Category Archives: Advisories

USN-6709-1: OpenSSL vulnerabilities

Read Time:49 Second

It was discovered that checking excessively long DH keys or parameters
may be very slow. A remote attacker could possibly use this issue to
cause OpenSSL to consume resources, resulting in a denial of service.
(CVE-2023-3446)

After the fix for CVE-2023-3446 Bernd Edlinger discovered that a large
q parameter value can also trigger an overly long computation during
some of these checks. A remote attacker could possibly use this issue
to cause OpenSSL to consume resources, resulting in a denial of
service. (CVE-2023-3817)

David Benjamin discovered that generating excessively long X9.42 DH
keys or checking excessively long X9.42 DH keys or parameters may be
very slow. A remote attacker could possibly use this issue to cause
OpenSSL to consume resources, resulting in a denial of service.
(CVE-2023-5678)

Bahaa Naamneh discovered that processing a maliciously formatted
PKCS12 file may lead OpenSSL to crash leading to a potential Denial of
Service attack. (CVE-2024-0727)

Read More

USN-6707-2: Linux kernel (ARM laptop) vulnerabilities

Read Time:40 Second

Lonial Con discovered that the netfilter subsystem in the Linux kernel did
not properly handle element deactivation in certain cases, leading to a
use-after-free vulnerability. A local attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2024-1085)

Notselwyn discovered that the netfilter subsystem in the Linux kernel did
not properly handle verdict parameters in certain cases, leading to a use-
after-free vulnerability. A local attacker could use this to cause a denial
of service (system crash) or possibly execute arbitrary code.
(CVE-2024-1086)

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– Network drivers;
– PWM drivers;
(CVE-2024-26597, CVE-2024-26599)

Read More

USN-6704-2: Linux kernel (Raspberry Pi) vulnerabilities

Read Time:1 Minute, 9 Second

It was discovered that the NVIDIA Tegra XUSB pad controller driver in the
Linux kernel did not properly handle return values in certain error
conditions. A local attacker could use this to cause a denial of service
(system crash). (CVE-2023-23000)

Quentin Minster discovered that the KSMBD implementation in the Linux
kernel did not properly handle session setup requests. A remote attacker
could possibly use this to cause a denial of service (memory exhaustion).
(CVE-2023-32247)

Lonial Con discovered that the netfilter subsystem in the Linux kernel did
not properly handle element deactivation in certain cases, leading to a
use-after-free vulnerability. A local attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2024-1085)

Notselwyn discovered that the netfilter subsystem in the Linux kernel did
not properly handle verdict parameters in certain cases, leading to a use-
after-free vulnerability. A local attacker could use this to cause a denial
of service (system crash) or possibly execute arbitrary code.
(CVE-2024-1086)

It was discovered that a race condition existed in the SCSI Emulex
LightPulse Fibre Channel driver in the Linux kernel when unregistering FCF
and re-scanning an HBA FCF table, leading to a null pointer dereference
vulnerability. A local attacker could use this to cause a denial of service
(system crash). (CVE-2024-24855)

Read More

ghc-base64-0.4.2.4-28.fc39 ghc-hakyll-4.16.2.0-4.fc39 ghc-isocline-1.0.9-28.fc39 ghc-toml-parser-1.3.2.0-29.fc39 gitit-0.15.1.1-6.fc39 pandoc-3.1.3-29.fc39 pandoc-cli-3.1.3-29.fc39 patat-0.11.0.0-1.fc39

Read Time:34 Second

FEDORA-2024-b458482d48

Packages in this update:

ghc-base64-0.4.2.4-28.fc39
ghc-hakyll-4.16.2.0-4.fc39
ghc-isocline-1.0.9-28.fc39
ghc-toml-parser-1.3.2.0-29.fc39
gitit-0.15.1.1-6.fc39
pandoc-3.1.3-29.fc39
pandoc-cli-3.1.3-29.fc39
patat-0.11.0.0-1.fc39

Update description:

Security fix for CVE-2023-35936 and CVE-2023-38745

pandoc:

backport fixes for CVE-2023-35936 and CVE-2023-38745

pandoc-cli:

new package for pandoc binary

patat:

update to 0.11.0.0 and enable tests

base64, isocline, toml-parser: now packaged in Fedora

Read More

php-tcpdf-6.7.4-1.fc40

Read Time:27 Second

FEDORA-2024-bc7d40eb2e

Packages in this update:

php-tcpdf-6.7.4-1.fc40

Update description:

Version 6.7.4 (2024-03-21)

Upgrade tcpdf tag encryption algorithm.

Version 6.7.3 (2024-03-20)

Fix regression issue #699.

Version 6.7.2 (2024-03-18)

Fix security issue.
[BREAKING CHANGE] The tcpdf HTML tag syntax has changed, see example_049.php.
New K_ALLOWED_TCPDF_TAGS configuration constant to set the allowed methods for the tcdpf HTML tag.
Raised minimum PHP version to PHP 5.5.0.

Read More