Read Time:6 Second
FEDORA-2024-900dc7f6ff
Packages in this update:
runc-1.1.12-1.fc39
Update description:
security fix for CVE-2024-21626
Category Archives: Advisories
USN-6587-4: X.Org X Server regression
Read Time:1 Minute, 22 Second
USN-6587-1 fixed vulnerabilities in X.Org X Server. The fix was incomplete
resulting in a possible regression. This update fixes the problem.
Original advisory details:
Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled
memory when processing the DeviceFocusEvent and ProcXIQueryPointer APIs. An
attacker could possibly use this issue to cause the X Server to crash,
obtain sensitive information, or execute arbitrary code. (CVE-2023-6816)
Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled
reattaching to a different master device. An attacker could use this issue
to cause the X Server to crash, leading to a denial of service, or possibly
execute arbitrary code. (CVE-2024-0229)
Olivier Fourdan and Donn Seeley discovered that the X.Org X Server
incorrectly labeled GLX PBuffers when used with SELinux. An attacker could
use this issue to cause the X Server to crash, leading to a denial of
service. (CVE-2024-0408)
Olivier Fourdan discovered that the X.Org X Server incorrectly handled
the curser code when used with SELinux. An attacker could use this issue to
cause the X Server to crash, leading to a denial of service.
(CVE-2024-0409)
Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled
memory when processing the XISendDeviceHierarchyEvent API. An attacker
could possibly use this issue to cause the X Server to crash, or execute
arbitrary code. (CVE-2024-21885)
Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled
devices being disabled. An attacker could possibly use this issue to cause
the X Server to crash, or execute arbitrary code. (CVE-2024-21886)
USN-6620-1: GNU C Library vulnerabilities
Read Time:9 Second
It was discovered that the GNU C Library incorrectly handled the syslog()
function call. A local attacker could use this issue to execute arbitrary
code and possibly escalate privileges.
wordpress-5.1.18-1.el7
Read Time:18 Second
FEDORA-EPEL-2024-3f1f3dcef0
Packages in this update:
wordpress-5.1.18-1.el7
Update description:
WordPress 5.1.18 Security Release
Security updates included in this release
m4tuto for finding a PHP File Upload bypass via Plugin Installer (requiring admin privileges).
@_s_n_t of @pentestltd working with Trend Micro Zero Day Initiative for finding an RCE POP Chains vulnerability.
wordpress-6.4.3-1.fc38
Read Time:20 Second
FEDORA-2024-df1cdcb0de
Packages in this update:
wordpress-6.4.3-1.fc38
Update description:
WordPress 6.4.3 – Maintenance and Security release
See upstream announcement
Security updates included in this release
m4tuto for finding a PHP File Upload bypass via Plugin Installer (requiring admin privileges).
@_s_n_t of @pentestltd working with Trend Micro Zero Day Initiative for finding an RCE POP Chains vulnerability.
wordpress-6.4.3-1.fc39
Read Time:20 Second
FEDORA-2024-2b30739a76
Packages in this update:
wordpress-6.4.3-1.fc39
Update description:
WordPress 6.4.3 – Maintenance and Security release
See upstream announcement
Security updates included in this release
m4tuto for finding a PHP File Upload bypass via Plugin Installer (requiring admin privileges).
@_s_n_t of @pentestltd working with Trend Micro Zero Day Initiative for finding an RCE POP Chains vulnerability.
wordpress-6.4.3-1.el9
Read Time:20 Second
FEDORA-EPEL-2024-7190fecd91
Packages in this update:
wordpress-6.4.3-1.el9
Update description:
WordPress 6.4.3 – Maintenance and Security release
See upstream announcement
Security updates included in this release
m4tuto for finding a PHP File Upload bypass via Plugin Installer (requiring admin privileges).
@_s_n_t of @pentestltd working with Trend Micro Zero Day Initiative for finding an RCE POP Chains vulnerability.
chromium-121.0.6167.139-1.fc38
Read Time:15 Second
FEDORA-2024-ca36dcc1d3
Packages in this update:
chromium-121.0.6167.139-1.fc38
Update description:
update to 121.0.6167.139
High CVE-2024-1060: Use after free in Canvas
High CVE-2024-1059: Use after free in WebRTC
High CVE-2024-1077: Use after free in Network
chromium-121.0.6167.139-1.fc39
Read Time:15 Second
FEDORA-2024-87e0baecb6
Packages in this update:
chromium-121.0.6167.139-1.fc39
Update description:
update to 121.0.6167.139
High CVE-2024-1060: Use after free in Canvas
High CVE-2024-1059: Use after free in WebRTC
High CVE-2024-1077: Use after free in Network
DSA-5612-1 chromium – security update
Read Time:9 Second
Multiple security issues were discovered in Chromium, which could result
in the execution of arbitrary code, denial of service or information
disclosure.