FEDORA-EPEL-2024-35583dfe8b
Packages in this update:
iaito-5.9.6-2.el8
radare2-5.9.6-2.el8
Update description:
fix CVE-2024-48241
iaito-5.9.6-2.el8
radare2-5.9.6-2.el8
fix CVE-2024-48241
iaito-5.9.6-1.fc41
radare2-5.9.6-1.fc41
fix CVE-2024-48241
iaito-5.9.6-1.el9
radare2-5.9.6-1.el9
fix CVE-2024-48241
iaito-5.9.6-1.fc39
radare2-5.9.6-1.fc39
fix CVE-2024-48241
Posted by Enrico Weigelt, metux IT consult on Oct 31
XLibre project security advisory
———————————
As Xlibre Xnest is based on Xorg, it is affected by some security issues
which recently became known in Xorg:
CVE-2024-9632: can be triggered by providing a modified bitmap to the
X.Org server.
CVE-2024-9632: Heap-based buffer overflow privilege escalation in
_XkbSetCompatMap
See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9632
Affected versions:
* 24.1.0…
Posted by Apple Product Security via Fulldisclosure on Oct 31
APPLE-SA-10-29-2024-1 Safari 18.1
Safari 18.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/121571.
Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.
Safari Downloads
Available for: macOS Ventura and macOS Sonoma
Impact: An attacker may be able to misuse a trust relationship to…
Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Oct 31
SEC Consult Vulnerability Lab Security Advisory < 20241030-0 >
=======================================================================
title: Query Filter Injection
product: Ping Identity PingIDM (formerly known as ForgeRock Identity
Management)
vulnerable version: v7.0.0 – v7.5.0 (and older unsupported versions)
fixed version: various patches; v8.0
CVE number:…
Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux
kernel contained an integer overflow vulnerability. A local attacker could
use this to cause a denial of service (system crash). (CVE-2022-36402)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– ARM64 architecture;
– PowerPC architecture;
– User-Mode Linux (UML);
– x86 architecture;
– Block layer subsystem;
– Cryptographic API;
– Android drivers;
– Serial ATA and Parallel ATA drivers;
– ATM drivers;
– Drivers core;
– CPU frequency scaling framework;
– Device frequency scaling framework;
– GPU drivers;
– HID subsystem;
– Hardware monitoring drivers;
– InfiniBand drivers;
– Input Device core drivers;
– IOMMU subsystem;
– IRQ chip drivers;
– ISDN/mISDN subsystem;
– LED subsystem;
– Multiple devices driver;
– Media drivers;
– EEPROM drivers;
– VMware VMCI Driver;
– MMC subsystem;
– Network drivers;
– Near Field Communication (NFC) drivers;
– NVME drivers;
– Device tree and open firmware driver;
– Parport drivers;
– PCI subsystem;
– Pin controllers subsystem;
– Remote Processor subsystem;
– S/390 drivers;
– SCSI drivers;
– QCOM SoC drivers;
– Direct Digital Synthesis drivers;
– TTY drivers;
– Userspace I/O drivers;
– DesignWare USB3 driver;
– USB subsystem;
– BTRFS file system;
– File systems infrastructure;
– Ext4 file system;
– F2FS file system;
– JFS file system;
– NILFS2 file system;
– BPF subsystem;
– Core kernel;
– DMA mapping infrastructure;
– Tracing infrastructure;
– Radix Tree data structure library;
– Kernel userspace event delivery library;
– Objagg library;
– Memory management;
– Amateur Radio drivers;
– Bluetooth subsystem;
– CAN network layer;
– Networking core;
– Ethtool driver;
– IPv4 networking;
– IPv6 networking;
– IUCV driver;
– KCM (Kernel Connection Multiplexor) sockets driver;
– MAC80211 subsystem;
– Netfilter;
– Network traffic control;
– SCTP protocol;
– Sun RPC protocol;
– TIPC protocol;
– TLS protocol;
– Wireless networking;
– AppArmor security module;
– Simplified Mandatory Access Control Kernel framework;
– SoC audio core drivers;
– USB sound devices;
(CVE-2024-43894, CVE-2024-46737, CVE-2024-46828, CVE-2024-42244,
CVE-2024-46723, CVE-2024-41073, CVE-2024-46756, CVE-2024-42288,
CVE-2024-46840, CVE-2024-46771, CVE-2024-46757, CVE-2024-43860,
CVE-2024-46747, CVE-2024-41017, CVE-2024-42246, CVE-2024-44988,
CVE-2024-42281, CVE-2024-36484, CVE-2024-43856, CVE-2024-47668,
CVE-2024-46759, CVE-2024-46744, CVE-2024-42289, CVE-2024-42131,
CVE-2024-46679, CVE-2024-42304, CVE-2024-46818, CVE-2024-43858,
CVE-2024-44960, CVE-2024-45028, CVE-2024-26885, CVE-2024-46676,
CVE-2024-46780, CVE-2024-42310, CVE-2024-44987, CVE-2024-41090,
CVE-2024-44954, CVE-2024-45026, CVE-2024-42285, CVE-2023-52614,
CVE-2024-27051, CVE-2024-43880, CVE-2024-43839, CVE-2024-43884,
CVE-2024-42311, CVE-2024-43893, CVE-2024-41072, CVE-2024-41091,
CVE-2024-46758, CVE-2024-41022, CVE-2024-46745, CVE-2024-42305,
CVE-2024-46673, CVE-2024-42284, CVE-2024-46844, CVE-2024-46677,
CVE-2024-45025, CVE-2024-43861, CVE-2024-43914, CVE-2024-46783,
CVE-2024-41012, CVE-2024-44999, CVE-2024-44946, CVE-2024-42276,
CVE-2024-46740, CVE-2024-42295, CVE-2024-44947, CVE-2024-41059,
CVE-2024-26669, CVE-2024-38602, CVE-2024-42306, CVE-2023-52918,
CVE-2024-42297, CVE-2024-42229, CVE-2024-43853, CVE-2024-45006,
CVE-2024-44998, CVE-2024-42283, CVE-2024-44952, CVE-2024-46761,
CVE-2024-43841, CVE-2024-44944, CVE-2024-42313, CVE-2024-45008,
CVE-2024-46714, CVE-2024-41065, CVE-2024-43883, CVE-2024-43867,
CVE-2024-42286, CVE-2024-43879, CVE-2024-43846, CVE-2024-42280,
CVE-2024-43854, CVE-2021-47212, CVE-2024-35848, CVE-2024-41020,
CVE-2024-41068, CVE-2024-45021, CVE-2024-41098, CVE-2024-44965,
CVE-2024-43890, CVE-2024-45003, CVE-2024-44969, CVE-2024-41011,
CVE-2024-46738, CVE-2024-41071, CVE-2024-26800, CVE-2024-46721,
CVE-2024-42292, CVE-2024-41081, CVE-2024-44948, CVE-2023-52531,
CVE-2024-26891, CVE-2024-26641, CVE-2024-42287, CVE-2024-46722,
CVE-2024-41042, CVE-2024-46675, CVE-2024-46743, CVE-2024-42259,
CVE-2024-41015, CVE-2024-43908, CVE-2024-46719, CVE-2024-43871,
CVE-2024-46739, CVE-2024-42301, CVE-2024-47659, CVE-2024-42271,
CVE-2024-26668, CVE-2024-43835, CVE-2024-46829, CVE-2024-47667,
CVE-2024-44995, CVE-2024-47669, CVE-2024-38611, CVE-2024-40929,
CVE-2024-46815, CVE-2024-43830, CVE-2024-42309, CVE-2024-41063,
CVE-2024-46782, CVE-2024-46777, CVE-2024-42265, CVE-2024-46781,
CVE-2024-26607, CVE-2024-41064, CVE-2024-46685, CVE-2024-43882,
CVE-2024-44935, CVE-2024-46800, CVE-2024-46822, CVE-2024-46755,
CVE-2024-46817, CVE-2024-43829, CVE-2024-46798, CVE-2024-46689,
CVE-2024-42290, CVE-2024-46750, CVE-2024-26640, CVE-2024-47663,
CVE-2024-41070)
polkit-125-1.fc41.1
Setting loglevels and target via LogControl now allowed to root only
https://github.com/polkit-org/polkit/issues/506
https://github.com/polkit-org/polkit/issues/507
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– Microsoft Azure Network Adapter (MANA) driver;
– Watchdog drivers;
– Netfilter;
– Network traffic control;
(CVE-2024-45016, CVE-2024-38630, CVE-2024-45001, CVE-2024-27397)