FEDORA-2024-4ab266b9ca
Packages in this update:
chromium-129.0.6668.100-1.fc40
Update description:
Update to 129.0.6668.100
* CVE-2024-9602: Type Confusion in V8
* CVE-2024-9603: Type Confusion in V
chromium-129.0.6668.100-1.fc40
Update to 129.0.6668.100
* CVE-2024-9602: Type Confusion in V8
* CVE-2024-9603: Type Confusion in V
chromium-129.0.6668.100-1.el9
Update to 129.0.6668.100
* CVE-2024-9602: Type Confusion in V8
* CVE-2024-9603: Type Confusion in V
yarnpkg-1.22.22-4.fc41
Update bundled elliptic to fix CVE-2024-48949.
yarnpkg-1.22.22-4.fc40
Update bundled elliptic to fix CVE-2024-48949.
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– GPU drivers;
– Network drivers;
– SCSI drivers;
– F2FS file system;
– BPF subsystem;
– IPv4 networking;
(CVE-2024-42228, CVE-2024-42154, CVE-2024-42160, CVE-2024-42159,
CVE-2024-41009, CVE-2024-42224)
This vulnerability allows local attackers to create a denial-of-service condition on affected installations of SonicWALL Connect Tunnel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.1. The following CVEs are assigned: CVE-2024-45315.
This vulnerability allows local attackers to escalate privileges on affected installations of SonicWALL Connect Tunnel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-45316.
This vulnerability allows local attackers to escalate privileges on affected installations of Wacom Center. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-9766.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-9730.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-9729.