Fabian Bäumer, Marcus Brinkmann, and Jörg Schwenk discovered that LXD
incorrectly handled the handshake phase and the use of sequence numbers in SSH
Binary Packet Protocol (BPP). If a user or an automated system were tricked
into opening a specially crafted input file, a remote attacker could possibly
use this issue to bypass integrity checks.
Hugo van Kemenade discovered that Pillow was not properly performing
bounds checks when processing an ICC file, which could lead to a buffer
overflow. If a user or automated system were tricked into processing a
specially crafted ICC file, an attacker could possibly use this issue
to cause a denial of service or execute arbitrary code.
sssd-2.9.4-7.fc41
Automatic update for sssd-2.9.4-7.fc41.
* Fri Apr 19 2024 Pavel Březina <pbrezina@redhat.com> – 2.9.4-7
– Fix CVE-2023-3758 (rhbz#2275905)
sssd-2.9.4-7.fc40
Fix CVE-2023-3758 https://bugzilla.redhat.com/show_bug.cgi?id=2275905
sssd-2.9.4-2.fc39
Fix CVE-2023-3758 https://bugzilla.redhat.com/show_bug.cgi?id=2275905
sssd-2.9.4-2.fc38
Fix CVE-2023-3758 https://bugzilla.redhat.com/show_bug.cgi?id=2275905
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Google cAdvisor. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 5.3.
nextcloud-28.0.3-1.fc38
update to 28.0.3
fix CVE-2024-22403
Several vulnerabilities have been discovered in the OpenJDK Java runtime,
which may result in denial of service or information disclosure.
Multiple security issues were discovered in Thunderbird, which could
result in denial of service or the execution of arbitrary code.
