A vulnerability has been discovered in XZ Utils that could allow for remote code execution. XZ is a general-purpose data compression format present in nearly every Linux distribution, both community projects and commercial product distributions. Successful exploitation of this vulnerability could allow for remote code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have less rights on the system could be less impacted than those who operate with administrative user rights.

Read More

FEDORA-2024-3497e5a670

Packages in this update:

c-ares-1.28.0-1.fc40

Update description:

Update to 1.28.0. Also fixes CVE-2024-25629.

Read More

FEDORA-2024-290acd02c4

Packages in this update:

c-ares-1.28.0-1.fc39

Update description:

Update to 1.28.0. Also fixes CVE-2024-25629.

Read More

FEDORA-2024-f0f67dd020

Packages in this update:

c-ares-1.28.0-1.fc38

Update description:

Update to 1.28.0. Also fixes CVE-2024-25629.

Read More

FEDORA-2024-4e95f130fc

Packages in this update:

cockpit-314-1.fc40

Update description:

Automatic update for cockpit-314-1.fc40.

Changelog for cockpit

* Thu Mar 28 2024 Packit <hello@packit.dev> – 314-1
– Diagnostic reports: Fix command injection vulnerability with crafted report names
– Storage: Improvements to read-only encrypted filesystems

Read More

FEDORA-2024-6065341780

Packages in this update:

cockpit-314-1.fc39

Update description:

Automatic update for cockpit-314-1.fc39.

Read More

https://security-tracker.debian.org/tracker/DSA-5649-1

Read More

Post Content

Read More

Lonial Con discovered that the netfilter subsystem in the Linux kernel did
not properly handle element deactivation in certain cases, leading to a
use-after-free vulnerability. A local attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2024-1085)

Notselwyn discovered that the netfilter subsystem in the Linux kernel did
not properly handle verdict parameters in certain cases, leading to a use-
after-free vulnerability. A local attacker could use this to cause a denial
of service (system crash) or possibly execute arbitrary code.
(CVE-2024-1086)

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– Network drivers;
– PWM drivers;
(CVE-2024-26597, CVE-2024-26599)

Read More

It was discovered that the NVIDIA Tegra XUSB pad controller driver in the
Linux kernel did not properly handle return values in certain error
conditions. A local attacker could use this to cause a denial of service
(system crash). (CVE-2023-23000)

Quentin Minster discovered that the KSMBD implementation in the Linux
kernel did not properly handle session setup requests. A remote attacker
could possibly use this to cause a denial of service (memory exhaustion).
(CVE-2023-32247)

Lonial Con discovered that the netfilter subsystem in the Linux kernel did
not properly handle element deactivation in certain cases, leading to a
use-after-free vulnerability. A local attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2024-1085)

Notselwyn discovered that the netfilter subsystem in the Linux kernel did
not properly handle verdict parameters in certain cases, leading to a use-
after-free vulnerability. A local attacker could use this to cause a denial
of service (system crash) or possibly execute arbitrary code.
(CVE-2024-1086)

It was discovered that a race condition existed in the SCSI Emulex
LightPulse Fibre Channel driver in the Linux kernel when unregistering FCF
and re-scanning an HBA FCF table, leading to a null pointer dereference
vulnerability. A local attacker could use this to cause a denial of service
(system crash). (CVE-2024-24855)

Read More