FEDORA-EPEL-2024-8e8d75ff19

Packages in this update:

baresip-3.10.1-1.el9

Update description:

Baresip v3.10.1 (2024-03-12)

Security Release (possible Denial of Service): A wrong or manipulated incoming RTP Timestamp can cause the baresip process to hang forever, for details see: #2954

aureceiver: fix mtx_unlock on discard

Read More

FEDORA-EPEL-2024-f51b53c59b

Packages in this update:

baresip-3.10.1-1.el7

Update description:

Baresip v3.10.1 (2024-03-12)

Security Release (possible Denial of Service): A wrong or manipulated incoming RTP Timestamp can cause the baresip process to hang forever, for details see: #2954

aureceiver: fix mtx_unlock on discard

Read More

FEDORA-EPEL-2024-092f7564a8

Packages in this update:

baresip-3.10.1-1.el8

Update description:

Baresip v3.10.1 (2024-03-12)

Security Release (possible Denial of Service): A wrong or manipulated incoming RTP Timestamp can cause the baresip process to hang forever, for details see: #2954

aureceiver: fix mtx_unlock on discard

Read More

FEDORA-2024-e34efa1300

Packages in this update:

baresip-3.10.1-1.fc39

Update description:

Baresip v3.10.1 (2024-03-12)

Security Release (possible Denial of Service): A wrong or manipulated incoming RTP Timestamp can cause the baresip process to hang forever, for details see: #2954

aureceiver: fix mtx_unlock on discard

Read More

FEDORA-EPEL-2024-d241ea2238

Packages in this update:

libuev-2.4.1-1.el8

Update description:

Security fix for CVE-2022-48620

Read More

USN-6663-1 provided a security update for OpenSSL.
This update provides the corresponding update for
Ubuntu 16.04 LTS.

Original advisory details:

As a security improvement, this update prevents OpenSSL
from returning an error when detecting wrong padding
in PKCS#1 v1.5 RSA, to prevent its use in possible
Bleichenbacher timing attacks.

Read More

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Office. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-26199.

Read More

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Skype. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2024-21411.

Read More

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Premiere Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-20745.

Read More

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Bridge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-20752.

Read More