Kevin Backhouse discovered that HPLIP incorrectly handled certain MDNS
responses. A remote attacker could use this issue to cause HPLIP to crash,
resulting in a denial of service, or possibly execute arbitrary code.
Several security issues were discovered in the WebKitGTK Web and JavaScript
engines. If a user were tricked into viewing a malicious website, a remote
attacker could exploit a variety of issues related to web browser security,
including cross-site scripting attacks, denial of service attacks, and
arbitrary code execution.
It was discovered that Roundcube incorrectly handled certain file-based
attachment plugins. An attacker could exploit this to gain unauthorized
access to arbitrary files on the host’s file system.
USN-6940-1 fixed vulnerabilities in snapd. This update provides the
corresponding updates for Ubuntu 18.04 LTS and Ubuntu 16.04 LTS.
Original advisory details:
Neil McPhail discovered that snapd did not properly restrict writes to
the /home/jslarraz/bin path in the AppArmor profile for snaps using the home
plug. An attacker who could convince a user to install a malicious snap
could use this vulnerability to escape the snap sandbox. (CVE-2024-1724)
Zeyad Gouda discovered that snapd failed to properly check the file type
when extracting a snap. An attacker who could convince a user to install
a malicious snap containing non-regular files could then cause snapd to
block indefinitely while trying to read from such files and cause a
denial of service. (CVE-2024-29068)
Zeyad Gouda discovered that snapd failed to properly check the
destination of symbolic links when extracting a snap. An attacker who
could convince a user to install a malicious snap containing crafted
symbolic links could then cause snapd to write out the contents of the
symbolic link destination into a world-readable directory. This in-turn
could allow a local unprivileged user to gain access to privileged
information. (CVE-2024-29069)
It was discovered that Expat, contained within the xmltok library,
incorrectly handled malformed XML data. If a user or application were
tricked into opening a crafted XML file, an attacker could cause a denial
of service, or possibly execute arbitrary code. (CVE-2015-1283,
CVE-2016-0718, CVE-2016-4472, CVE-2019-15903)
It was discovered that Expat, contained within the xmltok library,
incorrectly handled XML data containing a large number of colons, which
could lead to excessive resource consumption. If a user or application
were tricked into opening a crafted XML file, an attacker could possibly
use this issue to cause a denial of service. (CVE-2018-20843)
It was discovered that Expat, contained within the xmltok library,
incorrectly handled certain input, which could lead to an integer
overflow. If a user or application were tricked into opening a crafted XML
file, an attacker could possibly use this issue to cause a denial of
service. (CVE-2021-46143, CVE-2022-22822, CVE-2022-22823, CVE-2022-22824,
CVE-2022-22825, CVE-2022-22826, CVE-2022-22827)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Google Chrome. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 5.4. The following CVEs are assigned: CVE-2024-2886.
stb-0-0.50.20241002git31707d1.el8
Add another patch for the root cause of CVE-2021-45340. We already have a patch for CVE-2021-45340, but adding this new patch may prevent a related, unproven exploit as described in https://github.com/nothings/stb/pull/1454#issuecomment-2581308033.
Several vulnerabilities were discovered in OpenAFS, an implementation of
the AFS distributed filesystem, which may result in theft of credentials
in Unix client PAGs (CVE-2024-10394), fileserver crashes and information
leak on StoreACL/FetchACL (CVE-2024-10396) or buffer overflows in XDR
responses resulting in denial of service and potentially code execution
(CVE-2024-10397).
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– Ext4 file system;
– Network traffic control;
– VMware vSockets driver;
(CVE-2024-49967, CVE-2024-53057, CVE-2024-50264)
stb-0^20241002git31707d1-4.el9
Add another patch for the root cause of CVE-2021-45340. We already have a patch for CVE-2021-45340, but adding this new patch may prevent a related, unproven exploit as described in https://github.com/nothings/stb/pull/1454#issuecomment-2581308033.
