FEDORA-FLATPAK-2024-dfbd1e6d77

Packages in this update:

pdfarranger-flatpak-1.10.1-4

Update description:

Fix for CVE-2024-24246 in qpdf

Read More

FEDORA-2024-d96cdeb8ec

Packages in this update:

libvirt-9.7.0-3.fc39

Update description:

Fix crash listing interfaces with missing link status attribute (rhbz #2266014)
Fix crash listing interfaces with missized array (CVE-2024-1441)

Read More

FEDORA-2024-1a59230214

Packages in this update:

libvirt-9.0.0-5.fc38

Update description:

Fix crash listing interfaces with missing link status attribute (rhbz #2266014)
Fix crash listing interfaces with missized array (CVE-2024-1441)

Read More

What are the Vulnerabilities?

Two new vulnerabilities affecting JetBrains TeamCity CI/CD server have been identified and tagged as CVE-2024-27198 and CVE-2024-27199. The most severe of the two, CVE-2024-27198, has been added to CISA’s known exploited catalog which allows for a complete compromise of a vulnerable TeamCity server by a remote unauthenticated attacker.

What is the Vendor Solution?

On March 3, 2024, JetBrains released TeamCity 2023.11.4 to fix both CVE-2024-27198 and CVE-2024-27199. [ Link ]

What FortiGuard Coverage is available?

FortiGuard Labs has released endpoint vulnerability signatures, which can help detect vulnerable systems and auto-patch where applicable, and has blocked all the known indicators of compromise (IoCs).

FortiGuard Labs recommends companies to review the vendor’s advisory.

Read More

It was discovered that .NET did not properly handle certain specially
crafted requests. An attacker could potentially use this issue to cause
a resource leak, leading to a denial of service.

Read More

Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Read More

It was discovered that Gson incorrectly handled deserialization of untrusted
input data. If a user or an automated system were tricked into opening a
specially crafted input file, a remote attacker could possibly use this issue
to cause a denial of service.

Read More

Xingyuan Mo discovered that the netfilter subsystem in the Linux kernel did
not properly handle inactive elements in its PIPAPO data structure, leading
to a use-after-free vulnerability. A local attacker could use this to cause
a denial of service (system crash) or possibly execute arbitrary code.(CVE-2023-6817)

It was discovered that the IGMP protocol implementation in the Linux kernel
contained a race condition, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code.(CVE-2023-6932)

It was discovered that the netfilter connection tracker for netlink in the
Linux kernel did not properly perform reference counting in some error
conditions. A local attacker could possibly use this to cause a denial of
service (memory exhaustion).(CVE-2023-7192)

Kevin Rich discovered that the netfilter subsystem in the Linux kernel did
not properly check deactivated elements in certain situations, leading to a
use-after-free vulnerability. A local attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.(CVE-2024-0193)

Jann Horn discovered that the TLS subsystem in the Linux kernel did not
properly handle spliced messages, leading to an out-of-bounds write
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code.(CVE-2024-0646)

Read More

It was discovered that OVN incorrectly enabled OVS Bidirectional Forwarding
Detection on logical ports. A remote attacker could possibly use this issue
to disrupt traffic.

Read More

Timothy Redaelli and Haresh Khandelwal discovered that Open vSwitch
incorrectly handled certain crafted Geneve packets when hardware offloading
via the netlink path is enabled. A remote attacker could possibly use this
issue to cause Open vSwitch to crash, leading to a denial of service.
(CVE-2023-3966)

It was discovered that Open vSwitch incorrectly handled certain ICMPv6
Neighbor Advertisement packets. A remote attacker could possibly use this
issue to redirect traffic to arbitrary IP addresses. (CVE-2023-5366)

Read More