Read Time:9 Second
FEDORA-2024-010fe8772a
Packages in this update:
kernel-6.8.8-300.fc40
Update description:
The 6.8.8 stable kernel update contains a number of important fixes across the tree.
Category Archives: Advisories
CrushFTP VFS Sandbox Escape Vulnerability (CVE-2024-4040)
Read Time:42 Second
What is the vulnerability? A zero-day security vulnerability has been uncovered in an enterprise file-transfer software CrushFTP. The vulnerability tagged as CVE-2024-4040 is actively being exploited in targeted attacks and has also been added to the CISA Known Exploited Vulnerabilities (KEV) list. The vulnerability allows unauthenticated remote attackers to read files from the file system outside of the VFS Sandbox, gain administrative access, and perform remote code execution on the server.What is the vendor Mitigation? According to the vendor advisory, CrushFTP versions prior to 10.7.1 and 11.1.0 are vulnerable to CVE-2024-4040 and being advised to immediately apply the patch. What FortiGuard Coverage is available? Endpoint vulnerability service is available to help detect vulnerable endpoints running the CrushFTP server application. FortiGuard Labs is further investigating for additional coverages.
gdcm-3.0.23-5.fc39
Read Time:17 Second
FEDORA-2024-11821b16ac
Packages in this update:
gdcm-3.0.23-5.fc39
Update description:
Security fixes
TALOS-2024-1924, CVE-2024-22391: heap overflow
TALOS-2024-1935, CVE-2024-22373: out-of-bounds write
TALOS-2024-1944, CVE-2024-25569: out-of-bounds read
Bug fixes
Replace deprecated PyEval_CallObject for compatibility with Python 3.13
gdcm-3.0.12-7.el9
Read Time:18 Second
FEDORA-EPEL-2024-f5884f808a
Packages in this update:
gdcm-3.0.12-7.el9
Update description:
Security fixes
TALOS-2024-1924, CVE-2024-22391: heap overflow
TALOS-2024-1935, CVE-2024-22373: out-of-bounds write
TALOS-2024-1944, CVE-2024-25569: out-of-bounds read
Bug fixes
Replace deprecated PyEval_CallObject for compatibility with Python 3.13
gdcm-3.0.21-4.fc38
Read Time:17 Second
FEDORA-2024-7a57842ec3
Packages in this update:
gdcm-3.0.21-4.fc38
Update description:
Security fixes
TALOS-2024-1924, CVE-2024-22391: heap overflow
TALOS-2024-1935, CVE-2024-22373: out-of-bounds write
TALOS-2024-1944, CVE-2024-25569: out-of-bounds read
Bug fixes
Replace deprecated PyEval_CallObject for compatibility with Python 3.13
gdcm-3.0.23-5.fc40
Read Time:17 Second
FEDORA-2024-fae33e6e9f
Packages in this update:
gdcm-3.0.23-5.fc40
Update description:
Security fixes
TALOS-2024-1924, CVE-2024-22391: heap overflow
TALOS-2024-1935, CVE-2024-22373: out-of-bounds write
TALOS-2024-1944, CVE-2024-25569: out-of-bounds read
Bug fixes
Replace deprecated PyEval_CallObject for compatibility with Python 3.13
gdcm-3.0.23-5.fc41
Read Time:32 Second
FEDORA-2024-c5909efa5c
Packages in this update:
gdcm-3.0.23-5.fc41
Update description:
Automatic update for gdcm-3.0.23-5.fc41.
Changelog
* Fri Apr 26 2024 Sandro <devel@penguinpee.nl> – 3.0.23-5
– Apply security patches
– Fix TALOS-2024-1924, CVE-2024-22391 (RHBZ#2277288)
– Fix TALOS-2024-1935, CVE-2024-22373 (RHBZ#2277292)
– Fix TALOS-2024-1944, CVE-2024-25569 (RHBZ#2277296)
* Fri Apr 19 2024 Sandro <devel@penguinpee.nl> – 3.0.23-4
– Replace deprecated PyEval_CallObject() (RHBZ#2245816)
* Fri Mar 22 2024 Sérgio M. Basto <sergio@serjux.com> – 3.0.23-3
– Update URL
ZDI-24-415: (Pwn2Own) Oracle VirtualBox E1000 Uninitialized Memory Information Disclosure Vulnerability
Read Time:17 Second
This vulnerability allows local attackers to disclose sensitive information on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.0. The following CVEs are assigned: CVE-2024-21113.
ZDI-24-414: (Pwn2Own) Oracle VirtualBox AHCI Controller Uninitialized Memory Information Disclosure Vulnerability
Read Time:17 Second
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.0. The following CVEs are assigned: CVE-2024-21112.
ZDI-24-413: (Pwn2Own) Oracle VirtualBox DevVGA Out-Of-Bounds Write Local Privilege Escalation Vulnerability
Read Time:17 Second
This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.2. The following CVEs are assigned: CVE-2024-21115.