FEDORA-EPEL-2024-42a2a0f9b6
Packages in this update:
libuev-2.4.1-1.el9
Update description:
Security fix for CVE-2022-48620
libuev-2.4.1-1.el9
Security fix for CVE-2022-48620
libuev-2.4.1-1.fc38
Security fix for CVE-2022-48620
libuev-2.4.1-1.fc39
Security fix for CVE-2022-48620
libuev-2.4.1-1.fc40
Security fix for CVE-2022-48620
Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for arbitrary code execution.
Adobe Experience Manager is an all-in-one software suite used for content and asset management.
Adobe Premiere Pro is a timeline-based and non-linear video editing software application.
Adobe ColdFusion is a rapid development platform for building and deploying web and mobile applications.
Adobe Bridge is used to preview, organize, edit, and publish assets.
Adobe Lightroom is a photo editing and storage application available through the Adobe Creative Cloud.
Adobe Animate is used to create vector graphics and interactive content.
Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights
pdfmixtool-flatpak-1.1.1-3
Fix for CVE-2024-24246 in qpdf
pdfarranger-flatpak-1.10.1-4
Fix for CVE-2024-24246 in qpdf
libvirt-9.7.0-3.fc39
Fix crash listing interfaces with missing link status attribute (rhbz #2266014)
Fix crash listing interfaces with missized array (CVE-2024-1441)
libvirt-9.0.0-5.fc38
Fix crash listing interfaces with missing link status attribute (rhbz #2266014)
Fix crash listing interfaces with missized array (CVE-2024-1441)
What are the Vulnerabilities?
Two new vulnerabilities affecting JetBrains TeamCity CI/CD server have been identified and tagged as CVE-2024-27198 and CVE-2024-27199. The most severe of the two, CVE-2024-27198, has been added to CISA’s known exploited catalog which allows for a complete compromise of a vulnerable TeamCity server by a remote unauthenticated attacker.
What is the Vendor Solution?
On March 3, 2024, JetBrains released TeamCity 2023.11.4 to fix both CVE-2024-27198 and CVE-2024-27199. [ Link ]
What FortiGuard Coverage is available?
FortiGuard Labs has released endpoint vulnerability signatures, which can help detect vulnerable systems and auto-patch where applicable, and has blocked all the known indicators of compromise (IoCs).
FortiGuard Labs recommends companies to review the vendor’s advisory.