FEDORA-2024-ee7c81a4d6
Packages in this update:
xen-4.18.0-6.fc40
Update description:
x86: shadow stack vs exceptions from emulation stubs – [XSA-451,
CVE-2023-46841] (#2266326)
xen-4.18.0-6.fc40
x86: shadow stack vs exceptions from emulation stubs – [XSA-451,
CVE-2023-46841] (#2266326)
USN-6644-1 fixed vulnerabilities in LibTIFF.
This update provides the corresponding updates for Ubuntu 22.04 LTS.
Original advisory details:
It was discovered that LibTIFF incorrectly handled certain files. If
a user were tricked into opening a specially crafted file, an attacker
could possibly use this issue to cause the application to crash, resulting
in a denial of service. (CVE-2023-52356)
It was discovered that LibTIFF incorrectly handled certain image files
with the tiffcp utility. If a user were tricked into opening a specially
crafted image file, an attacker could possibly use this issue to cause
tiffcp to crash, resulting in a denial of service. (CVE-2023-6228)
It was discovered that LibTIFF incorrectly handled certain files. If
a user were tricked into opening a specially crafted file, an attacker
could possibly use this issue to cause the application to consume
resources, resulting in a denial of service. (CVE-2023-6277)
It was discovered that less incorrectly handled certain file names.
An attacker could possibly use this issue to cause a crash or execute
arbitrary commands.
golang-github-tdewolff-argp-0-0.1.20240227git719bbce.fc38
golang-github-tdewolff-minify-2.20.18-1.fc38
golang-github-tdewolff-parse-2.7.12-1.fc38
Update to latest version
Security fix for CVE-2023-39325
golang-github-tdewolff-argp-0-0.1.20240227git719bbce.fc39
golang-github-tdewolff-minify-2.20.18-1.fc39
golang-github-tdewolff-parse-2.7.12-1.fc39
Update to latest version
Security fix for CVE-2023-39325
As a security improvement, this update prevents OpenSSL
from returning an error when detecting wrong padding
in PKCS#1 v1.5 RSA, to prevent its use in possible
Bleichenbacher timing attacks.
USN-6305-1 fixed several vulnerabilities in PHP. This update provides
the corresponding update for Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS.
Original advisory details:
It was discovered that PHP incorrectly handled certain XML files.
An attacker could possibly use this issue to expose sensitive information.
(CVE-2023-3823)
It was discovered that PHP incorrectly handled certain PHAR files.
An attacker could possibly use this issue to cause a crash,
expose sensitive information or execute arbitrary code.
(CVE-2023-3824)
cpp-jwt-1.4-7.fc38
Fix side channel vulnerability
cpp-jwt-1.4-7.el8
Fix side channel vulnerability
cpp-jwt-1.4-7.fc39
Fix side channel vulnerability