Claudio Bozzato discovered multiple security issues in gtkwave, a file
waveform viewer for VCD (Value Change Dump) files, which may result in the
execution of arbitrary code if malformed files are opened.
Category Archives: Advisories
DSA-5654-1 chromium – security update
Security issues were discovered in Chromium, which could result
in the execution of arbitrary code, denial of service or information
disclosure.
libdwarf-0.9.2-1.fc40
FEDORA-2024-60627905b6
Packages in this update:
libdwarf-0.9.2-1.fc40
Update description:
Update to latest upstream release.
USN-6720-1: Cacti vulnerability
Kentaro Kawane discovered that Cacti incorrectly handled user provided
input sent through request parameters to the graph_view.php script.
A remote authenticated attacker could use this issue to perform
SQL injection attacks.
dotnet7.0-7.0.117-1.fc38
FEDORA-2024-8fd3285bd9
Packages in this update:
dotnet7.0-7.0.117-1.fc38
Update description:
This is the March 2024 update for .NET 7.
Release Notes: https://github.com/dotnet/core/blob/main/release-notes/7.0/7.0.17/7.0.17.md
dotnet7.0-7.0.117-1.fc39
FEDORA-2024-8420247612
Packages in this update:
dotnet7.0-7.0.117-1.fc39
Update description:
This is the March 2024 update for .NET 7.
Release Notes: https://github.com/dotnet/core/blob/main/release-notes/7.0/7.0.17/7.0.17.md
python-pillow-10.3.0-1.fc39
FEDORA-2024-e4b1b4eab1
Packages in this update:
python-pillow-10.3.0-1.fc39
Update description:
Update to 10.3.0.
cockpit-311.2-1.fc38
FEDORA-2024-31e83b461d
Packages in this update:
cockpit-311.2-1.fc38
Update description:
sosreport: Fix command injection with crafted report names [CVE-2024-2947]
XZ Utils Supply Chain Attack (CVE-2024-3094)
What is the vulnerability/attack?
A malicious code was discovered embedded in the XZ Utils which is a data compression software included in major Linux distributions. This vulnerability tracked under CVE-2024-3094 is a result of a supply chain attack on the versions 5.6.0 and 5.6.1 of the related tools and libraries. A security researcher found the malicious code when he experienced an unexpected behavior which led to further investigation and discovery of the vulnerability.
What is the recommended Mitigation?
CISA has advised XZ Utils users to downgrade to an older version of the utility immediately (i.e., any version before 5.6.0) and update their installations and packages according to distribution maintainer directions. Major Linux distributions and package maintainers have published guidance on updating. Please see the link and refer to individual distribution and package advisories for the latest information and remediation guidance.
What FortiGuard Coverage is available?
The situation is still developing; the FortiGuard team will update the threat signal and provide more information on related protections as they are released. FortiGuard Incident Response team can be engaged to help with any suspected compromise.
DSA-5652-1 py7zr – security update
A directory traversal vulnerability was discovered in py7zr, a library
and command-line utility to process 7zip archives.