Vojtěch Vobr discovered that c-ares incorrectly handled user input from
local configuration files. An attacker could possibly use this issue to
cause a denial of service via application crash.
Category Archives: Advisories
rust-routinator-0.13.2-1.fc38
FEDORA-2024-28a151028a
Packages in this update:
rust-routinator-0.13.2-1.fc38
Update description:
from changelog:
Fix the RTR listener so that Routinator won’t exit if an incoming RTR
connection is closed again too quickly. (#937, reported by Yohei
Nishimura, Atsushi Enomoto, Ruka Miyachi; Internet Multifeed Co., Japan.
Assigned CVE-2024-1622.)
rust-routinator-0.13.2-1.fc39
FEDORA-2024-1f5908a311
Packages in this update:
rust-routinator-0.13.2-1.fc39
Update description:
from changelog:
Fix the RTR listener so that Routinator won’t exit if an incoming RTR
connection is closed again too quickly. (#937, reported by Yohei
Nishimura, Atsushi Enomoto, Ruka Miyachi; Internet Multifeed Co., Japan.
Assigned CVE-2024-1622.)
rust-routinator-0.13.2-1.fc40
FEDORA-2024-d20ff4a09b
Packages in this update:
rust-routinator-0.13.2-1.fc40
Update description:
from changelog:
Fix the RTR listener so that Routinator won’t exit if an incoming RTR
connection is closed again too quickly. (#937, reported by Yohei
Nishimura, Atsushi Enomoto, Ruka Miyachi; Internet Multifeed Co., Japan.
Assigned CVE-2024-1622.)
rust-routinator-0.13.2-1.el9
FEDORA-EPEL-2024-d996eeff0f
Packages in this update:
rust-routinator-0.13.2-1.el9
Update description:
from changelog:
Fix the RTR listener so that Routinator won’t exit if an incoming RTR
connection is closed again too quickly. (#937, reported by Yohei
Nishimura, Atsushi Enomoto, Ruka Miyachi; Internet Multifeed Co., Japan.
Assigned CVE-2024-1622.)
USN-6649-2: Firefox regressions
USN-6649-1 fixed vulnerabilities in Firefox. The update introduced
several minor regressions. This update fixes the problem.
Original advisory details:
Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code. (CVE-2024-1547,
CVE-2024-1548, CVE-2024-1549, CVE-2024-1550, CVE-2024-1553, CVE-2024-1554,
CVE-2024-1555, CVE-2024-1557)
Alfred Peters discovered that Firefox did not properly manage memory when
storing and re-accessing data on a networking channel. An attacker could
potentially exploit this issue to cause a denial of service.
(CVE-2024-1546)
Johan Carlsson discovered that Firefox incorrectly handled Set-Cookie
response headers in multipart HTTP responses. An attacker could
potentially exploit this issue to inject arbitrary cookie values.
(CVE-2024-1551)
Gary Kwong discovered that Firefox incorrectly generated codes on 32-bit
ARM devices, which could lead to unexpected numeric conversions or
undefined behaviour. An attacker could possibly use this issue to cause a
denial of service. (CVE-2024-1552)
Ronald Crane discovered that Firefox did not properly manage memory when
accessing the built-in profiler. An attacker could potentially exploit
this issue to cause a denial of service. (CVE-2024-1556)
DSA-5636-1 chromium – security update
Multiple security issues were discovered in Chromium, which could result
in the execution of arbitrary code, denial of service or information
disclosure.
Multiple Vulnerabilities in Apple Products Could Allow for Privilege Escalation.
Multiple vulnerabilities have been discovered in Apple products, the most severe of which could allow for privilege escalation. Successful exploitation of the most severe of these vulnerabilities could allow for privilege escalation in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
USN-6678-1: libgit2 vulnerabilities
It was discovered that libgit2 mishandled equivalent filenames on NTFS
partitions. If a user or automated system were tricked into cloning a
specially crafted repository, an attacker could possibly use this issue to
execute arbitrary code. This issue only affected Ubuntu 16.04 LTS and
Ubuntu 18.04 LTS. (CVE-2020-12278, CVE-2020-12279)
It was discovered that libgit2 did not perform certificate checking by
default. An attacker could possibly use this issue to perform a
machine-in-the-middle attack. This issue only affected Ubuntu 16.04 LTS,
Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2023-22742)
It was discovered that libgit2 could be made to run into an infinite loop.
An attacker could possibly use this issue to cause a denial of service.
This issue only affected Ubuntu 23.10. (CVE-2024-24575)
It was discovered that libgit2 did not properly manage memory. An attacker
could possibly use this issue to cause a denial of service or execute
arbitrary code. (CVE-2024-24577)
USN-6677-1: libde265 vulnerabilities
It was discovered that libde265 could be made to dereference invalid
memory. If a user or automated system were tricked into opening a specially
crafted file, an attacker could possibly use this issue to cause a denial
of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.
(CVE-2023-27102)
It was discovered that libde265 could be made to write out of bounds. If a
user or automated system were tricked into opening a specially crafted
file, an attacker could possibly use this issue to cause a denial of
service or execute arbitrary code. This issue only affected Ubuntu 16.04
LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS.
(CVE-2023-27103)
It was discovered that libde265 could be made to write out of bounds. If a
user or automated system were tricked into opening a specially crafted
file, an attacker could possibly use this issue to cause a denial of
service or execute arbitrary code. (CVE-2023-43887, CVE-2023-47471,
CVE-2023-49465, CVE-2023-49467, CVE-2023-49468)