Several vulnerabilities have been discovered in the OpenJDK Java runtime,
which may result in denial of service or information disclosure.
Category Archives: Advisories
chromium-124.0.6367.60-1.el9
FEDORA-EPEL-2024-2bf39e0ba4
Packages in this update:
chromium-124.0.6367.60-1.el9
Update description:
update to 124.0.6367.60
High CVE-2024-3832: Object corruption in V8
High CVE-2024-3833: Object corruption in WebAssembly
High CVE-2024-3914: Use after free in V8
High CVE-2024-3834: Use after free in Downloads
Medium CVE-2024-3837: Use after free in QUIC
Medium CVE-2024-3838: Inappropriate implementation in Autofill
Medium CVE-2024-3839: Out of bounds read in Fonts
Medium CVE-2024-3840: Insufficient policy enforcement in Site Isolation
Medium CVE-2024-3841: Insufficient data validation in Browser Switcher
Medium CVE-2024-3843: Insufficient data validation in Downloads
Low CVE-2024-3844: Inappropriate implementation in Extensions
Low CVE-2024-3845: Inappropriate implementation in Network
Low CVE-2024-3846: Inappropriate implementation in Prompts
Low CVE-2024-3847: Insufficient policy enforcement in WebUI
update to 123.0.6312.122
High CVE-2024-3157: Out of bounds write in Compositing
High CVE-2024-3516: Heap buffer overflow in ANGLE
High CVE-2024-3515: Use after free in Dawn
DSA-5668-1 chromium – security update
Security issues were discovered in Chromium, which could result
in the execution of arbitrary code, denial of service or information
disclosure.
Akira Ransomware Attack
What is the Akira Ransomware Attack?
The Akira ransomware attack has actively and widely impacting businesses. According to CISA advisory, the ransomware group has impacted over 250 organizations and claimed approximately $42 million (USD) in ransomware proceeds. The ransomware group gains initial access via either less-secured VPN or Cisco vulnerabilities. Once the network is compromised, the threat actor is able to target a system and encrypt files with .akira extension.
What is the recommended Mitigation?
Review attack surfaces and ensure that all systems are kept up-to-date with the latest patches. Also, maintain general awareness and training about the risk of phishing and social engineering attacks in the organization.
What FortiGuard Coverage is available?
FortiGuard Labs has existing AV signatures (i.e. W64/Akira.C!tr.ransom) to block all the known malware variants used by Ransomware group and has blocked related IoCs via Web filtering service.
golang-gvisor-20240408.0-1.20240418git9e5a99b.fc38
FEDORA-2024-d652859efb
Packages in this update:
golang-gvisor-20240408.0-1.20240418git9e5a99b.fc38
Update description:
Update golang-gvisor to 20240408.0
golang-gvisor-20240408.0-1.20240418git9e5a99b.fc39
FEDORA-2024-9cc0e0c63e
Packages in this update:
golang-gvisor-20240408.0-1.20240418git9e5a99b.fc39
Update description:
Update golang-gvisor to 20240408.0
golang-gvisor-20240408.0-1.20240418git9e5a99b.fc40
FEDORA-2024-80e062d21a
Packages in this update:
golang-gvisor-20240408.0-1.20240418git9e5a99b.fc40
Update description:
Update golang-gvisor to 20240408.0
python-reportlab-4.2.0-1.fc39
FEDORA-2024-6ec4e78241
Packages in this update:
python-reportlab-4.2.0-1.fc39
Update description:
Release 4.2.0
python-reportlab-4.2.0-1.fc40
FEDORA-2024-dc844d0669
Packages in this update:
python-reportlab-4.2.0-1.fc40
Update description:
Release 4.2.0
USN-6743-1: Linux kernel vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– JFS file system;
– BPF subsystem;
– Netfilter;
(CVE-2023-52600, CVE-2024-26589, CVE-2024-26591, CVE-2024-26581,
CVE-2023-52603)