Read Time:6 Second
FEDORA-2024-121f5cec9f
Packages in this update:
firefox-125.0-1.fc39
Update description:
New upstream release (125.0)
Category Archives: Advisories
firefox-125.0-1.fc38
Read Time:6 Second
FEDORA-2024-966e16bfa3
Packages in this update:
firefox-125.0-1.fc38
Update description:
New upstream release (125.0)
firefox-125.0-1.fc40
Read Time:6 Second
FEDORA-2024-c6a1d4e0ec
Packages in this update:
firefox-125.0-1.fc40
Update description:
New upstream release (125.0)
DSA-5662-1 apache2 – security update
Read Time:9 Second
Multiple vulnerabilities have been discovered in the Apache HTTP server,
which may result in HTTP response splitting or denial of service.
DSA-5655-2 cockpit – regression update
Read Time:12 Second
The update of cockpit released in DSA 5655-1 did not correctly built
binary packages due to unit test failures when building against libssh
0.10.6. This update corrects that problem.
USN-6734-1: libvirt vulnerabilities
Read Time:29 Second
Alexander Kuznetsov discovered that libvirt incorrectly handled certain API
calls. An attacker could possibly use this issue to cause libvirt to crash,
resulting in a denial of service. (CVE-2024-1441)
It was discovered that libvirt incorrectly handled certain RPC library API
calls. An attacker could possibly use this issue to cause libvirt to crash,
resulting in a denial of service. (CVE-2024-2494)
It was discovered that libvirt incorrectly handled detaching certain host
interfaces. An attacker could possibly use this issue to cause libvirt to
crash, resulting in a denial of service. (CVE-2024-2496)
USN-6733-1: GnuTLS vulnerabilities
Read Time:23 Second
It was discovered that GnuTLS had a timing side-channel when performing
certain ECDSA operations. A remote attacker could possibly use this issue
to recover sensitive information. (CVE-2024-28834)
It was discovered that GnuTLS incorrectly handled verifying certain PEM
bundles. A remote attacker could possibly use this issue to cause GnuTLS to
crash, resulting in a denial of service. This issue only affected Ubuntu
22.04 LTS and Ubuntu 23.10. (CVE-2024-28835)
USN-6732-1: WebKitGTK vulnerabilities
Read Time:15 Second
Several security issues were discovered in the WebKitGTK Web and JavaScript
engines. If a user were tricked into viewing a malicious website, a remote
attacker could exploit a variety of issues related to web browser security,
including cross-site scripting attacks, denial of service attacks, and
arbitrary code execution.
USN-6731-1: YARD vulnerabilities
Read Time:36 Second
It was discovered that YARD before 0.9.11 does not block relative paths
with an initial ../ sequence, which allows attackers to conduct
directory traversal attacks and read arbitrary files. This issue only
affected Ubuntu 16.04 LTS. (CVE-2017-17042)
It was discovered that yard before 0.9.20 is affected by a path
traversal vulnerability, allowing HTTP requests to access arbitrary
files under certain conditions. This issue only affected Ubuntu 18.04
LTS. (CVE-2019-1020001)
Aviv Keller discovered that the “frames.html” file within the Yard
Doc’s generated documentation is vulnerable to Cross-Site Scripting
(XSS) attacks due to inadequate sanitization of user input within the
JavaScript segment of the “frames.erb” template file. (CVE-2024-27285)
ZDI-24-367: (Pwn2Own) Google Chrome V8 Enum Cache Out-Of-Bounds Read Remote Code Execution Vulnerability
Read Time:17 Second
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Google Chrome. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 5.4. The following CVEs are assigned: CVE-2024-3159.