FEDORA-2024-290acd02c4

Packages in this update:

c-ares-1.28.0-1.fc39

Update description:

Update to 1.28.0. Also fixes CVE-2024-25629.

Read More

FEDORA-2024-f0f67dd020

Packages in this update:

c-ares-1.28.0-1.fc38

Update description:

Update to 1.28.0. Also fixes CVE-2024-25629.

Read More

FEDORA-2024-4e95f130fc

Packages in this update:

cockpit-314-1.fc40

Update description:

Automatic update for cockpit-314-1.fc40.

Changelog for cockpit

* Thu Mar 28 2024 Packit <hello@packit.dev> – 314-1
– Diagnostic reports: Fix command injection vulnerability with crafted report names
– Storage: Improvements to read-only encrypted filesystems

Read More

FEDORA-2024-6065341780

Packages in this update:

cockpit-314-1.fc39

Update description:

Automatic update for cockpit-314-1.fc39.

Read More

https://security-tracker.debian.org/tracker/DSA-5649-1

Read More

Post Content

Read More

Lonial Con discovered that the netfilter subsystem in the Linux kernel did
not properly handle element deactivation in certain cases, leading to a
use-after-free vulnerability. A local attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2024-1085)

Notselwyn discovered that the netfilter subsystem in the Linux kernel did
not properly handle verdict parameters in certain cases, leading to a use-
after-free vulnerability. A local attacker could use this to cause a denial
of service (system crash) or possibly execute arbitrary code.
(CVE-2024-1086)

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– Network drivers;
– PWM drivers;
(CVE-2024-26597, CVE-2024-26599)

Read More

It was discovered that the NVIDIA Tegra XUSB pad controller driver in the
Linux kernel did not properly handle return values in certain error
conditions. A local attacker could use this to cause a denial of service
(system crash). (CVE-2023-23000)

Quentin Minster discovered that the KSMBD implementation in the Linux
kernel did not properly handle session setup requests. A remote attacker
could possibly use this to cause a denial of service (memory exhaustion).
(CVE-2023-32247)

Lonial Con discovered that the netfilter subsystem in the Linux kernel did
not properly handle element deactivation in certain cases, leading to a
use-after-free vulnerability. A local attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2024-1085)

Notselwyn discovered that the netfilter subsystem in the Linux kernel did
not properly handle verdict parameters in certain cases, leading to a use-
after-free vulnerability. A local attacker could use this to cause a denial
of service (system crash) or possibly execute arbitrary code.
(CVE-2024-1086)

It was discovered that a race condition existed in the SCSI Emulex
LightPulse Fibre Channel driver in the Linux kernel when unregistering FCF
and re-scanning an HBA FCF table, leading to a null pointer dereference
vulnerability. A local attacker could use this to cause a denial of service
(system crash). (CVE-2024-24855)

Read More

Posted by Julian Horoszkiewicz via Fulldisclosure on Mar 28

Vulnerability summary: Local Privilege Escalation from regular user to SYSTEM, via conhost.exe hijacking triggered by
MSI installer in repair mode
Affected Products: Intel PowerGadget
Affected Versions: tested on PowerGadget_3.6.msi (a3834b2559c18e6797ba945d685bf174), file signed on ‎Monday, ‎February
‎1, ‎2021 9:43:20 PM (this seems to be the latest version), earlier versions might be affected as well.
Affected Platforms: Windows…

Read More

FEDORA-2024-85531c965e

Packages in this update:

chromium-123.0.6312.86-1.fc40

Update description:

update to 123.0.6312.86

Critical CVE-2024-2883: Use after free in ANGLE
High CVE-2024-2885: Use after free in Dawn
High CVE-2024-2886: Use after free in WebCodecs
High CVE-2024-2887: Type Confusion in WebAssembly

chromium bugfix update

Read More