FEDORA-EPEL-2024-ad53379349

Packages in this update:

suricata-6.0.16-1.el9

Update description:

This update fixes: CVE-2024-23835, CVE-2024-23836, CVE-2024-23837, CVE-2024-23839, CVE-2024-24568.

Read More

It was discovered that malformed DNSSEC records within a DNS zone could
result in denial of service against Knot Resolver, a caching, DNSSEC-
validating DNS resolver.

https://security-tracker.debian.org/tracker/DSA-5633-1

Read More

It was discovered that libde265 could be made to write out of bounds. If a
user or automated system were tricked into opening a specially crafted
file, an attacker could possibly use this issue to cause a denial of
service or execute arbitrary code. (CVE-2022-43244, CVE-2022-43249,
CVE-2022-43250, CVE-2022-47665, CVE-2023-25221)

It was discovered that libde265 could be made to read out of bounds. If a
user or automated system were tricked into opening a specially crafted
file, an attacker could possibly use this issue to cause a denial of
service. (CVE-2022-43245)

It was discovered that libde265 could be made to dereference invalid
memory. If a user or automated system were tricked into opening a specially
crafted file, an attacker could possibly use this issue to cause a denial
of service. (CVE-2023-24751, CVE-2023-24752, CVE-2023-24754,
CVE-2023-24755, CVE-2023-24756, CVE-2023-24757, CVE-2023-24758)

Read More

It was discovered that libxml2 incorrectly handled certain XML documents. A
remote attacker could possibly use this issue to cause libxml2 to crash,
resulting in a denial of service, or possibly execute arbitrary code.

Read More

Elias Heftrig, Haya Schulmann, Niklas Vogel, and Michael Waidner discovered
that Dnsmasq icorrectly handled validating DNSSEC messages. A remote
attacker could possibly use this issue to cause Dnsmasq to consume
resources, leading to a denial of service. (CVE-2023-50387)

It was discovered that Dnsmasq incorrectly handled preparing an NSEC3
closest encloser proof. A remote attacker could possibly use this issue to
cause Dnsmasq to consume resources, leading to a denial of service.
(CVE-2023-50868)

It was discovered that Dnsmasq incorrectly set the maximum EDNS.0 UDP
packet size as required by DNS Flag Day 2020. This issue only affected
Ubuntu 23.10. (CVE-2023-28450)

Read More

FEDORA-2024-bbfef02415

Packages in this update:

freeipa-4.10.3-2.fc38

Update description:

Security release: CVE-2024-1481
Resolves: rhbz#2265129

Read More

FEDORA-2024-826453ad39

Packages in this update:

freeipa-4.11.1-2.fc39

Update description:

Security release: CVE-2024-1481
Resolves: rhbz#2265129

Read More

It was discovered that PostgreSQL incorrectly handled dropping privileges
when handling REFRESH MATERIALIZED VIEW CONCURRENTLY commands. If a user or
automatic system were tricked into running a specially crafted command, a
remote attacker could possibly use this issue to execute arbitrary SQL
functions.

Read More

FEDORA-2024-a9dead34c5

Packages in this update:

edk2-20240214-2.fc39

Update description:

update to edk2-stable202402

Read More

It was discovered that GNU binutils was not properly handling the logic
behind certain memory management related operations, which could lead to
an invalid memory access. An attacker could possibly use this issue to
cause a denial of service. (CVE-2022-47695)

It was discovered that GNU binutils was not properly performing bounds
checks when dealing with memory allocation operations, which could lead
to excessive memory consumption. An attacker could possibly use this issue
to cause a denial of service. (CVE-2022-48063)

It was discovered that GNU binutils incorrectly handled memory management
operations in several of its functions, which could lead to excessive
memory consumption due to memory leaks. An attacker could possibly use
these issues to cause a denial of service. (CVE-2022-48065)

Read More