FEDORA-2024-2aa28a4cfc
Packages in this update:
shim-15.8-2
shim-unsigned-aarch64-15.8-2
shim-unsigned-x64-15.8-2
Update description:
Update to shim-15.8
shim-15.8-2
shim-unsigned-aarch64-15.8-2
shim-unsigned-x64-15.8-2
Update to shim-15.8
amavis-2.12.3-1.el7
Update to version 2.12.3
Fix CVE-2024-28054
amavis-2.13.1-1.el8
Update to version 2.13.1
Fix CVE-2024-28054
amavis-2.13.1-1.el9
Update to version 2.13.1
Fix CVE-2024-28054
amavis-2.13.1-1.fc38
Update to version 2.13.1
Fix CVE-2024-28054
amavis-2.13.1-1.fc39
Update to version 2.13.1
Fix CVE-2024-28054
amavis-2.13.1-1.fc40
Update to version 2.13.1
Fix CVE-2024-28054
It was discovered that TeX Live incorrectly handled certain memory
operations in the embedded axodraw2 tool. An attacker could possibly use
this issue to cause TeX Live to crash, resulting in a denial of service.
This issue only affected Ubuntu 20.04 LTS. (CVE-2019-18604)
It was discovered that TeX Live allowed documents to make arbitrary
network requests. If a user or automated system were tricked into opening a
specially crafted document, a remote attacker could possibly use this issue
to exfiltrate sensitive information, or perform other network-related
attacks. This issue only affected Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS.
(CVE-2023-32668)
It was discovered that TeX Live incorrectly handled certain TrueType fonts.
If a user or automated system were tricked into opening a specially crafted
TrueType font, a remote attacker could use this issue to cause TeX Live to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2024-25262)
It was discovered that Expat could be made to consume large amounts of
resources. If a user or automated system were tricked into processing
specially crafted input, an attacker could possibly use this issue to cause
a denial of service. (CVE-2023-52425, CVE-2024-28757)
USN-6673-1 provided a security update for python-cryptography.
This update provides the corresponding update for Ubuntu 16.04 LTS.
Original advisory details:
Hubert Kario discovered that python-cryptography incorrectly handled
errors returned by the OpenSSL API when processing incorrect padding in
RSA PKCS#1 v1.5. A remote attacker could possibly use this issue to expose
confidential or sensitive information. (CVE-2023-50782)