This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-9735.
Category Archives: Advisories
ZDI-24-1364: Tungsten Automation Power PDF JP2 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-9744.
ZDI-24-1363: Tungsten Automation Power PDF JP2 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-9751.
ZDI-24-1362: Tungsten Automation Power PDF PDF File Parsing Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-9764.
firefox-flatpak-131.0.2-2
FEDORA-FLATPAK-2024-bf3f610e04
Packages in this update:
firefox-flatpak-131.0.2-2
Update description:
Update to 131.0.2
kernel-6.11.3-300.fc41 kernel-headers-6.11.3-300.fc41
FEDORA-2024-b8b5224019
Packages in this update:
kernel-6.11.3-300.fc41
kernel-headers-6.11.3-300.fc41
Update description:
The 6.11.3 stable kernel update contains a number of important bugfixes across the tree.
rust-hyper-rustls-0.27.3-1.fc39 rust-reqwest-0.12.8-1.fc39 rust-rustls-native-certs-0.8.0-1.fc39 rust-rustls-native-certs0.7-0.7.3-1.fc39 rust-tonic-0.12.3-1.fc39 rust-tonic-build-0.12.3-1.fc39 rust-tonic-types-0.12.3-1.fc39 rust-tower-0.5.1-1.fc39 rust-tower-http-0.6.1-1.fc39 rust-tower-http0.5-0.5.2-1.fc39 rust-tower0.4-0.4.13-1.fc39
FEDORA-2024-ff98facbc6
Packages in this update:
rust-hyper-rustls-0.27.3-1.fc39
rust-reqwest-0.12.8-1.fc39
rust-rustls-native-certs0.7-0.7.3-1.fc39
rust-rustls-native-certs-0.8.0-1.fc39
rust-tonic-0.12.3-1.fc39
rust-tonic-build-0.12.3-1.fc39
rust-tonic-types-0.12.3-1.fc39
rust-tower0.4-0.4.13-1.fc39
rust-tower-0.5.1-1.fc39
rust-tower-http0.5-0.5.2-1.fc39
rust-tower-http-0.6.1-1.fc39
Update description:
Update the hyper-rustls crate to version 0.27.3.
Update the reqwest crate to version 0.12.8.
Update the rustls-native-certs crate to version 0.8.0 and add a compat package for version 0.7.
Update the tonic, tonic-build, and tonic-types crates to version 0.12.3.
Update the tower crate to version 0.5.1 and add a compat package for version 0.4.
Update the tower-http crate to version 0.6.1 and add a compat package for version 0.5.
rust-hyper-rustls-0.27.3-1.fc40 rust-reqwest-0.12.8-1.fc40 rust-rustls-native-certs-0.8.0-1.fc40 rust-rustls-native-certs0.7-0.7.3-1.fc40 rust-tonic-0.12.3-1.fc40 rust-tonic-build-0.12.3-1.fc40 rust-tonic-types-0.12.3-1.fc40 rust-tower-0.5.1-1.fc40 rust-tower-http-0.6.1-1.fc40 rust-tower-http0.5-0.5.2-1.fc40 rust-tower0.4-0.4.13-1.fc40
FEDORA-2024-bf524bf5c0
Packages in this update:
rust-hyper-rustls-0.27.3-1.fc40
rust-reqwest-0.12.8-1.fc40
rust-rustls-native-certs0.7-0.7.3-1.fc40
rust-rustls-native-certs-0.8.0-1.fc40
rust-tonic-0.12.3-1.fc40
rust-tonic-build-0.12.3-1.fc40
rust-tonic-types-0.12.3-1.fc40
rust-tower0.4-0.4.13-1.fc40
rust-tower-0.5.1-1.fc40
rust-tower-http0.5-0.5.2-1.fc40
rust-tower-http-0.6.1-1.fc40
Update description:
Update the hyper-rustls crate to version 0.27.3.
Update the reqwest crate to version 0.12.8.
Update the rustls-native-certs crate to version 0.8.0 and add a compat package for version 0.7.
Update the tonic, tonic-build, and tonic-types crates to version 0.12.3.
Update the tower crate to version 0.5.1 and add a compat package for version 0.4.
Update the tower-http crate to version 0.6.1 and add a compat package for version 0.5.
rust-hyper-rustls-0.27.3-1.fc41 rust-reqwest-0.12.8-1.fc41 rust-rustls-native-certs-0.8.0-1.fc41 rust-rustls-native-certs0.7-0.7.3-1.fc41 rust-tonic-0.12.3-1.fc41 rust-tonic-build-0.12.3-1.fc41 rust-tonic-types-0.12.3-1.fc41 rust-tower-0.5.1-1.fc41 rust-tower-http-0.6.1-1.fc41 rust-tower-http0.5-0.5.2-1.fc41 rust-tower0.4-0.4.13-1.fc41
FEDORA-2024-347164df1c
Packages in this update:
rust-hyper-rustls-0.27.3-1.fc41
rust-reqwest-0.12.8-1.fc41
rust-rustls-native-certs0.7-0.7.3-1.fc41
rust-rustls-native-certs-0.8.0-1.fc41
rust-tonic-0.12.3-1.fc41
rust-tonic-build-0.12.3-1.fc41
rust-tonic-types-0.12.3-1.fc41
rust-tower0.4-0.4.13-1.fc41
rust-tower-0.5.1-1.fc41
rust-tower-http0.5-0.5.2-1.fc41
rust-tower-http-0.6.1-1.fc41
Update description:
Update the hyper-rustls crate to version 0.27.3.
Update the reqwest crate to version 0.12.8.
Update the rustls-native-certs crate to version 0.8.0 and add a compat package for version 0.7.
Update the tonic, tonic-build, and tonic-types crates to version 0.12.3.
Update the tower crate to version 0.5.1 and add a compat package for version 0.4.
Update the tower-http crate to version 0.6.1 and add a compat package for version 0.5.
rust-hyper-rustls-0.27.3-1.fc42 rust-reqwest-0.12.8-1.fc42 rust-rustls-native-certs-0.8.0-1.fc42 rust-rustls-native-certs0.7-0.7.3-1.fc42 rust-tonic-0.12.3-1.fc42 rust-tonic-build-0.12.3-1.fc42 rust-tonic-types-0.12.3-1.fc42 rust-tower-0.5.1-1.fc42 rust-tower-http-0.6.1-1.fc42 rust-tower-http0.5-0.5.2-1.fc42 rust-tower0.4-0.4.13-1.fc42
FEDORA-2024-04061a7ae3
Packages in this update:
rust-hyper-rustls-0.27.3-1.fc42
rust-reqwest-0.12.8-1.fc42
rust-rustls-native-certs0.7-0.7.3-1.fc42
rust-rustls-native-certs-0.8.0-1.fc42
rust-tonic-0.12.3-1.fc42
rust-tonic-build-0.12.3-1.fc42
rust-tonic-types-0.12.3-1.fc42
rust-tower0.4-0.4.13-1.fc42
rust-tower-0.5.1-1.fc42
rust-tower-http0.5-0.5.2-1.fc42
rust-tower-http-0.6.1-1.fc42
Update description:
Update the hyper-rustls crate to version 0.27.3.
Update the reqwest crate to version 0.12.8.
Update the rustls-native-certs crate to version 0.8.0 and add a compat package for version 0.7.
Update the tonic, tonic-build, and tonic-types crates to version 0.12.3.
Update the tower crate to version 0.5.1 and add a compat package for version 0.4.
Update the tower-http crate to version 0.6.1 and add a compat package for version 0.5.