Category Archives: Advisories

Advisories

etcd-3.5.13-1.fc41

Read Time:25 Second

FEDORA-2024-cc8fcab025

Packages in this update:

etcd-3.5.13-1.fc41

Update description:

Automatic update for etcd-3.5.13-1.fc41.

Changelog

* Tue Apr 16 2024 Mikel Olasagasti Uranga <mikel@olasagasti.info> – 3.5.13-1
– Update to 3.5.13 – Closes rhbz#2225797 rhbz#2171486 rhbz#2170782
rhbz#2236640 rhbz#2243321 rhbz#2248266 rhbz#2251230
* Tue Apr 16 2024 Pete Zaitcev <zaitcev@kotori.zaitcev.us> – 3.5.11-1
– Update to 3.5.11

Read More

Advisories

Multiple Vulnerabilities in Mozilla Products Could Allow for Arbitrary Code Execution

Read Time:36 Second

Multiple vulnerabilities have been discovered in Mozilla products, the most severe of which could allow for arbitrary code execution.

Mozilla Firefox is a web browser used to access the Internet.
Mozilla Firefox ESR is a version of the web browser intended to be deployed in large organizations.
Mozilla Thunderbird is an email client.

Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Read More

Advisories

USN-6736-1: klibc vulnerabilities

Read Time:32 Second

It was discovered that zlib, vendored in klibc, incorrectly handled pointer
arithmetic. An attacker could use this issue to cause klibc to crash or to
possibly execute arbitrary code. (CVE-2016-9840, CVE-2016-9841)

Danilo Ramos discovered that zlib, vendored in klibc, incorrectly handled
memory when performing certain deflating operations. An attacker could use
this issue to cause klibc to crash or to possibly execute arbitrary code.
(CVE-2018-25032)

Evgeny Legerov discovered that zlib, vendored in klibc, incorrectly handled
memory when performing certain inflate operations. An attacker could use
this issue to cause klibc to crash or to possibly execute arbitrary code.
(CVE-2022-37434)

Read More

Advisories

USN-6735-1: Node.js vulnerabilities

Read Time:44 Second

It was discovered that Node.js incorrectly handled the use of invalid public
keys while creating an x509 certificate. If a user or an automated system were
tricked into opening a specially crafted input file, a remote attacker could
possibly use this issue to cause a denial of service. This issue only affected
Ubuntu 23.10. (CVE-2023-30588)

It was discovered that Node.js incorrectly handled the use of CRLF sequences to
delimit HTTP requests. If a user or an automated system were tricked into
opening a specially crafted input file, a remote attacker could possibly use
this issue to obtain unauthorised access. This issue only affected
Ubuntu 23.10. (CVE-2023-30589)

It was discovered that Node.js incorrectly described the generateKeys()
function in the documentation. This inconsistency could possibly lead to
security issues in applications that use these APIs.
(CVE-2023-30590)

Read More