FEDORA-2024-a5d6cd9f0a
Packages in this update:
unbound-1.21.1-1.fc41
Update description:
Fixed builds on F41. Fixes CVE-2024-8508
https://github.com/NLnetLabs/unbound/releases/tag/release-1.21.1
unbound-1.21.1-1.fc41
Fixed builds on F41. Fixes CVE-2024-8508
https://github.com/NLnetLabs/unbound/releases/tag/release-1.21.1
Goldberg, Miro Haller, Nadia Heninger, Mike Milano, Dan Shumow, Marc
Stevens, and Adam Suhl discovered that FreeRADIUS incorrectly authenticated
certain responses. An attacker able to intercept communications between a
RADIUS client and server could possibly use this issue to forge responses,
bypass authentication, and access network devices and services.
This update introduces new configuration options called “limit_proxy_state”
and “require_message_authenticator” that default to “auto” but should be
set to “yes” once all RADIUS devices have been upgraded on a network.
It was discovered that ImageMagick incorrectly handled certain malformed
image files. If a user or automated system using ImageMagick were tricked
into opening a specially crafted image, an attacker could exploit this to
cause a denial of service or potentially leak sensitive information.
These vulnerabilities included heap and stack-based buffer overflows,
memory leaks, and improper handling of uninitialized values.
It was discovered that unzip did not properly handle unicode strings under
certain circumstances. If a user were tricked into opening a specially
crafted zip file, an attacker could possibly use this issue to cause unzip
to crash, resulting in a denial of service, or possibly execute arbitrary
code.
mosquitto-2.0.19-1.fc39
Update to 2.0.19
mosquitto-2.0.19-1.fc40
Update to 2.0.19
mosquitto-2.0.19-1.fc41
Update to 2.0.19
Fix FTBFS (closes rhbz#2300978)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– GPU drivers;
– BTRFS file system;
– F2FS file system;
– GFS2 file system;
– BPF subsystem;
– Netfilter;
– RxRPC session sockets;
– Integrity Measurement Architecture(IMA) framework;
(CVE-2024-41009, CVE-2024-26677, CVE-2024-42160, CVE-2024-39494,
CVE-2024-39496, CVE-2024-38570, CVE-2024-27012, CVE-2024-42228)
redis-7.2.6-1.fc39
Redis Community Edition 7.2.6 Released Wed 02 Oct 2024 20:17:04 IDT
Upgrade urgency SECURITY: See security fixes below.
Security fixes
CVE-2024-31449 Lua library commands may lead to stack overflow and potential RCE.
CVE-2024-31227 Potential Denial-of-service due to malformed ACL selectors.
CVE-2024-31228 Potential Denial-of-service due to unbounded pattern matching.
redis-7.2.6-1.fc40
Redis Community Edition 7.2.6 Released Wed 02 Oct 2024 20:17:04 IDT
Upgrade urgency SECURITY: See security fixes below.
Security fixes
CVE-2024-31449 Lua library commands may lead to stack overflow and potential RCE.
CVE-2024-31227 Potential Denial-of-service due to malformed ACL selectors.
CVE-2024-31228 Potential Denial-of-service due to unbounded pattern matching.