FEDORA-2024-c266dab9e9

Packages in this update:

unbound-1.19.1-4.fc40

Update description:

CVE-2024-1931 – Fix trim of EDE text from large udp responses from spinning cpu.

Read More

FEDORA-EPEL-2024-15cde9f00b

Packages in this update:

chromium-123.0.6312.58-1.el7

Update description:

Update to 123.0.6312.58

* High CVE-2024-2625: Object lifecycle issue in V8
* Medium CVE-2024-2626: Out of bounds read in Swiftshader
* Medium CVE-2024-2627: Use after free in Canvas
* Medium CVE-2024-2628: Inappropriate implementation in Downloads
* Medium CVE-2024-2629: Incorrect security UI in iOS
* Medium CVE-2024-2630: Inappropriate implementation in iOS
* Low CVE-2024-2631: Inappropriate implementation in iOS

Read More

FEDORA-EPEL-2024-24aceec24b

Packages in this update:

chromium-123.0.6312.58-1.el9

Update description:

Update to 123.0.6312.58

* High CVE-2024-2625: Object lifecycle issue in V8
* Medium CVE-2024-2626: Out of bounds read in Swiftshader
* Medium CVE-2024-2627: Use after free in Canvas
* Medium CVE-2024-2628: Inappropriate implementation in Downloads
* Medium CVE-2024-2629: Incorrect security UI in iOS
* Medium CVE-2024-2630: Inappropriate implementation in iOS
* Low CVE-2024-2631: Inappropriate implementation in iOS

Read More

FEDORA-EPEL-2024-fc233c6d2e

Packages in this update:

chromium-123.0.6312.58-1.el8

Update description:

Update to 123.0.6312.58

* High CVE-2024-2625: Object lifecycle issue in V8
* Medium CVE-2024-2626: Out of bounds read in Swiftshader
* Medium CVE-2024-2627: Use after free in Canvas
* Medium CVE-2024-2628: Inappropriate implementation in Downloads
* Medium CVE-2024-2629: Incorrect security UI in iOS
* Medium CVE-2024-2630: Inappropriate implementation in iOS
* Low CVE-2024-2631: Inappropriate implementation in iOS

Read More

Dan Fandrich discovered that curl would incorrectly use the default set of
protocols when a parameter option disabled all protocols without adding
any, contrary to expectations. This issue only affected Ubuntu 23.10.
(CVE-2024-2004)

It was discovered that curl incorrectly handled memory when limiting the
amount of headers when HTTP/2 server push is allowed. A remote attacker
could possibly use this issue to cause curl to consume resources, leading
to a denial of service. (CVE-2024-2398)

Read More

Multiple Vulnerabilities have been discovered in Google Chrome, which could allow for arbitrary code execution. Successful exploitation of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Read More

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk DWG TrueView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-23138.

Read More

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk FBX Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-23139.

Read More

FEDORA-2024-34aa24af35

Packages in this update:

micropython-1.22.2-1.fc39

Update description:

Update to 1.22.2
Security fixes for CVE-2023-7158 and CVE-2023-7152

Read More

FEDORA-2024-a3b517705e

Packages in this update:

micropython-1.22.2-1.fc40

Update description:

Update to 1.22.2
Security fixes for CVE-2023-7158 and CVE-2023-7152

Read More