Category Archives: Advisories

gdcm-3.0.23-5.fc39

Read Time:17 Second

FEDORA-2024-11821b16ac

Packages in this update:

gdcm-3.0.23-5.fc39

Update description:

Security fixes

TALOS-2024-1924, CVE-2024-22391: heap overflow
TALOS-2024-1935, CVE-2024-22373: out-of-bounds write
TALOS-2024-1944, CVE-2024-25569: out-of-bounds read

Bug fixes

Replace deprecated PyEval_CallObject for compatibility with Python 3.13

Read More

gdcm-3.0.12-7.el9

Read Time:18 Second

FEDORA-EPEL-2024-f5884f808a

Packages in this update:

gdcm-3.0.12-7.el9

Update description:

Security fixes

TALOS-2024-1924, CVE-2024-22391: heap overflow
TALOS-2024-1935, CVE-2024-22373: out-of-bounds write
TALOS-2024-1944, CVE-2024-25569: out-of-bounds read

Bug fixes

Replace deprecated PyEval_CallObject for compatibility with Python 3.13

Read More

gdcm-3.0.21-4.fc38

Read Time:17 Second

FEDORA-2024-7a57842ec3

Packages in this update:

gdcm-3.0.21-4.fc38

Update description:

Security fixes

TALOS-2024-1924, CVE-2024-22391: heap overflow
TALOS-2024-1935, CVE-2024-22373: out-of-bounds write
TALOS-2024-1944, CVE-2024-25569: out-of-bounds read

Bug fixes

Replace deprecated PyEval_CallObject for compatibility with Python 3.13

Read More

gdcm-3.0.23-5.fc40

Read Time:17 Second

FEDORA-2024-fae33e6e9f

Packages in this update:

gdcm-3.0.23-5.fc40

Update description:

Security fixes

TALOS-2024-1924, CVE-2024-22391: heap overflow
TALOS-2024-1935, CVE-2024-22373: out-of-bounds write
TALOS-2024-1944, CVE-2024-25569: out-of-bounds read

Bug fixes

Replace deprecated PyEval_CallObject for compatibility with Python 3.13

Read More

gdcm-3.0.23-5.fc41

Read Time:32 Second

FEDORA-2024-c5909efa5c

Packages in this update:

gdcm-3.0.23-5.fc41

Update description:

Automatic update for gdcm-3.0.23-5.fc41.

Changelog

* Fri Apr 26 2024 Sandro <devel@penguinpee.nl> – 3.0.23-5
– Apply security patches
– Fix TALOS-2024-1924, CVE-2024-22391 (RHBZ#2277288)
– Fix TALOS-2024-1935, CVE-2024-22373 (RHBZ#2277292)
– Fix TALOS-2024-1944, CVE-2024-25569 (RHBZ#2277296)
* Fri Apr 19 2024 Sandro <devel@penguinpee.nl> – 3.0.23-4
– Replace deprecated PyEval_CallObject() (RHBZ#2245816)
* Fri Mar 22 2024 Sérgio M. Basto <sergio@serjux.com> – 3.0.23-3
– Update URL

Read More

ZDI-24-415: (Pwn2Own) Oracle VirtualBox E1000 Uninitialized Memory Information Disclosure Vulnerability

Read Time:17 Second

This vulnerability allows local attackers to disclose sensitive information on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.0. The following CVEs are assigned: CVE-2024-21113.

Read More

ZDI-24-414: (Pwn2Own) Oracle VirtualBox AHCI Controller Uninitialized Memory Information Disclosure Vulnerability

Read Time:17 Second

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.0. The following CVEs are assigned: CVE-2024-21112.

Read More

ZDI-24-413: (Pwn2Own) Oracle VirtualBox DevVGA Out-Of-Bounds Write Local Privilege Escalation Vulnerability

Read Time:17 Second

This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.2. The following CVEs are assigned: CVE-2024-21115.

Read More

ZDI-24-412: (Pwn2Own) Oracle VirtualBox VirtIOCore Buffer Overflow Local Privilege Escalation Vulnerability

Read Time:17 Second

This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.2. The following CVEs are assigned: CVE-2024-21114.

Read More

ZDI-24-411: (Pwn2Own) Oracle VirtualBox BusLogic Uninitialized Memory Information Disclosure Vulnerability

Read Time:17 Second

This vulnerability allows local attackers to disclose sensitive information on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.0. The following CVEs are assigned: CVE-2024-21121.

Read More