FEDORA-2025-5ef10f8485

Packages in this update:

SDL2_sound-2.0.4-1.fc40

Update description:

Latest stable release from upstream. Changelog: https://github.com/icculus/SDL_sound/releases/tag/v2.0.4 . NOTE: dr_libs are unbundled.

Fixes:
CVE-2023-45676: Multi-byte write heap buffer overflow in start_decoder()
CVE-2023-45677: Heap buffer out of bounds write in start_decoder()
CVE-2023-45679: Attempt to free an uninitialized memory pointer in vorbis_deinit()
CVE-2023-45680: Null pointer dereference in vorbis_deinit()
CVE-2023-45679: Attempt to free an uninitialized memory pointer in vorbis_deinit()
CVE-2023-45680: Null pointer dereference in vorbis_deinit()
CVE-2023-45682: Wild address read in vorbis_decode_packet_rest()

Read More

Wei Hao discovered that PowerDNS Authoritative Server incorrectly handled
memory when accessing certain files. An attacker could possibly use this
issue to achieve arbitrary code execution. (CVE-2018-1046)

It was discovered that PowerDNS Authoritative Server and PowerDNS Recursor
incorrectly handled memory when receiving certain remote input. An attacker
could possibly use this issue to cause denial of service. (CVE-2018-10851)

Kees Monshouwer discovered that PowerDNS Authoritative Server and PowerDNS
Recursor incorrectly handled request validation after having cached
malformed input. An attacker could possibly use this issue to cause denial
of service. (CVE-2018-14626)

Toshifumi Sakaguchi discovered that PowerDNS Recursor incorrectly handled
requests after having cached malformed input. An attacker could possibly
use this issue to cause denial of service. (CVE-2018-14644)

Nathaniel Ferguson discovered that PowerDNS Authoritative Server
incorrectly handled memory when receiving certain remote input. An attacker
could possibly use this issue to obtain sensitive information.
(CVE-2020-17482)

Nicolas Dehaine and Dmitry Shabanov discovered that PowerDNS Authoritative
Server and PowerDNS Recursor incorrectly handled IXFR requests in certain
circumstances. An attacker could possibly use this issue to cause denial of
service. (CVE-2022-27227)

Read More

A CVSS score 6.8 AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Dmitry “InfoSecDJ” Janushkevich of Trend Micro Zero Day Initiative’ was reported to the affected vendor on: 2025-01-14, 0 days ago. The vendor is given until 2025-05-14 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Read More

Several vulnerabilities were discovered in rsync, a fast, versatile,
remote (and local) file-copying tool.

CVE-2024-12084

Simon Scannell, Pedro Gallegos and Jasiel Spelman discovered a
heap-based buffer overflow vulnerability due to improper handling of
attacker-controlled checksum lengths. A remote attacker can take
advantage of this flaw for code execution.

CVE-2024-12085

Simon Scannell, Pedro Gallegos and Jasiel Spelman reported a flaw in
the way rsync compares file checksums, allowing a remote attacker to
trigger an information leak.

CVE-2024-12086

Simon Scannell, Pedro Gallegos and Jasiel Spelman discovered a flaw
which would result in a server leaking contents of an arbitrary file
from the client’s machine.

CVE-2024-12087

Simon Scannell, Pedro Gallegos and Jasiel Spelman reported a path
traversal vulnerability in the rsync daemon affecting the
–inc-recursive option, which could allow a server to write files
outside of the client’s intended destination directory.

CVE-2024-12088

Simon Scannell, Pedro Gallegos and Jasiel Spelman reported that when
using the –safe-links option, rsync fails to properly verify if a
symbolic link destination contains another symbolic link with it,
resulting in path traversal and arbitrary file write outside of the
desired directory.

CVE-2024-12747

Aleksei Gorban “loqpa” discovered a race condition when handling
symbolic links resulting in an information leak which may enable
escalation of privileges.

https://security-tracker.debian.org/tracker/DSA-5843-1

Read More

Kevin Backhouse discovered that HPLIP incorrectly handled certain MDNS
responses. A remote attacker could use this issue to cause HPLIP to crash,
resulting in a denial of service, or possibly execute arbitrary code.

Read More

Several security issues were discovered in the WebKitGTK Web and JavaScript
engines. If a user were tricked into viewing a malicious website, a remote
attacker could exploit a variety of issues related to web browser security,
including cross-site scripting attacks, denial of service attacks, and
arbitrary code execution.

Read More

It was discovered that Roundcube incorrectly handled certain file-based
attachment plugins. An attacker could exploit this to gain unauthorized
access to arbitrary files on the host’s file system.

Read More

USN-6940-1 fixed vulnerabilities in snapd. This update provides the
corresponding updates for Ubuntu 18.04 LTS and Ubuntu 16.04 LTS.

Original advisory details:

Neil McPhail discovered that snapd did not properly restrict writes to
the /home/jslarraz/bin path in the AppArmor profile for snaps using the home
plug. An attacker who could convince a user to install a malicious snap
could use this vulnerability to escape the snap sandbox. (CVE-2024-1724)

Zeyad Gouda discovered that snapd failed to properly check the file type
when extracting a snap. An attacker who could convince a user to install
a malicious snap containing non-regular files could then cause snapd to
block indefinitely while trying to read from such files and cause a
denial of service. (CVE-2024-29068)

Zeyad Gouda discovered that snapd failed to properly check the
destination of symbolic links when extracting a snap. An attacker who
could convince a user to install a malicious snap containing crafted
symbolic links could then cause snapd to write out the contents of the
symbolic link destination into a world-readable directory. This in-turn
could allow a local unprivileged user to gain access to privileged
information. (CVE-2024-29069)

Read More

It was discovered that Expat, contained within the xmltok library,
incorrectly handled malformed XML data. If a user or application were
tricked into opening a crafted XML file, an attacker could cause a denial
of service, or possibly execute arbitrary code. (CVE-2015-1283,
CVE-2016-0718, CVE-2016-4472, CVE-2019-15903)

It was discovered that Expat, contained within the xmltok library,
incorrectly handled XML data containing a large number of colons, which
could lead to excessive resource consumption. If a user or application
were tricked into opening a crafted XML file, an attacker could possibly
use this issue to cause a denial of service. (CVE-2018-20843)

It was discovered that Expat, contained within the xmltok library,
incorrectly handled certain input, which could lead to an integer
overflow. If a user or application were tricked into opening a crafted XML
file, an attacker could possibly use this issue to cause a denial of
service. (CVE-2021-46143, CVE-2022-22822, CVE-2022-22823, CVE-2022-22824,
CVE-2022-22825, CVE-2022-22826, CVE-2022-22827)

Read More

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Google Chrome. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 5.4. The following CVEs are assigned: CVE-2024-2886.

Read More