FEDORA-2024-d85c1f7450
Packages in this update:
putty-0.81-1.fc40
Update description:
Security fix for CVE-2024-31497.
putty-0.81-1.fc40
Security fix for CVE-2024-31497.
Pratyush Yadav discovered that the Xen network backend implementation in
the Linux kernel did not properly handle zero length data request, leading
to a null pointer dereference vulnerability. An attacker in a guest VM
could possibly use this to cause a denial of service (host domain crash).
(CVE-2023-46838)
It was discovered that the IPv6 implementation of the Linux kernel did not
properly manage route cache memory usage. A remote attacker could use this
to cause a denial of service (memory exhaustion). (CVE-2023-52340)
It was discovered that the device mapper driver in the Linux kernel did not
properly validate target size during certain memory allocations. A local
attacker could use this to cause a denial of service (system crash).
(CVE-2023-52429, CVE-2024-23851)
Dan Carpenter discovered that the netfilter subsystem in the Linux kernel
did not store data in properly sized memory locations. A local user could
use this to cause a denial of service (system crash). (CVE-2024-0607)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– Architecture specifics;
– Cryptographic API;
– Android drivers;
– EDAC drivers;
– GPU drivers;
– Media drivers;
– MTD block device drivers;
– Network drivers;
– NVME drivers;
– TTY drivers;
– Userspace I/O drivers;
– F2FS file system;
– GFS2 file system;
– IPv6 Networking;
– AppArmor security module;
(CVE-2023-52464, CVE-2023-52448, CVE-2023-52457, CVE-2023-52443,
CVE-2023-52439, CVE-2023-52612, CVE-2024-26633, CVE-2024-26597,
CVE-2023-52449, CVE-2023-52444, CVE-2023-52609, CVE-2023-52469,
CVE-2023-52445, CVE-2023-52451, CVE-2023-52470, CVE-2023-52454,
CVE-2023-52436, CVE-2023-52438)
Multiple vulnerabilities have been discovered in Google Chrome, which could allow for remote code execution. Successful exploitation of these vulnerabilities could allow for remote code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
grub2-2.06-118.fc38
Security fix for CVE-2023-4692
Security fix for CVE-2023-4693
Fri Mar 08 2024 Nicolas Frayer nfrayer@redhat.com – 2.06-118
fs/xfs: Handle non-continuous data blocks in directory extents
Related: #2254370
Fri Mar 08 2024 Nicolas Frayer nfrayer@redhat.com – 2.06-117
GRUB2 NTFS driver vulnerabilities
(CVE-2023-4692)
(CVE-2023-4693)
Resolves: #2236613
Resolves: #2241978
Resolves: #2241976
Resolves: #2238343
grub2-2.06-120.fc39
Security fix for CVE-2023-4692
Security fix for CVE-2023-4693
Fri Apr 12 2024 Nicolas Frayer nfrayer@redhat.com – 2.06-120
fs/xfs: Handle non-continuous data blocks in directory extents
Related: #2254370
Fri Mar 08 2024 Nicolas Frayer nfrayer@redhat.com – 2.06-119
GRUB2 NTFS driver vulnerabilities
(CVE-2023-4692)
(CVE-2023-4693)
Resolves: #2236613
Resolves: #2241978
Resolves: #2241976
Resolves: #2238343
grub2-2.06-121.fc40
Security fix for CVE-2023-4692
Security fix for CVE-2023-4693
Fri Apr 12 2024 Nicolas Frayer nfrayer@redhat.com – 2.06-121
fs/xfs: Handle non-continuous data blocks in directory extents
Related: #2254370
Fri Mar 08 2024 Nicolas Frayer nfrayer@redhat.com – 2.06-120
GRUB2 NTFS driver vulnerabilities
(CVE-2023-4692)
(CVE-2023-4693)
Resolves: #2236613
Resolves: #2241978
Resolves: #2241976
Resolves: #2238343
freerdp-3.5.0-1.fc40
Update to 3.5.0 (CVE-2024-32039, CVE-2024-32040, CVE-2024-32041, CVE-2024-32458, CVE-2024-32459, CVE-2024-32460)
squid-6.9-1.fc39
New squid 6.9
security update
squid-6.9-1.fc38
New squid 6.9
security update
Multiple security issues have been found in the Mozilla Firefox web
browser, which could potentially result in the execution of arbitrary
code or clickjacking.