This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.5. The following CVEs are assigned: CVE-2024-23532.
Category Archives: Advisories
ZDI-24-377: Ivanti Avalanche WLAvalancheService Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 4.3. The following CVEs are assigned: CVE-2024-23533.
DSA-5673-1 glibc – security update
Charles Fol discovered that the iconv() function in the GNU C library is
prone to a buffer overflow vulnerability when converting strings to the
ISO-2022-CN-EXT character set, which may lead to denial of service
(application crash) or the execution of arbitrary code.
openssl3-3.2.1-1.1.el8
FEDORA-EPEL-2024-b002585dd2
Packages in this update:
openssl3-3.2.1-1.1.el8
Update description:
Merge in changes from c9s’ openssl to pick up various CVE fixes and other bugfixes
nextcloud-28.0.4-2.fc38
FEDORA-2024-d67f9827b2
Packages in this update:
nextcloud-28.0.4-2.fc38
Update description:
Fix typo and 2 RPM build warnings
update to 28.0.3
fix CVE-2024-22403
firefox-flatpak-125.0.2-1
FEDORA-FLATPAK-2024-57e9bcf6a3
Packages in this update:
firefox-flatpak-125.0.2-1
Update description:
Firefox 125.0 release. For details, see https://www.mozilla.org/en-US/firefox/125.0/releasenotes/
Please note that this update depends on the flatpak runtime update from https://bodhi.fedoraproject.org/updates/FEDORA-FLATPAK-2024-a3977e7532
USN-6743-2: Linux kernel (Low Latency) vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– JFS file system;
– BPF subsystem;
– Netfilter;
(CVE-2023-52600, CVE-2024-26589, CVE-2024-26591, CVE-2024-26581,
CVE-2023-52603)
flatpak-runtime-f40-2 flatpak-sdk-f40-1
FEDORA-FLATPAK-2024-a3977e7532
Packages in this update:
flatpak-runtime-f40-2
flatpak-sdk-f40-1
Update description:
Updated flatpak runtime and SDK, including latest Fedora 40 security and bug-fix errata.
In addition, this update also includes updated nss 3.99.0 that’s needed for upcoming firefox 125.0 update.
thunderbird-115.10.1-1.fc39
FEDORA-2024-3c48fb76ea
Packages in this update:
thunderbird-115.10.1-1.fc39
Update description:
Update to 115.10.1
https://www.thunderbird.net/en-US/thunderbird/115.10.1/releasenotes/
Update to 115.10.0
https://www.thunderbird.net/en-US/thunderbird/115.10.0/releasenotes/
thunderbird-115.10.1-1.fc38
FEDORA-2024-d9f71e759e
Packages in this update:
thunderbird-115.10.1-1.fc38
Update description:
Update to 115.10.1
https://www.thunderbird.net/en-US/thunderbird/115.10.1/releasenotes/
Update to 115.10.0
https://www.thunderbird.net/en-US/thunderbird/115.10.0/releasenotes/