Read Time:13 Second
FEDORA-2024-e0057e6044
Packages in this update:
python-aiohttp-3.9.5-1.fc39
Update description:
Security update for CVE-2024-27306
https://github.com/aio-libs/aiohttp/releases/tag/v3.9.5
Category Archives: Advisories
USN-6742-2: Linux kernel vulnerabilities
Read Time:27 Second
Daniele Antonioli discovered that the Secure Simple Pairing and Secure
Connections pairing in the Bluetooth protocol could allow an
unauthenticated user to complete authentication without pairing
credentials. A physically proximate attacker placed between two Bluetooth
devices could use this to subsequently impersonate one of the paired
devices. (CVE-2023-24023)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– JFS file system;
– Netfilter;
(CVE-2024-26581, CVE-2023-52600, CVE-2023-52603)
python-aiohttp-3.9.5-1.fc40 python-openapi-core-0.19.1-3.fc40
Read Time:16 Second
FEDORA-2024-000a25f3fc
Packages in this update:
python-aiohttp-3.9.5-1.fc40
python-openapi-core-0.19.1-3.fc40
Update description:
Security update for CVE-2024-27306
https://github.com/aio-libs/aiohttp/releases/tag/v3.9.5
USN-6746-1: Google Guest Agent and Google OS Config Agent vulnerability
Read Time:9 Second
It was discovered that Google Guest Agent and Google OS Config Agent incorrectly
handled certain JSON files. An attacker could possibly use this issue to
cause a denial of service.
USN-6728-3: Squid vulnerability
Read Time:1 Minute, 10 Second
USN-6728-1 fixed vulnerabilities in Squid. The fix for CVE-2023-5824 caused
Squid to crash in certain environments on Ubuntu 20.04 LTS and was disabled
in USN-6728-2. The problematic fix for CVE-2023-5824 has now been corrected
and reinstated in this update.
We apologize for the inconvenience.
Original advisory details:
Joshua Rogers discovered that Squid incorrectly handled collapsed
forwarding. A remote attacker could possibly use this issue to cause Squid
to crash, resulting in a denial of service. This issue only affected Ubuntu
20.04 LTS and Ubuntu 22.04 LTS. (CVE-2023-49288)
Joshua Rogers discovered that Squid incorrectly handled certain structural
elements. A remote attacker could possibly use this issue to cause Squid to
crash, resulting in a denial of service. (CVE-2023-5824)
Joshua Rogers discovered that Squid incorrectly handled Cache Manager error
responses. A remote trusted client can possibly use this issue to cause
Squid to crash, resulting in a denial of service. (CVE-2024-23638)
Joshua Rogers discovered that Squid incorrectly handled the HTTP Chunked
decoder. A remote attacker could possibly use this issue to cause Squid to
stop responding, resulting in a denial of service. (CVE-2024-25111)
Joshua Rogers discovered that Squid incorrectly handled HTTP header
parsing. A remote trusted client can possibly use this issue to cause
Squid to crash, resulting in a denial of service. (CVE-2024-25617)
golang-github-git-5-5.12.0-1.fc41
Read Time:20 Second
FEDORA-2024-7fecec055b
Packages in this update:
golang-github-git-5-5.12.0-1.fc41
Update description:
Automatic update for golang-github-git-5-5.12.0-1.fc41.
Changelog
* Tue Apr 23 2024 Mikel Olasagasti Uranga <mikel@olasagasti.info> – 5.12.0-1
– Update to 5.12.0 – Closes rhbz#2214601 rhbz#2255090 rhbz#2259808
rhbz#2259817 rhbz#2259827 rhbz#2259832
freerdp2-2.11.7-1.fc40
Read Time:12 Second
FEDORA-2024-982a7184e0
Packages in this update:
freerdp2-2.11.7-1.fc40
Update description:
Update to 2.11.7 (CVE-2024-32039, CVE-2024-32040, CVE-2024-32041, CVE-2024-32458, CVE-2024-32459, CVE-2024-32460)
freerdp-2.11.7-1.fc38
Read Time:12 Second
FEDORA-2024-c702ea0fb1
Packages in this update:
freerdp-2.11.7-1.fc38
Update description:
Update to 2.11.7 (CVE-2024-32039, CVE-2024-32040, CVE-2024-32041, CVE-2024-32458, CVE-2024-32459, CVE-2024-32460)
freerdp-2.11.7-1.fc39
Read Time:12 Second
FEDORA-2024-1b11432d52
Packages in this update:
freerdp-2.11.7-1.fc39
Update description:
Update to 2.11.7 (CVE-2024-32039, CVE-2024-32040, CVE-2024-32041, CVE-2024-32458, CVE-2024-32459, CVE-2024-32460)
chromium-124.0.6367.60-2.fc40
Read Time:44 Second
FEDORA-2024-8b50ca2e22
Packages in this update:
chromium-124.0.6367.60-2.fc40
Update description:
update to 124.0.6367.60
High CVE-2024-3832: Object corruption in V8
High CVE-2024-3833: Object corruption in WebAssembly
High CVE-2024-3914: Use after free in V8
High CVE-2024-3834: Use after free in Downloads
Medium CVE-2024-3837: Use after free in QUIC
Medium CVE-2024-3838: Inappropriate implementation in Autofill
Medium CVE-2024-3839: Out of bounds read in Fonts
Medium CVE-2024-3840: Insufficient policy enforcement in Site Isolation
Medium CVE-2024-3841: Insufficient data validation in Browser Switcher
Medium CVE-2024-3843: Insufficient data validation in Downloads
Low CVE-2024-3844: Inappropriate implementation in Extensions
Low CVE-2024-3845: Inappropriate implementation in Network
Low CVE-2024-3846: Inappropriate implementation in Prompts
Low CVE-2024-3847: Insufficient policy enforcement in WebUI