Read Time:6 Second
FEDORA-2024-f98bdff610
Packages in this update:
jose-13-1.fc38
Update description:
Security fix for CVE-2023-50967
Category Archives: Advisories
jose-13-1.fc39
Read Time:6 Second
FEDORA-2024-a94b67a7b2
Packages in this update:
jose-13-1.fc39
Update description:
Security fix for CVE-2023-50967
jose-13-1.fc40
Read Time:6 Second
FEDORA-2024-2cface5aba
Packages in this update:
jose-13-1.fc40
Update description:
Security fix for CVE-2023-50967
LSN-0102-1: Kernel Live Patch Security Notice
Read Time:1 Minute, 22 Second
It was discovered that a race condition existed in the io_uring subsystem
in the Linux kernel, leading to a use-after-free vulnerability. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code.(CVE-2023-1872)
Lonial Con discovered that the netfilter subsystem in the Linux kernel
contained a memory leak when handling certain element flush operations. A
local attacker could use this to expose sensitive information (kernel
memory).(CVE-2023-4569)
It was discovered that the TLS subsystem in the Linux kernel did not
properly perform cryptographic operations in some situations, leading to a
null pointer dereference vulnerability. A local attacker could use this to
cause a denial of service (system crash) or possibly execute arbitrary
code.(CVE-2023-6176)
It was discovered that a race condition existed in the AppleTalk networking
subsystem of the Linux kernel, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code.(CVE-2023-51781)
Jann Horn discovered that the TLS subsystem in the Linux kernel did not
properly handle spliced messages, leading to an out-of-bounds write
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code.(CVE-2024-0646)
Notselwyn discovered that the netfilter subsystem in the Linux kernel did
not properly handle verdict parameters in certain cases, leading to a use-
after-free vulnerability. A local attacker could use this to cause a denial
of service (system crash) or possibly execute arbitrary code.(CVE-2024-1086)
clojure-1.8.0-3.el7
Read Time:7 Second
FEDORA-EPEL-2024-d9102d9191
Packages in this update:
clojure-1.8.0-3.el7
Update description:
Security fix for CVE-2024-22871
Microsoft PlayReady deficiencies / content key sniffing on Windows
Read Time:23 Second
Posted by Security Explorations on Apr 02
Hello All,
It’s been 1.5 years since Microsoft got a notification about PlayReady issues
affecting Canal+ VOD service in Poland [1].
Per information received from Microsoft back then:
1) “to maintain the integrity of the PlayReady ecosystem, the company takes
reports such as (ours) very seriously” (Oct 7, 2022),
2) the STB manufacturer committed to mitigate the incident (Nov 18, 2022).
However, as of late Mar 2024, no change…
DSA-5653-1 gtkwave – security update
Read Time:12 Second
Claudio Bozzato discovered multiple security issues in gtkwave, a file
waveform viewer for VCD (Value Change Dump) files, which may result in the
execution of arbitrary code if malformed files are opened.
DSA-5654-1 chromium – security update
Read Time:9 Second
Security issues were discovered in Chromium, which could result
in the execution of arbitrary code, denial of service or information
disclosure.
libdwarf-0.9.2-1.fc40
Read Time:6 Second
FEDORA-2024-60627905b6
Packages in this update:
libdwarf-0.9.2-1.fc40
Update description:
Update to latest upstream release.
USN-6720-1: Cacti vulnerability
Read Time:10 Second
Kentaro Kawane discovered that Cacti incorrectly handled user provided
input sent through request parameters to the graph_view.php script.
A remote authenticated attacker could use this issue to perform
SQL injection attacks.