perl-Data-UUID-1.227-1.el7
This update fixes CVE-2013-4184 (possible symlink attack due to use of predictable temporary file names). The module no longer saves state in temporary files at all.
Fortinet has released security updates to address multiple vulnerabilities found in Fortinet products. The vulnerabilities, if exploited could allow unauthenticated attacker to execute arbitrary code on Fortinet products. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the affected service/user account. Depending on the privileges associated with the account an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Accounts that are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
firefox-124.0-1.fc40
Updated to 124.0
firefox-124.0-1.fc39
Updated to 124.0
firefox-124.0-1.fc38
Updated to 124.0
chromium-122.0.6261.128-1.el8
upstream security release 122.0.6261.128
High CVE-2024-2400: Use after free in Performance Manager
chromium-122.0.6261.128-1.el9
upstream security release 122.0.6261.128
High CVE-2024-2400: Use after free in Performance Manager
chromium-122.0.6261.128-1.el7
upstream security release 122.0.6261.128
High CVE-2024-2400: Use after free in Performance Manager
It was discovered that fontforge, a font editor, is prone to shell command
injection vulnerabilities when processing specially crafted files.
It was discovered that the Layer 2 Tunneling Protocol (L2TP) implementation
in the Linux kernel contained a race condition when releasing PPPoL2TP
sockets in certain conditions, leading to a use-after-free vulnerability.
A local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2022-20567)
It was discovered that the ext4 file system implementation in the Linux
kernel did not properly handle block device modification while it is
mounted. A privileged attacker could use this to cause a denial of service
(system crash) or possibly expose sensitive information. (CVE-2023-34256)
Eric Dumazet discovered that the netfilter subsystem in the Linux kernel
did not properly handle DCCP conntrack buffers in certain situations,
leading to an out-of-bounds read vulnerability. An attacker could possibly
use this to expose sensitive information (kernel memory). (CVE-2023-39197)
It was discovered that a race condition existed in the AppleTalk networking
subsystem of the Linux kernel, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2023-51781)
It was discovered that the ext4 file system implementation in the Linux
kernel did not properly handle the remount operation in certain cases,
leading to a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or possibly expose sensitive
information. (CVE-2024-0775)
Notselwyn discovered that the netfilter subsystem in the Linux kernel did
not properly handle verdict parameters in certain cases, leading to a use-
after-free vulnerability. A local attacker could use this to cause a denial
of service (system crash) or possibly execute arbitrary code.
(CVE-2024-1086)
It was discovered that a race condition existed in the SCSI Emulex
LightPulse Fibre Channel driver in the Linux kernel when unregistering FCF
and re-scanning an HBA FCF table, leading to a null pointer dereference
vulnerability. A local attacker could use this to cause a denial of service
(system crash). (CVE-2024-24855)
