FEDORA-EPEL-2024-1e7f709e59
Packages in this update:
suricata-6.0.17-1.el9
Update description:
These are bug fix and security releases including MODERATE, HIGH,
and CRITICAL issues.
suricata-6.0.17-1.el9
These are bug fix and security releases including MODERATE, HIGH,
and CRITICAL issues.
suricata-6.0.17-1.el8
These are bug fix and security releases including MODERATE, HIGH,
and CRITICAL issues.
pandoc-2.14.0.3-17.el9
patat-0.8.7.0-4.el9
backport pandoc fixes for CVE-2023-35936 and CVE-2023-38745
prometheus-podman-exporter-1.11.0-1.fc39
release v1.11.0
release v1.10.1
release v1.10.0
prometheus-podman-exporter-1.11.0-1.fc40
release v1.11.0
prometheus-podman-exporter-1.11.0-1.el9
release v1.11.0
release v1.10.1
release v1.10.0
prometheus-podman-exporter-1.11.0-1.fc38
release v1.11.0
release v1.10.1
release v1.10.0
ghc-base64-0.4.2.4-28.fc38
ghc-hakyll-4.16.2.0-1.fc38
gitit-0.15.1.1-3.fc38
pandoc-2.19.2-22.fc38
patat-0.8.8.0-2.fc38
Security fix for CVE-2023-35936 and CVE-2023-38745
pandoc: backport fixes for CVE-2023-35936 and CVE-2023-38745
base64 now packaged in Fedora
It was discovered that the Layer 2 Tunneling Protocol (L2TP) implementation
in the Linux kernel contained a race condition when releasing PPPoL2TP
sockets in certain conditions, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2022-20567)
It was discovered that the ext4 file system implementation in the Linux
kernel did not properly handle block device modification while it is
mounted. A privileged attacker could use this to cause a denial of service
(system crash) or possibly expose sensitive information. (CVE-2023-34256)
Eric Dumazet discovered that the netfilter subsystem in the Linux kernel
did not properly handle DCCP conntrack buffers in certain situations,
leading to an out-of-bounds read vulnerability. An attacker could possibly
use this to expose sensitive information (kernel memory). (CVE-2023-39197)
It was discovered that a race condition existed in the AppleTalk networking
subsystem of the Linux kernel, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2023-51781)
It was discovered that the ext4 file system implementation in the Linux
kernel did not properly handle the remount operation in certain cases,
leading to a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or possibly expose sensitive
information. (CVE-2024-0775)
Notselwyn discovered that the netfilter subsystem in the Linux kernel did
not properly handle verdict parameters in certain cases, leading to a use-
after-free vulnerability. A local attacker could use this to cause a denial
of service (system crash) or possibly execute arbitrary code.
(CVE-2024-1086)
It was discovered that a race condition existed in the SCSI Emulex
LightPulse Fibre Channel driver in the Linux kernel when unregistering FCF
and re-scanning an HBA FCF table, leading to a null pointer dereference
vulnerability. A local attacker could use this to cause a denial of service
(system crash). (CVE-2024-24855)
It was discovered that checking excessively long DH keys or parameters
may be very slow. A remote attacker could possibly use this issue to
cause OpenSSL to consume resources, resulting in a denial of service.
(CVE-2023-3446)
After the fix for CVE-2023-3446 Bernd Edlinger discovered that a large
q parameter value can also trigger an overly long computation during
some of these checks. A remote attacker could possibly use this issue
to cause OpenSSL to consume resources, resulting in a denial of
service. (CVE-2023-3817)
David Benjamin discovered that generating excessively long X9.42 DH
keys or checking excessively long X9.42 DH keys or parameters may be
very slow. A remote attacker could possibly use this issue to cause
OpenSSL to consume resources, resulting in a denial of service.
(CVE-2023-5678)
Bahaa Naamneh discovered that processing a maliciously formatted
PKCS12 file may lead OpenSSL to crash leading to a potential Denial of
Service attack. (CVE-2024-0727)