This update fixes multiple vulnerabilities in Imagemagick: Various memory
handling problems and cases of missing or incomplete input sanitising
may result in denial of service, memory disclosure or potentially the
execution of arbitrary code if malformed image files are processed.
chromium-122.0.6261.57-1.fc39
update to 122.0.6261.57
High CVE-2024-1669: Out of bounds memory access in Blink
High CVE-2024-1670: Use after free in Mojo
Medium CVE-2024-1671: Inappropriate implementation in Site Isolation
Medium CVE-2024-1672: Inappropriate implementation in Content Security Policy
Medium CVE-2024-1673: Use after free in Accessibility
Medium CVE-2024-1674: Inappropriate implementation in Navigation
Medium CVE-2024-1675: Insufficient policy enforcement in Download
Low CVE-2024-1676: Inappropriate implementation in Navigation
Multiple vulnerabilities have been discovered in Mozilla products, the most severe of which could allow for arbitrary code execution.
Mozilla Firefox is a web browser used to access the Internet.
Mozilla Firefox ESR is a version of the web browser intended to be deployed in large organizations.
Mozilla Thunderbird is an email client.
Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
dotnet7.0-7.0.116-1.fc38
This is the February 2024 update for .NET 7.
Release Notes:
– Runtime: https://github.com/dotnet/core/blob/main/release-notes/7.0/7.0.16/7.0.16.md
– SDK: https://github.com/dotnet/core/blob/main/release-notes/7.0/7.0.16/7.0.116.md
dotnet7.0-7.0.116-1.fc39
This is the February 2024 update for .NET 7.
Release Notes:
– Runtime: https://github.com/dotnet/core/blob/main/release-notes/7.0/7.0.16/7.0.16.md
– SDK: https://github.com/dotnet/core/blob/main/release-notes/7.0/7.0.16/7.0.116.md
dotnet8.0-8.0.102-1.fc38
This is the February 2024 update for .NET 8.
Release Notes:
– Runtime: https://github.com/dotnet/core/blob/main/release-notes/8.0/8.0.2/8.0.2.md
– SDK: https://github.com/dotnet/core/blob/main/release-notes/8.0/8.0.2/8.0.102.md
Add -dbg subpackages and move all managed symbol files into those packages
dotnet8.0-8.0.102-1.fc39
This is the February 2024 update for .NET 8.
Release Notes:
– Runtime: https://github.com/dotnet/core/blob/main/release-notes/8.0/8.0.2/8.0.2.md
– SDK: https://github.com/dotnet/core/blob/main/release-notes/8.0/8.0.2/8.0.102.md
Add -dbg subpackages and move all managed symbol files into those packages
It was discovered that a race condition existed in the ATM (Asynchronous
Transfer Mode) subsystem of the Linux kernel, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-51780)
It was discovered that a race condition existed in the Rose X.25 protocol
implementation in the Linux kernel, leading to a use-after- free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-51782)
It was discovered that the netfilter connection tracker for netlink in the
Linux kernel did not properly perform reference counting in some error
conditions. A local attacker could possibly use this to cause a denial of
service (memory exhaustion). (CVE-2023-7192)
USN-6584-1 fixed several vulnerabilities in Ubuntu 18.04 LTS and
Ubuntu 20.04 LTS. This update provides the corresponding updates for
CVE-2021-33912 and CVE-2021-33913 in Ubuntu 16.04 LTS.
We apologize for the inconvenience.
Original advisory details:
Philipp Jeitner and Haya Shulman discovered that Libspf2 incorrectly handled
certain inputs. If a user or an automated system were tricked into opening a
specially crafted input file, a remote attacker could possibly use this issue
to cause a denial of service or execute arbitrary code. (CVE-2021-20314)
It was discovered that Libspf2 incorrectly handled certain inputs. If a user or
an automated system were tricked into opening a specially crafted input file, a
remote attacker could possibly use this issue to cause a denial of service or
execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and
Ubuntu 20.04 LTS. (CVE-2021-33912, CVE-2021-33913)
Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Feb 20
SEC Consult Vulnerability Lab Security Advisory < 20240220-0 >
=======================================================================
title: Multiple Stored Cross-Site Scripting Vulnerabilities
product: OpenOLAT (Frentix GmbH)
vulnerable version: <= 18.1.4 and <= 18.1.5
fixed version: 18.1.6 / 18.2
CVE number: CVE-2024-25973, CVE-2024-25974
impact: High…
