Category Archives: Advisories

clamav-1.0.6-1.el9

Read Time:55 Second

FEDORA-EPEL-2024-25c9732d41

Packages in this update:

clamav-1.0.6-1.el9

Update description:

ClamAV 1.0.6 is a critical patch release with the following fixes:

Updated select Rust dependencies to the latest versions. This resolved Cargo audit complaints and included PNG parser bug fixes.

GitHub pull requesthttps://github.com/Cisco-Talos/clamav/pull/1225

Fixed a bug causing some text to be truncated when converting from UTF-16.

GitHub pull requesthttps://github.com/Cisco-Talos/clamav/pull/1232

Fixed assorted complaints identified by Coverity static analysis.

GitHub pull requesthttps://github.com/Cisco-Talos/clamav/pull/1237

Fixed a bug causing CVDs downloaded by the DatabaseCustomURL Freshclam config option to be pruned and then re-downloaded with every update.

GitHub pull requesthttps://github.com/Cisco-Talos/clamav/pull/1240

Added the new ‘valhalla’ database name to the list of optional databases in preparation for future work.

GitHub pull requesthttps://github.com/Cisco-Talos/clamav/pull/1240

Silenced a warning “Unexpected early end-of-file” that occured when scanning some PNG files.

GitHub pull requesthttps://github.com/Cisco-Talos/clamav/pull/1216

Read More

clamav-1.0.6-1.fc38

Read Time:55 Second

FEDORA-2024-92b8ac25a5

Packages in this update:

clamav-1.0.6-1.fc38

Update description:

ClamAV 1.0.6 is a critical patch release with the following fixes:

Updated select Rust dependencies to the latest versions. This resolved Cargo audit complaints and included PNG parser bug fixes.

GitHub pull requesthttps://github.com/Cisco-Talos/clamav/pull/1225

Fixed a bug causing some text to be truncated when converting from UTF-16.

GitHub pull requesthttps://github.com/Cisco-Talos/clamav/pull/1232

Fixed assorted complaints identified by Coverity static analysis.

GitHub pull requesthttps://github.com/Cisco-Talos/clamav/pull/1237

Fixed a bug causing CVDs downloaded by the DatabaseCustomURL Freshclam config option to be pruned and then re-downloaded with every update.

GitHub pull requesthttps://github.com/Cisco-Talos/clamav/pull/1240

Added the new ‘valhalla’ database name to the list of optional databases in preparation for future work.

GitHub pull requesthttps://github.com/Cisco-Talos/clamav/pull/1240

Silenced a warning “Unexpected early end-of-file” that occured when scanning some PNG files.

GitHub pull requesthttps://github.com/Cisco-Talos/clamav/pull/1216

Read More

USN-6754-1: nghttp2 vulnerabilities

Read Time:41 Second

It was discovered that nghttp2 incorrectly handled the HTTP/2
implementation. A remote attacker could possibly use this issue to cause
nghttp2 to consume resources, leading to a denial of service. This issue
only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-9511,
CVE-2019-9513)

It was discovered that nghttp2 incorrectly handled request cancellation. A
remote attacker could possibly use this issue to cause nghttp2 to consume
resources, leading to a denial of service. This issue only affected Ubuntu
16.04 LTS and Ubuntu 18.04 LTS. (CVE-2023-44487)

It was discovered that nghttp2 could be made to process an unlimited number
of HTTP/2 CONTINUATION frames. A remote attacker could possibly use this
issue to cause nghttp2 to consume resources, leading to a denial of
service. (CVE-2024-28182)

Read More

USN-6751-1: Zabbix vulnerabilities

Read Time:12 Second

It was discovered that Zabbix incorrectly handled input data in the
discovery and graphs pages. A remote authenticated attacker could possibly
use this issue to perform reflected cross-site scripting (XSS) attacks.
(CVE-2022-35229, CVE-2022-35230)

Read More

chromium-124.0.6367.78-1.el9

Read Time:1 Minute, 4 Second

FEDORA-EPEL-2024-0c24da3136

Packages in this update:

chromium-124.0.6367.78-1.el9

Update description:

update to 124.0.6367.78

* Critical CVE-2024-4058: Type Confusion in ANGLE
* High CVE-2024-4059: Out of bounds read in V8 API
* High CVE-2024-4060: Use after free in Dawn

update to 124.0.6367.60

High CVE-2024-3832: Object corruption in V8
High CVE-2024-3833: Object corruption in WebAssembly
High CVE-2024-3914: Use after free in V8
High CVE-2024-3834: Use after free in Downloads
Medium CVE-2024-3837: Use after free in QUIC
Medium CVE-2024-3838: Inappropriate implementation in Autofill
Medium CVE-2024-3839: Out of bounds read in Fonts
Medium CVE-2024-3840: Insufficient policy enforcement in Site Isolation
Medium CVE-2024-3841: Insufficient data validation in Browser Switcher
Medium CVE-2024-3843: Insufficient data validation in Downloads
Low CVE-2024-3844: Inappropriate implementation in Extensions
Low CVE-2024-3845: Inappropriate implementation in Network
Low CVE-2024-3846: Inappropriate implementation in Prompts
Low CVE-2024-3847: Insufficient policy enforcement in WebUI

update to 123.0.6312.122

High CVE-2024-3157: Out of bounds write in Compositing
High CVE-2024-3516: Heap buffer overflow in ANGLE
High CVE-2024-3515: Use after free in Dawn

Read More