This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2024-23535.

Read More

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2024-23534.

Read More

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.5. The following CVEs are assigned: CVE-2024-23532.

Read More

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 4.3. The following CVEs are assigned: CVE-2024-23533.

Read More

Charles Fol discovered that the iconv() function in the GNU C library is
prone to a buffer overflow vulnerability when converting strings to the
ISO-2022-CN-EXT character set, which may lead to denial of service
(application crash) or the execution of arbitrary code.

https://security-tracker.debian.org/tracker/DSA-5673-1

Read More

FEDORA-EPEL-2024-b002585dd2

Packages in this update:

openssl3-3.2.1-1.1.el8

Update description:

Merge in changes from c9s’ openssl to pick up various CVE fixes and other bugfixes

Read More

FEDORA-2024-d67f9827b2

Packages in this update:

nextcloud-28.0.4-2.fc38

Update description:

Fix typo and 2 RPM build warnings

update to 28.0.3
fix CVE-2024-22403

Read More

FEDORA-FLATPAK-2024-57e9bcf6a3

Packages in this update:

firefox-flatpak-125.0.2-1

Update description:

Firefox 125.0 release. For details, see https://www.mozilla.org/en-US/firefox/125.0/releasenotes/

Please note that this update depends on the flatpak runtime update from https://bodhi.fedoraproject.org/updates/FEDORA-FLATPAK-2024-a3977e7532

Read More

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– JFS file system;
– BPF subsystem;
– Netfilter;
(CVE-2023-52600, CVE-2024-26589, CVE-2024-26591, CVE-2024-26581,
CVE-2023-52603)

Read More

FEDORA-FLATPAK-2024-a3977e7532

Packages in this update:

flatpak-runtime-f40-2
flatpak-sdk-f40-1

Update description:

Updated flatpak runtime and SDK, including latest Fedora 40 security and bug-fix errata.

In addition, this update also includes updated nss 3.99.0 that’s needed for upcoming firefox 125.0 update.

Read More