Read Time:1 Second
Post Content
Category Archives: Advisories
GLSA 202402-33: PyYAML: Arbitrary Code Execution
DSA-5632-1 composer – security update
Read Time:17 Second
It was discovered that composer, a dependency manager for the PHP
language, processed files in the local working directory. This could
lead to local privilege escalation or malicious code execution. Due to
a technical issue this email was not sent on 2024-02-26 like it should
have.
DSA-5631-1 iwd – security update
Read Time:20 Second
It was discovered that iwd, the iNet Wireless Daemon, does not properly
handle messages in the 4-way handshake used when connecting to a
protected WiFi network for the first time. An attacker can take
advantage of this flaw to gain unauthorized access to a protected WiFi
network if iwd is operating in Access Point (AP) mode.
dotnet6.0-6.0.127-2.fc38
Read Time:8 Second
FEDORA-2024-b0e165ded6
Packages in this update:
dotnet6.0-6.0.127-2.fc38
Update description:
This is the February 2024 security update for .NET 6
dotnet6.0-6.0.127-2.fc39
Read Time:8 Second
FEDORA-2024-b02e95ce83
Packages in this update:
dotnet6.0-6.0.127-2.fc39
Update description:
This is the February 2024 update for .NET 6
chromium-122.0.6261.69-1.fc39
Read Time:7 Second
FEDORA-2024-ef56ea86fc
Packages in this update:
chromium-122.0.6261.69-1.fc39
Update description:
Updated to 122.0.6261.69
kernel-6.7.6-100.fc38
Read Time:9 Second
FEDORA-2024-71f0f16533
Packages in this update:
kernel-6.7.6-100.fc38
Update description:
The 6.7.6 stable kernel update contains a number of important fixes across the tree.
kernel-6.7.6-200.fc39
Read Time:9 Second
FEDORA-2024-d16d94b00d
Packages in this update:
kernel-6.7.6-200.fc39
Update description:
The 6.7.6 stable kernel update contains a number of important fixes across the tree.
USN-6653-1: Linux kernel vulnerabilities
Read Time:1 Minute, 10 Second
It was discovered that a race condition existed in the ATM (Asynchronous
Transfer Mode) subsystem of the Linux kernel, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-51780)
It was discovered that a race condition existed in the AppleTalk networking
subsystem of the Linux kernel, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2023-51781)
Zhenghan Wang discovered that the generic ID allocator implementation in
the Linux kernel did not properly check for null bitmap when releasing IDs.
A local attacker could use this to cause a denial of service (system
crash). (CVE-2023-6915)
Robert Morris discovered that the CIFS network file system implementation
in the Linux kernel did not properly validate certain server commands
fields, leading to an out-of-bounds read vulnerability. An attacker could
use this to cause a denial of service (system crash) or possibly expose
sensitive information. (CVE-2024-0565)
Jann Horn discovered that the TLS subsystem in the Linux kernel did not
properly handle spliced messages, leading to an out-of-bounds write
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2024-0646)