Hugo van Kemenade discovered that Pillow was not properly performing
bounds checks when processing an ICC file, which could lead to a buffer
overflow. If a user or automated system were tricked into processing a
specially crafted ICC file, an attacker could possibly use this issue
to cause a denial of service or execute arbitrary code.
sssd-2.9.4-7.fc41
Automatic update for sssd-2.9.4-7.fc41.
* Fri Apr 19 2024 Pavel Březina <pbrezina@redhat.com> – 2.9.4-7
– Fix CVE-2023-3758 (rhbz#2275905)
sssd-2.9.4-7.fc40
Fix CVE-2023-3758 https://bugzilla.redhat.com/show_bug.cgi?id=2275905
sssd-2.9.4-2.fc39
Fix CVE-2023-3758 https://bugzilla.redhat.com/show_bug.cgi?id=2275905
sssd-2.9.4-2.fc38
Fix CVE-2023-3758 https://bugzilla.redhat.com/show_bug.cgi?id=2275905
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Google cAdvisor. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 5.3.
nextcloud-28.0.3-1.fc38
update to 28.0.3
fix CVE-2024-22403
Several vulnerabilities have been discovered in the OpenJDK Java runtime,
which may result in denial of service or information disclosure.
Multiple security issues were discovered in Thunderbird, which could
result in denial of service or the execution of arbitrary code.
It was discovered that insufficient restriction of unix daemon sockets
in the GNU Guix functional package manager could result in sandbox
bypass.
