xen-4.17.4-1.fc39
x86: Native Branch History Injection [XSA-456, CVE-2024-2201]
update to xen 4.17.4, remove patches now included upstream
rebase xen.gcc12.fixes.patch
x86 HVM hypercalls may trigger Xen bug check [XSA-454, CVE-2023-46842]
x86: Incorrect logic for BTC/SRSO mitigations [XSA-455, CVE-2024-31142]
Note: Due to an issue with the initial package, WordPress 6.5.1 was not released. 6.5.2 is the first minor release for WordPress 6.5.
This security and maintenance release features 2 bug fixes on Core, 12 bug fixes for the Block Editor, and 1 security fix.
Because this is a security release, it is recommended that you update your sites immediately. Backports are also available for other major WordPress releases, 6.1 and later.
You can download WordPress 6.5.2 from WordPress.org, or visit your WordPress Dashboard, click “Updates”, and then click “Update Now”. If you have sites that support automatic background updates, the update process will begin automatically.
WordPress 6.5.2 is a short-cycle release. The next major release will be version 6.6 and is currently planned for 16 July 2024.
The security team would like to thank the following people for responsibly reporting vulnerabilities, and allowing them to be fixed in this release:
A cross-site scripting (XSS) vulnerability affecting the Avatar block type; reported by John Blackbourn of the WordPress security team. Many thanks to Mat Rollings for assisting with the research.
This release was led by John Blackbourn, Isabel Brison, and Aaron Jorbin.
WordPress 6.5.2 would not have been possible without the contributions of the following people. Their asynchronous coordination to deliver maintenance and security fixes into a stable release is a testament to the power and capability of the WordPress community.
Aaron Jorbin, Aki Hamano, Andrei Draganescu, Artemio Morales, Caleb Burks, colind, Daniel Richards, Dominik Schilling, Fabian Kägy, George Mamadashvili, Greg Ziółkowski, Isabel Brison, Jb Audras, Joe McGill, John Blackbourn, Jonathan Desrosiers, Lovekesh Kumar, Matias Benedetto, Mukesh Panchal, Pascal Birchler, Peter Wilson, Sean Fisher, Sergey Biryukov, Scott Reilly
To get involved in WordPress core development, head over to Trac, pick a ticket, and join the conversation in the #core channel. Need help? Check out the Core Contributor Handbook.
Thanks to John Blackbourn, Ehtisham S., Jb Audras, and Angela Jin for proofreading.
xen-4.18.2-1.fc40
x86: Native Branch History Injection [XSA-456, CVE-2024-2201]
update to xen 4.18.2, remove patches now included upstream
x86 HVM hypercalls may trigger Xen bug check [XSA-454, CVE-2023-46842]
x86: Incorrect logic for BTC/SRSO mitigations [XSA-455, CVE-2024-31142]
USN-6721-1 fixed vulnerabilities in X.Org X Server. That fix was incomplete
resulting in a regression. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
It was discovered that X.Org X Server incorrectly handled certain data.
An attacker could possibly use this issue to expose sensitive information.
(CVE-2024-31080, CVE-2024-31081, CVE-2024-31082)
It was discovered that X.Org X Server incorrectly handled certain glyphs.
An attacker could possibly use this issue to cause a crash or expose sensitive
information. (CVE-2024-31083)
Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for arbitrary code execution.
Adobe After Effects is a digital visual effects, motion graphics, and compositing application.
Adobe Photoshop is a raster graphics editor.
Adobe Commerce is a flexible and scalable commerce platform that lets you create personalized B2B and B2C experiences.
Adobe InDesign is a desktop publishing and page layout designing software application.
Adobe Experience Manager is an all-in-one software suite used for content and asset management.
Adobe Media Encoder is an audio/video media processing program that allows users to convert files into other types of files.
Adobe Bridge is used to preview, organize, edit, and publish assets.
Adobe Illustrator is a vector graphics editor and design software.
Adobe Animate is used to create vector graphics and interactive content.
Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights
Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
abseil-cpp-20240116.2-1.fc40
Update to 20240116.2: fixes possible out-of-bounds string access as described in https://github.com/abseil/abseil-cpp/pull/1650.
emacs-29.3-5.fc40
Select correct Emacs binary on X11.
Obsolete the newer emacs-nox now in F39, fixing system upgrades
New upstream release 29.3, fixes rhbz#2271287
Ruihan Li discovered that the bluetooth subsystem in the Linux kernel did
not properly perform permissions checks when handling HCI sockets. A
physically proximate attacker could use this to cause a denial of service
(bluetooth communication). (CVE-2023-2002)
It was discovered that the NVIDIA Tegra XUSB pad controller driver in the
Linux kernel did not properly handle return values in certain error
conditions. A local attacker could use this to cause a denial of service
(system crash). (CVE-2023-23000)
It was discovered that Spectre-BHB mitigations were missing for Ampere
processors. A local attacker could potentially use this to expose sensitive
information. (CVE-2023-3006)
It was discovered that the ext4 file system implementation in the Linux
kernel did not properly handle block device modification while it is
mounted. A privileged attacker could use this to cause a denial of service
(system crash) or possibly expose sensitive information. (CVE-2023-34256)
Eric Dumazet discovered that the netfilter subsystem in the Linux kernel
did not properly handle DCCP conntrack buffers in certain situations,
leading to an out-of-bounds read vulnerability. An attacker could possibly
use this to expose sensitive information (kernel memory). (CVE-2023-39197)
It was discovered that the Siano USB MDTV receiver device driver in the
Linux kernel did not properly handle device initialization failures in
certain situations, leading to a use-after-free vulnerability. A physically
proximate attacker could use this cause a denial of service (system crash).
(CVE-2023-4132)
Pratyush Yadav discovered that the Xen network backend implementation in
the Linux kernel did not properly handle zero length data request, leading
to a null pointer dereference vulnerability. An attacker in a guest VM
could possibly use this to cause a denial of service (host domain crash).
(CVE-2023-46838)
It was discovered that a race condition existed in the AppleTalk networking
subsystem of the Linux kernel, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2023-51781)
Alon Zahavi discovered that the NVMe-oF/TCP subsystem of the Linux kernel
did not properly handle connect command payloads in certain situations,
leading to an out-of-bounds read vulnerability. A remote attacker could use
this to expose sensitive information (kernel memory). (CVE-2023-6121)
It was discovered that the ext4 file system implementation in the Linux
kernel did not properly handle the remount operation in certain cases,
leading to a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or possibly expose sensitive
information. (CVE-2024-0775)
Notselwyn discovered that the netfilter subsystem in the Linux kernel did
not properly handle verdict parameters in certain cases, leading to a use-
after-free vulnerability. A local attacker could use this to cause a denial
of service (system crash) or possibly execute arbitrary code.
(CVE-2024-1086)
It was discovered that a race condition existed in the SCSI Emulex
LightPulse Fibre Channel driver in the Linux kernel when unregistering FCF
and re-scanning an HBA FCF table, leading to a null pointer dereference
vulnerability. A local attacker could use this to cause a denial of service
(system crash). (CVE-2024-24855)
Pratyush Yadav discovered that the Xen network backend implementation in
the Linux kernel did not properly handle zero length data request, leading
to a null pointer dereference vulnerability. An attacker in a guest VM
could possibly use this to cause a denial of service (host domain crash).
(CVE-2023-46838)
It was discovered that the IPv6 implementation of the Linux kernel did not
properly manage route cache memory usage. A remote attacker could use this
to cause a denial of service (memory exhaustion). (CVE-2023-52340)
It was discovered that the device mapper driver in the Linux kernel did not
properly validate target size during certain memory allocations. A local
attacker could use this to cause a denial of service (system crash).
(CVE-2023-52429, CVE-2024-23851)
Dan Carpenter discovered that the netfilter subsystem in the Linux kernel
did not store data in properly sized memory locations. A local user could
use this to cause a denial of service (system crash). (CVE-2024-0607)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– Architecture specifics;
– Cryptographic API;
– Android drivers;
– EDAC drivers;
– GPU drivers;
– Media drivers;
– MTD block device drivers;
– Network drivers;
– NVME drivers;
– TTY drivers;
– Userspace I/O drivers;
– F2FS file system;
– GFS2 file system;
– IPv6 Networking;
– AppArmor security module;
(CVE-2023-52464, CVE-2023-52448, CVE-2023-52457, CVE-2023-52443,
CVE-2023-52439, CVE-2023-52612, CVE-2024-26633, CVE-2024-26597,
CVE-2023-52449, CVE-2023-52444, CVE-2023-52609, CVE-2023-52469,
CVE-2023-52445, CVE-2023-52451, CVE-2023-52470, CVE-2023-52454,
CVE-2023-52436, CVE-2023-52438)
