A vulnerability has been discovered in PAN-OS that could allow for arbitrary code execution. PAN-OS is the software that runs all Palo Alto Networks next-generation firewalls. Successful exploitation of this vulnerability could allow for arbitrary code execution in the context of the root user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Read More

FEDORA-2024-6dab59bd47

Packages in this update:

curl-8.2.1-5.fc39

Update description:

fix Usage of disabled protocol (CVE-2024-2004)
fix HTTP/2 push headers memory-leak (CVE-2024-2398)

Read More

FEDORA-EPEL-2024-5fc8709aa5

Packages in this update:

python-pycryptodomex-3.20.0-1.el9

Update description:

CVE-2023-52323

Read More

FEDORA-EPEL-2024-ce142428af

Packages in this update:

llhttp-9.2.1-1.el9
python-aiohttp-3.9.3-2.el9

Update description:

Update llhttp to 9.2.1, fixing CVE-2024-27982.

Additionally, llhttp 9.2.0 contained a number of bug fixes.

Backport llhttp 9.2.1 support to python-aiohttp 3.9.3.

Read More

Several vulnerabilities were discovered in the Xorg X server, which may
result in privilege escalation if the X server is running privileged
or denial of service.

https://security-tracker.debian.org/tracker/DSA-5657-1

Read More

It was discovered that Apache Maven Shared Utils did not handle double-quoted
strings properly, allowing shell injection attacks. This could allow an
attacker to run arbitrary code.

Read More

FEDORA-2024-f83b123d63

Packages in this update:

llhttp-9.2.1-1.fc39
python-aiohttp-3.9.3-3.fc39
uxplay-1.68.2-3.fc39

Update description:

Update llhttp to 9.2.1, fixing CVE-2024-27982.

Additionally, llhttp 9.2.0 contained a number of bug fixes.

Backport llhttp 9.2.1 support to python-aiohttp 3.9.3.

Read More

FEDORA-2024-5dc487ee89

Packages in this update:

llhttp-9.2.1-1.fc38
python-aiohttp-3.9.3-3.fc38
uxplay-1.68.2-3.fc38

Update description:

Update llhttp to 9.2.1, fixing CVE-2024-27982.

Additionally, llhttp 9.2.0 contained a number of bug fixes.

Backport llhttp 9.2.1 support to python-aiohttp 3.9.3.

Read More

USN-6727-1 fixed vulnerabilities in NSS. The update introduced a regression
when trying to load security modules on Ubuntu 20.04 LTS and Ubuntu 22.04
LTS. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

It was discovered that NSS incorrectly handled padding when checking PKCS#1
certificates. A remote attacker could possibly use this issue to perform
Bleichenbacher-like attacks and recover private data. This issue only
affected Ubuntu 20.04 LTS. (CVE-2023-4421)

It was discovered that NSS had a timing side-channel when performing RSA
decryption. A remote attacker could possibly use this issue to recover
private data. (CVE-2023-5388)

It was discovered that NSS had a timing side-channel when using certain
NIST curves. A remote attacker could possibly use this issue to recover
private data. (CVE-2023-6135)

The NSS package contained outdated CA certificates. This update refreshes
the NSS package to version 3.98 which includes the latest CA certificate
bundle and other security improvements.

Read More

Orange Tsai discovered that the Apache HTTP Server incorrectly handled
validating certain input. A remote attacker could possibly use this
issue to perform HTTP request splitting attacks. (CVE-2023-38709)

Keran Mu and Jianjun Chen discovered that the Apache HTTP Server
incorrectly handled validating certain input. A remote attacker could
possibly use this issue to perform HTTP request splitting attacks.
(CVE-2024-24795)

Bartek Nowotarski discovered that the Apache HTTP Server HTTP/2 module
incorrectly handled endless continuation frames. A remote attacker could
possibly use this issue to cause the server to consume resources, leading
to a denial of service. (CVE-2024-27316)

Read More