It was discovered that libsoup ignored certain characters at the end of
header names. A remote attacker could possibly use this issue to perform
a HTTP request smuggling attack. (CVE-2024-52530)

It was discovered that libsoup did not correctly handle memory while
performing UTF-8 conversions. An attacker could possibly use this issue
to cause a denial of service or execute arbitrary code. (CVE-2024-52531)

It was discovered that libsoup could enter an infinite loop when reading
certain websocket data. An attacker could possibly use this issue to
cause a denial of service. (CVE-2024-52532)

Read More

It was discovered that libsoup ignored certain characters at the end of
header names. A remote attacker could possibly use this issue to perform
a HTTP request smuggling attack. This issue only affected Ubuntu 22.04 LTS
and Ubuntu 24.04 LTS. (CVE-2024-52530)

It was discovered that libsoup did not correctly handle memory while
performing UTF-8 conversions. An attacker could possibly use this issue
to cause a denial of service or execute arbitrary code. (CVE-2024-52531)

It was discovered that libsoup could enter an infinite loop when reading
certain websocket data. An attacker could possibly use this issue to
cause a denial of service. (CVE-2024-52532)

Read More

Multiple security issues were discovered in Thunderbird, which could
result in denial of service or the execution of arbitrary code.

https://security-tracker.debian.org/tracker/DSA-5821-1

Read More

Multiple security issues have been found in the Mozilla Firefox web
browser, which could potentially result in the execution of arbitrary
code, spoofing or cross-site scripting.

https://security-tracker.debian.org/tracker/DSA-5820-1

Read More

FEDORA-EPEL-2024-31cdfc6c97

Packages in this update:

python-django3-3.2.25-1.el8

Update description:

Last update of Django3 for EPEL 8

Read More

It was discovered that GitHub CLI incorrectly handled username
validation. An attacker could possibly use this issue to perform
remote code execution if the user connected to a malicious server.
(CVE-2024-52308)

Read More

USN-6988-1 fixed CVE-2024-41671 in Twisted. The USN incorrectly stated that
previous releases were unaffected. This update provides the equivalent fix
for Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 18.04 LTS.

Original advisory details:

Ben Kallus discovered that Twisted incorrectly handled response order when
processing multiple HTTP requests. A remote attacker could possibly use
this issue to delay and manipulate responses.
This issue only affected Ubuntu 24.04 LTS. (CVE-2024-41671)

Read More

It was discovered that TinyGLTF performed file path expansion in an
insecure way on certain inputs. An attacker could possibly use this
issue to cause a denial of service, or execute arbitrary code.

Read More

FEDORA-2024-fb2157c952

Packages in this update:

tuned-2.24.1-1.fc39

Update description:

This is new version that fixes CVE-2024-52336 and CVE-2024-52337 which allowed privileged execution by non-privileged active local user and log injection.

Read More

FEDORA-2024-0cab161b46

Packages in this update:

tuned-2.24.1-1.fc40

Update description:

This is new version that fixes CVE-2024-52336 and CVE-2024-52337 which allowed privileged execution by non-privileged active local user and log injection.

Read More