-2024-4059: Out of bounds read in V8 API
* High CVE-2024-4060: Use after free in Dawn

update to 124.0.6367.60

High CVE-2024-3832: Object corruption in V8
High CVE-2024-3833: Object corruption in WebAssembly
High CVE-2024-3914: Use after free in V8
High CVE-2024-3834: Use after free in Downloads
Medium CVE-2024-3837: Use after free in QUIC
Medium CVE-2024-3838: Inappropriate implementation in Autofill
Medium CVE-2024-3839: Out of bounds read in Fonts
Medium CVE-2024-3840: Insufficient policy enforcement in Site Isolation
Medium CVE-2024-3841: Insufficient data validation in Browser Switcher
Medium CVE-2024-3843: Insufficient data validation in Downloads
Low CVE-2024-3844: Inappropriate implementation in Extensions
Low CVE-2024-3845: Inappropriate implementation in Network
Low CVE-2024-3846: Inappropriate implementation in Prompts
Low CVE-2024-3847: Insufficient policy enforcement in WebUI

update to 123.0.6312.122

High CVE-2024-3157: Out of bounds write in Compositing
High CVE-2024-3516: Heap buffer overflow in ANGLE
High CVE-2024-3515: Use after free in Dawn

Read More