Integer overflows flaws were discovered in the Compound Document Binary
File format parser of libgsf, the GNOME Project G Structured File
Library, which could result in the execution of arbitrary code if a
specially crafted file is processed.
Category Archives: Advisories
firefox-131.0-2.fc39
FEDORA-2024-86edbf4d85
Packages in this update:
firefox-131.0-2.fc39
Update description:
New upstream version (131.0)
chromium-129.0.6668.89-1.fc39
FEDORA-2024-7aba3c1531
Packages in this update:
chromium-129.0.6668.89-1.fc39
Update description:
update to 129.0.6668.89
High CVE-2024-7025: Integer overflow in Layout
High CVE-2024-9369: Insufficient data validation in Mojo
High CVE-2024-9370: Inappropriate implementation in V8
chromium-129.0.6668.89-1.fc40
FEDORA-2024-452b60addf
Packages in this update:
chromium-129.0.6668.89-1.fc40
Update description:
update to 129.0.6668.89
High CVE-2024-7025: Integer overflow in Layout
High CVE-2024-9369: Insufficient data validation in Mojo
High CVE-2024-9370: Inappropriate implementation in V8
Some SIM / USIM card security (and ecosystem) info
Posted by Security Explorations on Oct 04
Hello All,
Those interested in SIM / USIM card security might find some
information at our spin-off project page dedicated to the topic
potentially useful:
https://security-explorations.com/sim-usim-cards.html
We share there some information based on the experiences gained in the
SIM / USIM card security space, all in a hope this leads to the
increase of public awareness on the topic, change perspective on the
SIM / USIM card industry and…
chromium-129.0.6668.89-1.el8
FEDORA-EPEL-2024-a3d9061962
Packages in this update:
chromium-129.0.6668.89-1.el8
Update description:
update to 129.0.6668.89
* High CVE-2024-7025: Integer overflow in Layout
* High CVE-2024-9369: Insufficient data validation in Mojo
* High CVE-2024-9370: Inappropriate implementation in V8
chromium-129.0.6668.89-1.el9
FEDORA-EPEL-2024-ae299cc269
Packages in this update:
chromium-129.0.6668.89-1.el9
Update description:
update to 129.0.6668.89
* High CVE-2024-7025: Integer overflow in Layout
* High CVE-2024-9369: Insufficient data validation in Mojo
* High CVE-2024-9370: Inappropriate implementation in V8
apache-commons-io-2.11.0-5.fc39
FEDORA-2024-5d581b2365
Packages in this update:
apache-commons-io-2.11.0-5.fc39
Update description:
Fixes possible denial of service attack on untrusted input
Synacor Zimbra Collaboration Command Execution Vulnerability (CVE-2024-45519)
What is the Vulnerability?Attackers are actively exploiting CVE-2024-45519, a critical Zimbra vulnerability that allows attackers to execute arbitrary commands on vulnerable systems. CVE-2024-45519 is a vulnerability in the postjournal service used for recording email communications. This OS command injection flaw can be exploited without authentication and successful exploitation can lead to unauthorized access, privilege escalation, and potential compromise of the affected system’s integrity and confidentiality.Zimbra Collaboration (by Synacor) is a popular cloud-based collaboration software and email platform. The remote code execution vulnerability (CVE-2024-45519) in this software was disclosed on September 27, along with a proof of concept (PoC) exploit.What is the recommended Mitigation?Zimbra has released a patch for CVE-2024-45519. Organizations that haven’t implemented the latest patch are advised to do so immediately. https://blog.zimbra.com/2024/10/zimbra-cve-2024-45519-vulnerability-stay-secure-by-updating/ What FortiGuard Coverage is available?FortiGuard recommends users to apply the fix provided by the vendor. The FortiGuard Incident Response team can be engaged to help with any suspected compromise.The FortiGuard Labs team is further investigating to provide protections and will update this Threat Signal Report with more information once it becomes available.
p7zip-16.02-31.el8
FEDORA-EPEL-2024-851c74616f
Packages in this update:
p7zip-16.02-31.el8
Update description:
Fix wrapper to hide password from process history