Read Time:8 Second
FEDORA-2024-4e5613bcb3
Packages in this update:
ofono-1.34-5.fc39
Update description:
Backport upstream fixes for CVE-2023-4233 and CVE-2023-4234
Category Archives: Advisories
DSA-5626-2 pdns-recursor – regression update
Read Time:12 Second
One of the upstream changes in the update released as DSA 5626 contained
a regression in the zoneToCache function. Updated pdns-recursor packages
are available to correct this issue.
DSA-5642-1 php-dompdf-svg-lib – security update
Read Time:14 Second
Three security issues were discovered in php-svg-lib, a PHP library to
read, parse and export to PDF SVG files, which could result in denial
of service, restriction bypass or the execution of arbitrary code.
ofono-2.5-1.fc40
Read Time:6 Second
FEDORA-2024-c42ea059d0
Packages in this update:
ofono-2.5-1.fc40
Update description:
Update to v2.5
USN-6702-1: Linux kernel vulnerabilities
Read Time:55 Second
It was discovered that the NVIDIA Tegra XUSB pad controller driver in the
Linux kernel did not properly handle return values in certain error
conditions. A local attacker could use this to cause a denial of service
(system crash). (CVE-2023-23000)
It was discovered that the ARM Mali Display Processor driver implementation
in the Linux kernel did not properly handle certain error conditions. A
local attacker could possibly use this to cause a denial of service (system
crash). (CVE-2023-23004)
Notselwyn discovered that the netfilter subsystem in the Linux kernel did
not properly handle verdict parameters in certain cases, leading to a use-
after-free vulnerability. A local attacker could use this to cause a denial
of service (system crash) or possibly execute arbitrary code.
(CVE-2024-1086)
It was discovered that a race condition existed in the SCSI Emulex
LightPulse Fibre Channel driver in the Linux kernel when unregistering FCF
and re-scanning an HBA FCF table, leading to a null pointer dereference
vulnerability. A local attacker could use this to cause a denial of service
(system crash). (CVE-2024-24855)
USN-6681-4: Linux kernel (AWS) vulnerabilities
Read Time:1 Minute, 48 Second
Wenqing Liu discovered that the f2fs file system implementation in the
Linux kernel did not properly validate inode types while performing garbage
collection. An attacker could use this to construct a malicious f2fs image
that, when mounted and operated on, could cause a denial of service (system
crash). (CVE-2021-44879)
It was discovered that the DesignWare USB3 for Qualcomm SoCs driver in the
Linux kernel did not properly handle certain error conditions during device
registration. A local attacker could possibly use this to cause a denial of
service (system crash). (CVE-2023-22995)
Bien Pham discovered that the netfiler subsystem in the Linux kernel
contained a race condition, leading to a use-after-free vulnerability. A
local user could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2023-4244)
It was discovered that a race condition existed in the Bluetooth subsystem
of the Linux kernel, leading to a use-after-free vulnerability. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2023-51779)
It was discovered that a race condition existed in the ATM (Asynchronous
Transfer Mode) subsystem of the Linux kernel, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-51780)
It was discovered that a race condition existed in the Rose X.25 protocol
implementation in the Linux kernel, leading to a use-after- free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-51782)
Alon Zahavi discovered that the NVMe-oF/TCP subsystem of the Linux kernel
did not properly handle connect command payloads in certain situations,
leading to an out-of-bounds read vulnerability. A remote attacker could use
this to expose sensitive information (kernel memory). (CVE-2023-6121)
It was discovered that the VirtIO subsystem in the Linux kernel did not
properly initialize memory in some situations. A local attacker could use
this to possibly expose sensitive information (kernel memory).
(CVE-2024-0340)
firefox-flatpak-124.0-1
Read Time:10 Second
FEDORA-FLATPAK-2024-421df9d0b8
Packages in this update:
firefox-flatpak-124.0-1
Update description:
Firefox 124.0 release. For details, see https://www.mozilla.org/en-US/firefox/124.0/releasenotes/
Multiple Vulnerabilities in Mozilla Products Could Allow for Arbitrary Code Execution
Read Time:36 Second
Multiple vulnerabilities have been discovered in Mozilla products, the most severe of which could allow for arbitrary code execution.
Mozilla Firefox is a web browser used to access the Internet.
Mozilla Firefox ESR is a version of the web browser intended to be deployed in large organizations.
Mozilla Thunderbird is an email client.
Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
thunderbird-115.9.0-1.fc39
Read Time:12 Second
FEDORA-2024-9f8235fb21
Packages in this update:
thunderbird-115.9.0-1.fc39
Update description:
Update to 115.9.0
https://www.mozilla.org/en-US/security/advisories/mfsa2024-14/
https://www.thunderbird.net/en-US/thunderbird/115.9.0/releasenotes/
thunderbird-115.9.0-1.fc38
Read Time:12 Second
FEDORA-2024-5d080305ab
Packages in this update:
thunderbird-115.9.0-1.fc38
Update description:
Update to 115.9.0
https://www.mozilla.org/en-US/security/advisories/mfsa2024-14/
https://www.thunderbird.net/en-US/thunderbird/115.9.0/releasenotes/