Read Time:7 Second
FEDORA-2024-43ea98691e
Packages in this update:
flatpak-1.15.8-1.fc40
Update description:
Update to 1.15.8
Fixes CVE-2024-32462
Category Archives: Advisories
ZDI-24-368: GStreamer AV1 Video Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
Read Time:15 Second
This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The ZDI has assigned a CVSS rating of 7.5. The following CVEs are assigned: CVE-2023-50186.
DSA-5666-1 flatpak – security update
Read Time:10 Second
Gergo Koteles discovered that sandbox restrictions in Flatpak, an
application deployment framework for desktop apps, could by bypassed in
combination with xdg-desktop-portal.
DSA-5667-1 tomcat9 – security update
Read Time:42 Second
Several security vulnerabilities have been discovered in the Tomcat
servlet and JSP engine.
CVE-2023-46589
Tomcat 9 did not correctly parse HTTP trailer headers. A trailer header
that exceeded the header size limit could cause Tomcat to treat a single
request as multiple requests leading to the possibility of request
smuggling when behind a reverse proxy.
CVE-2024-24549
Denial of Service due to improper input validation vulnerability for
HTTP/2. When processing an HTTP/2 request, if the request exceeded any of
the configured limits for headers, the associated HTTP/2 stream was not
reset until after all of the headers had been processed.
CVE-2024-23672
Denial of Service via incomplete cleanup vulnerability. It was possible
for WebSocket clients to keep WebSocket connections open leading to
increased resource consumption.
chromium-124.0.6367.60-1.fc38
Read Time:44 Second
FEDORA-2024-5d8f4f86b0
Packages in this update:
chromium-124.0.6367.60-1.fc38
Update description:
update to 124.0.6367.60
High CVE-2024-3832: Object corruption in V8
High CVE-2024-3833: Object corruption in WebAssembly
High CVE-2024-3914: Use after free in V8
High CVE-2024-3834: Use after free in Downloads
Medium CVE-2024-3837: Use after free in QUIC
Medium CVE-2024-3838: Inappropriate implementation in Autofill
Medium CVE-2024-3839: Out of bounds read in Fonts
Medium CVE-2024-3840: Insufficient policy enforcement in Site Isolation
Medium CVE-2024-3841: Insufficient data validation in Browser Switcher
Medium CVE-2024-3843: Insufficient data validation in Downloads
Low CVE-2024-3844: Inappropriate implementation in Extensions
Low CVE-2024-3845: Inappropriate implementation in Network
Low CVE-2024-3846: Inappropriate implementation in Prompts
Low CVE-2024-3847: Insufficient policy enforcement in WebUI
chromium-124.0.6367.60-2.fc39
Read Time:44 Second
FEDORA-2024-12edb9dec8
Packages in this update:
chromium-124.0.6367.60-2.fc39
Update description:
update to 124.0.6367.60
High CVE-2024-3832: Object corruption in V8
High CVE-2024-3833: Object corruption in WebAssembly
High CVE-2024-3914: Use after free in V8
High CVE-2024-3834: Use after free in Downloads
Medium CVE-2024-3837: Use after free in QUIC
Medium CVE-2024-3838: Inappropriate implementation in Autofill
Medium CVE-2024-3839: Out of bounds read in Fonts
Medium CVE-2024-3840: Insufficient policy enforcement in Site Isolation
Medium CVE-2024-3841: Insufficient data validation in Browser Switcher
Medium CVE-2024-3843: Insufficient data validation in Downloads
Low CVE-2024-3844: Inappropriate implementation in Extensions
Low CVE-2024-3845: Inappropriate implementation in Network
Low CVE-2024-3846: Inappropriate implementation in Prompts
Low CVE-2024-3847: Insufficient policy enforcement in WebUI
python-idna-3.7-1.fc38
Read Time:8 Second
FEDORA-2024-73644489ec
Packages in this update:
python-idna-3.7-1.fc38
Update description:
Update to 3.7 (rhbz#2274439), security fix for CVE-2024-3651
python-idna-3.7-1.fc39
Read Time:8 Second
FEDORA-2024-9176fdb518
Packages in this update:
python-idna-3.7-1.fc39
Update description:
Update to 3.7 (rhbz#2274439), security fix for CVE-2024-3651
USN-6737-1: GNU C Library vulnerability
Read Time:12 Second
Charles Fol discovered that the GNU C Library iconv feature incorrectly
handled certain input sequences. An attacker could use this issue to cause
the GNU C Library to crash, resulting in a denial of service, or possibly
execute arbitrary code.
glibc-2.37-19.fc38
Read Time:10 Second
FEDORA-2024-f7ae5df88d
Packages in this update:
glibc-2.37-19.fc38
Update description:
This update includes several bug fixes from the upstream glibc release branch, including a fix for CVE-2024-2961.