rpm-ostree-2024.4-5.fc40
FEDORA-2024-589189d414 Packages in this update: rpm-ostree-2024.4-5.fc40 Update description: Securit fix for CVE-2024-2905 Backport fix for /etc/[g]shadow permissions Backport patch to fix https://github.com/coreos/rpm-ostree/issues/4879 Read More
xorg-x11-server-Xwayland-22.1.9-7.fc38
FEDORA-2024-1706127797 Packages in this update: xorg-x11-server-Xwayland-22.1.9-7.fc38 Update description: CVE fix for CVE-2024-31080, CVE-2024-31081, CVE-2024-31083, and a fix for a regression introduced with the fix for...
USN-6725-1: Linux kernel vulnerabilities
Chih-Yen Chang discovered that the KSMBD implementation in the Linux kernel did not properly validate certain data structure fields when parsing lease contexts, leading to...
xorg-x11-server-Xwayland-23.2.6-1.fc39
FEDORA-2024-5af98298c7 Packages in this update: xorg-x11-server-Xwayland-23.2.6-1.fc39 Update description: xwayland 23.2.6 - CVE fix for CVE-2024-31080, CVE-2024-31081, CVE-2024-31083 Read More
xorg-x11-server-Xwayland-23.2.6-1.fc40
FEDORA-2024-01a9916e9e Packages in this update: xorg-x11-server-Xwayland-23.2.6-1.fc40 Update description: xwayland 23.2.6 - CVE fix for CVE-2024-31080, CVE-2024-31081, CVE-2024-31083 Read More
USN-6724-1: Linux kernel vulnerabilities
Pratyush Yadav discovered that the Xen network backend implementation in the Linux kernel did not properly handle zero length data request, leading to a null...
USN-6723-1: Bind vulnerabilities
Elias Heftrig, Haya Schulmann, Niklas Vogel, and Michael Waidner discovered that Bind icorrectly handled validating DNSSEC messages. A remote attacker could possibly use this issue...
ZDI-24-364: Arista NG Firewall ReportEntry SQL Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Arista NG Firewall. Authentication is required to exploit this vulnerability. The ZDI...
ZDI-24-363: Microsoft Windows Installer Service Link Following Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code...
ZDI-24-362: Microsoft Azure Private 5G Core InitialUEMessage Improper Input Validation Denial-of-Service Vulnerability
This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Microsoft Azure Private 5G Core. Authentication is not required to exploit...