Read Time:10 Second
FEDORA-2024-86d287b270
Packages in this update:
editorconfig-0.12.7-1.fc40
Update description:
Update to 0.12.7: fix pointer overflow in STRING_CAT; fix a few more stack buffer overflows.
Category Archives: Advisories
emacs-29.3-2.fc40
Read Time:10 Second
FEDORA-2024-7985b5f326
Packages in this update:
emacs-29.3-2.fc40
Update description:
Obsolete the newer emacs-nox now in F39, fixing system upgrades
New upstream release 29.3, fixes rhbz#2271287
chromium-123.0.6312.105-1.fc39
Read Time:15 Second
FEDORA-2024-39b249a59c
Packages in this update:
chromium-123.0.6312.105-1.fc39
Update description:
update to 123.0.6312.105
* High CVE-2024-3156: Inappropriate implementation in V8
* High CVE-2024-3158: Use after free in Bookmarks
* High CVE-2024-3159: Out of bounds memory access in V8
chromium-123.0.6312.105-1.fc38
Read Time:15 Second
FEDORA-2024-5e32ce95a3
Packages in this update:
chromium-123.0.6312.105-1.fc38
Update description:
update to 123.0.6312.105
* High CVE-2024-3156: Inappropriate implementation in V8
* High CVE-2024-3158: Use after free in Bookmarks
* High CVE-2024-3159: Out of bounds memory access in V8
jose-13-1.fc38
Read Time:6 Second
FEDORA-2024-f98bdff610
Packages in this update:
jose-13-1.fc38
Update description:
Security fix for CVE-2023-50967
jose-13-1.fc39
Read Time:6 Second
FEDORA-2024-a94b67a7b2
Packages in this update:
jose-13-1.fc39
Update description:
Security fix for CVE-2023-50967
jose-13-1.fc40
Read Time:6 Second
FEDORA-2024-2cface5aba
Packages in this update:
jose-13-1.fc40
Update description:
Security fix for CVE-2023-50967
LSN-0102-1: Kernel Live Patch Security Notice
Read Time:1 Minute, 22 Second
It was discovered that a race condition existed in the io_uring subsystem
in the Linux kernel, leading to a use-after-free vulnerability. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code.(CVE-2023-1872)
Lonial Con discovered that the netfilter subsystem in the Linux kernel
contained a memory leak when handling certain element flush operations. A
local attacker could use this to expose sensitive information (kernel
memory).(CVE-2023-4569)
It was discovered that the TLS subsystem in the Linux kernel did not
properly perform cryptographic operations in some situations, leading to a
null pointer dereference vulnerability. A local attacker could use this to
cause a denial of service (system crash) or possibly execute arbitrary
code.(CVE-2023-6176)
It was discovered that a race condition existed in the AppleTalk networking
subsystem of the Linux kernel, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code.(CVE-2023-51781)
Jann Horn discovered that the TLS subsystem in the Linux kernel did not
properly handle spliced messages, leading to an out-of-bounds write
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code.(CVE-2024-0646)
Notselwyn discovered that the netfilter subsystem in the Linux kernel did
not properly handle verdict parameters in certain cases, leading to a use-
after-free vulnerability. A local attacker could use this to cause a denial
of service (system crash) or possibly execute arbitrary code.(CVE-2024-1086)
clojure-1.8.0-3.el7
Read Time:7 Second
FEDORA-EPEL-2024-d9102d9191
Packages in this update:
clojure-1.8.0-3.el7
Update description:
Security fix for CVE-2024-22871
Microsoft PlayReady deficiencies / content key sniffing on Windows
Read Time:23 Second
Posted by Security Explorations on Apr 02
Hello All,
It’s been 1.5 years since Microsoft got a notification about PlayReady issues
affecting Canal+ VOD service in Poland [1].
Per information received from Microsoft back then:
1) “to maintain the integrity of the PlayReady ecosystem, the company takes
reports such as (ours) very seriously” (Oct 7, 2022),
2) the STB manufacturer committed to mitigate the incident (Nov 18, 2022).
However, as of late Mar 2024, no change…