Post Content

Read More

Multiple security issues have been found in the Mozilla Firefox web
browser, which could potentially result in the execution of arbitrary
code, information disclosure or spoofing.

https://security-tracker.debian.org/tracker/DSA-5627-1

Read More

It was discovered that a race condition existed in the ATM (Asynchronous
Transfer Mode) subsystem of the Linux kernel, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-51780)

It was discovered that a race condition existed in the Rose X.25 protocol
implementation in the Linux kernel, leading to a use-after- free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-51782)

It was discovered that the netfilter connection tracker for netlink in the
Linux kernel did not properly perform reference counting in some error
conditions. A local attacker could possibly use this to cause a denial of
service (memory exhaustion). (CVE-2023-7192)

Read More

It was discovered that the netfilter connection tracker for netlink in the
Linux kernel did not properly perform reference counting in some error
conditions. A local attacker could possibly use this to cause a denial of
service (memory exhaustion).

Read More

FEDORA-2024-d2f180202f

Packages in this update:

moodle-4.1.9-1.fc38

Update description:

Fix for multiple CVEs

Read More

FEDORA-EPEL-2024-c2135dc540

Packages in this update:

3proxy-0.9.4-2.el7

Update description:

Release of version 0.9.4

Read More

Marek Marczykowski-Górecki discovered that the Xen event channel
infrastructure implementation in the Linux kernel contained a race
condition. An attacker in a guest VM could possibly use this to cause a
denial of service (paravirtualized device unavailability). (CVE-2023-34324)

Zheng Wang discovered a use-after-free in the Renesas Ethernet AVB driver
in the Linux kernel during device removal. A privileged attacker could use
this to cause a denial of service (system crash). (CVE-2023-35827)

It was discovered that a race condition existed in the Linux kernel when
performing operations with kernel objects, leading to an out-of-bounds
write. A local attacker could use this to cause a denial of service (system
crash) or execute arbitrary code. (CVE-2023-45863)

黄思聪 discovered that the NFC Controller Interface (NCI) implementation in
the Linux kernel did not properly handle certain memory allocation failure
conditions, leading to a null pointer dereference vulnerability. A local
attacker could use this to cause a denial of service (system crash).
(CVE-2023-46343)

Read More

FEDORA-FLATPAK-2024-0572e6f545

Packages in this update:

flatpak-kde6-runtime-f39-18
flatpak-kde6-sdk-f39-13

Update description:

Refresh including latest Fedora 39 security and bug-fix errata.

Read More

FEDORA-FLATPAK-2024-99fadaeb5e

Packages in this update:

flatpak-kde5-runtime-f39-25
flatpak-kde5-sdk-f39-12

Update description:

Refresh including latest Fedora 39 security and bug-fix errata.

Read More

It was discovered that LibTIFF incorrectly handled certain files. If
a user were tricked into opening a specially crafted file, an attacker
could possibly use this issue to cause the application to crash, resulting
in a denial of service. (CVE-2023-52356)

It was discovered that LibTIFF incorrectly handled certain image files
with the tiffcp utility. If a user were tricked into opening a specially
crafted image file, an attacker could possibly use this issue to cause
tiffcp to crash, resulting in a denial of service. (CVE-2023-6228)

It was discovered that LibTIFF incorrectly handled certain files. If
a user were tricked into opening a specially crafted file, an attacker
could possibly use this issue to cause the application to consume
resources, resulting in a denial of service. (CVE-2023-6277)

Read More