Category Archives: Advisories

Advisories

DSA-5667-1 tomcat9 – security update

Read Time:42 Second

Several security vulnerabilities have been discovered in the Tomcat
servlet and JSP engine.

CVE-2023-46589

Tomcat 9 did not correctly parse HTTP trailer headers. A trailer header
that exceeded the header size limit could cause Tomcat to treat a single
request as multiple requests leading to the possibility of request
smuggling when behind a reverse proxy.

CVE-2024-24549

Denial of Service due to improper input validation vulnerability for
HTTP/2. When processing an HTTP/2 request, if the request exceeded any of
the configured limits for headers, the associated HTTP/2 stream was not
reset until after all of the headers had been processed.

CVE-2024-23672

Denial of Service via incomplete cleanup vulnerability. It was possible
for WebSocket clients to keep WebSocket connections open leading to
increased resource consumption.

https://security-tracker.debian.org/tracker/DSA-5667-1

Read More

Advisories

chromium-124.0.6367.60-1.fc38

Read Time:44 Second

FEDORA-2024-5d8f4f86b0

Packages in this update:

chromium-124.0.6367.60-1.fc38

Update description:

update to 124.0.6367.60

High CVE-2024-3832: Object corruption in V8
High CVE-2024-3833: Object corruption in WebAssembly
High CVE-2024-3914: Use after free in V8
High CVE-2024-3834: Use after free in Downloads
Medium CVE-2024-3837: Use after free in QUIC
Medium CVE-2024-3838: Inappropriate implementation in Autofill
Medium CVE-2024-3839: Out of bounds read in Fonts
Medium CVE-2024-3840: Insufficient policy enforcement in Site Isolation
Medium CVE-2024-3841: Insufficient data validation in Browser Switcher
Medium CVE-2024-3843: Insufficient data validation in Downloads
Low CVE-2024-3844: Inappropriate implementation in Extensions
Low CVE-2024-3845: Inappropriate implementation in Network
Low CVE-2024-3846: Inappropriate implementation in Prompts
Low CVE-2024-3847: Insufficient policy enforcement in WebUI

Read More

Advisories

chromium-124.0.6367.60-2.fc39

Read Time:44 Second

FEDORA-2024-12edb9dec8

Packages in this update:

chromium-124.0.6367.60-2.fc39

Update description:

update to 124.0.6367.60

High CVE-2024-3832: Object corruption in V8
High CVE-2024-3833: Object corruption in WebAssembly
High CVE-2024-3914: Use after free in V8
High CVE-2024-3834: Use after free in Downloads
Medium CVE-2024-3837: Use after free in QUIC
Medium CVE-2024-3838: Inappropriate implementation in Autofill
Medium CVE-2024-3839: Out of bounds read in Fonts
Medium CVE-2024-3840: Insufficient policy enforcement in Site Isolation
Medium CVE-2024-3841: Insufficient data validation in Browser Switcher
Medium CVE-2024-3843: Insufficient data validation in Downloads
Low CVE-2024-3844: Inappropriate implementation in Extensions
Low CVE-2024-3845: Inappropriate implementation in Network
Low CVE-2024-3846: Inappropriate implementation in Prompts
Low CVE-2024-3847: Insufficient policy enforcement in WebUI

Read More

Advisories

glibc-2.37-19.fc38

Read Time:10 Second

FEDORA-2024-f7ae5df88d

Packages in this update:

glibc-2.37-19.fc38

Update description:

This update includes several bug fixes from the upstream glibc release branch, including a fix for CVE-2024-2961.

Read More

Advisories

glibc-2.38-18.fc39

Read Time:10 Second

FEDORA-2024-9be1b94714

Packages in this update:

glibc-2.38-18.fc39

Update description:

This update includes several bug fixes from the upstream glibc release branch, including a fix for CVE-2024-2961.

Read More