Read Time:8 Second
It was discovered that HtmlCleaner incorrectly handled certain html
documents. An attacker could possibly use this issue to cause a denial
of service via application crash.
Category Archives: Advisories
openvswitch-3.2.2-1.fc39
Read Time:9 Second
FEDORA-2024-a4530e9bfe
Packages in this update:
openvswitch-3.2.2-1.fc39
Update description:
Update to 3.2.2
It indirectly fix CVE-2023-3966 and CVE-2023-5366
USN-6682-1: Puma vulnerabilities
Read Time:55 Second
ZeddYu Lu discovered that Puma incorrectly handled parsing certain headers.
A remote attacker could possibly use this issue to perform an HTTP Request
Smuggling attack. This issue only affected Ubuntu 20.04 LTS.
(CVE-2020-11076)
It was discovered that Puma incorrectly handled parsing certain headers.
A remote attacker could possibly use this issue to perform an HTTP Request
Smuggling attack. This issue only affected Ubuntu 20.04 LTS.
(CVE-2020-11077)
Jean Boussier discovered that Puma might not always release resources
properly after handling HTTP requests. A remote attacker could possibly
use this issue to read sensitive information. (CVE-2022-23634)
It was discovered that Puma incorrectly handled certain malformed headers.
A remote attacker could use this issue to perform an HTTP Request Smuggling
attack. (CVE-2022-24790)
Ben Kallus discovered that Puma incorrectly handled parsing certain headers.
A remote attacker could use this issue to perform an HTTP Request Smuggling
attack. (CVE-2023-40175)
Bartek Nowotarski discovered that Puma incorrectly handled parsing certain
encoded content. A remote attacker could possibly use this to cause a
denial of service. (CVE-2024-21647)
openvswitch-3.3.0-1.fc40
Read Time:15 Second
FEDORA-2024-1f26ce7731
Packages in this update:
openvswitch-3.3.0-1.fc40
Update description:
Update to 3.3.0
Remove network-scripts subpackage starting from Fedora 40
Backport a simple fix to avoid “SSL db: implementation” test to fail
It also indirectly fix CVE-2023-3966 and CVE-2023-5366
iwd-2.16-1.fc40
Read Time:24 Second
FEDORA-2024-3fa713f2e0
Packages in this update:
iwd-2.16-1.fc40
Update description:
iwd 2.16:
Fix issue with uninitialized variable and DPP encrypt.
Fix issue with Access Point mode and ATTR_MAC validation.
Fix issue with Access Point mode and frequency attributes.
Fix issue with P2P and handling client info description.
Fix issue with P2P and handling parsing of service info.
Fix issue with netconfig and handling domain list.
Add support for forcing a default ECC group.
iwd-2.16-1.fc39
Read Time:24 Second
FEDORA-2024-4ef5edfb2a
Packages in this update:
iwd-2.16-1.fc39
Update description:
iwd 2.16:
Fix issue with uninitialized variable and DPP encrypt.
Fix issue with Access Point mode and ATTR_MAC validation.
Fix issue with Access Point mode and frequency attributes.
Fix issue with P2P and handling client info description.
Fix issue with P2P and handling parsing of service info.
Fix issue with netconfig and handling domain list.
Add support for forcing a default ECC group.
opensc-0.25.0-1.fc40
Read Time:9 Second
FEDORA-2024-3dbc3e8105
Packages in this update:
opensc-0.25.0-1.fc40
Update description:
New upstream release with security fixes for CVE-2023-5992 and CVE-2024-1454
opensc-0.25.0-1.fc39
Read Time:9 Second
FEDORA-2024-6460a03e29
Packages in this update:
opensc-0.25.0-1.fc39
Update description:
New upstream release with security fixes for CVE-2023-5992 and CVE-2024-1454
opensc-0.25.0-1.fc38
Read Time:9 Second
FEDORA-2024-b92d44f141
Packages in this update:
opensc-0.25.0-1.fc38
Update description:
New upstream release with security fixes for CVE-2023-5992 and CVE-2024-1454
USN-6681-1: Linux kernel vulnerabilities
Read Time:1 Minute, 48 Second
Wenqing Liu discovered that the f2fs file system implementation in the
Linux kernel did not properly validate inode types while performing garbage
collection. An attacker could use this to construct a malicious f2fs image
that, when mounted and operated on, could cause a denial of service (system
crash). (CVE-2021-44879)
It was discovered that the DesignWare USB3 for Qualcomm SoCs driver in the
Linux kernel did not properly handle certain error conditions during device
registration. A local attacker could possibly use this to cause a denial of
service (system crash). (CVE-2023-22995)
Bien Pham discovered that the netfiler subsystem in the Linux kernel
contained a race condition, leading to a use-after-free vulnerability. A
local user could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2023-4244)
It was discovered that a race condition existed in the Bluetooth subsystem
of the Linux kernel, leading to a use-after-free vulnerability. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2023-51779)
It was discovered that a race condition existed in the ATM (Asynchronous
Transfer Mode) subsystem of the Linux kernel, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-51780)
It was discovered that a race condition existed in the Rose X.25 protocol
implementation in the Linux kernel, leading to a use-after- free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-51782)
Alon Zahavi discovered that the NVMe-oF/TCP subsystem of the Linux kernel
did not properly handle connect command payloads in certain situations,
leading to an out-of-bounds read vulnerability. A remote attacker could use
this to expose sensitive information (kernel memory). (CVE-2023-6121)
It was discovered that the VirtIO subsystem in the Linux kernel did not
properly initialize memory in some situations. A local attacker could use
this to possibly expose sensitive information (kernel memory).
(CVE-2024-0340)