Read Time:9 Second
FEDORA-2024-0f89e13079
Packages in this update:
kernel-6.6.14-100.fc38
Update description:
The 6.6.14 stable kernel update contains a number of important fixes across the tree.
Category Archives: Advisories
clojure-1.8.0-2.el7
Read Time:7 Second
FEDORA-EPEL-2024-54270ec4b3
Packages in this update:
clojure-1.8.0-2.el7
Update description:
Security fix for CVE-2017-20189
DSA-5608-1 gst-plugins-bad1.0 – security update
Read Time:16 Second
A heap-based buffer overflow during tile list parsing was discovered in
the AV1 video codec parser for the GStreamer media framework, which may
result in denial of service or potentially the execution of arbitrary
code if a malformed media file is opened.
selinux-policy-39.4-1.fc39
Read Time:6 Second
FEDORA-2024-334b3be641
Packages in this update:
selinux-policy-39.4-1.fc39
Update description:
New F39 selinux-policy build
chromium-121.0.6167.85-1.el8
Read Time:36 Second
FEDORA-EPEL-2024-93d34f40f0
Packages in this update:
chromium-121.0.6167.85-1.el8
Update description:
update to 121.0.6167.85
High CVE-2024-0807: Use after free in WebAudio
High CVE-2024-0812: Inappropriate implementation in Accessibility
High CVE-2024-0808: Integer underflow in WebUI
Medium CVE-2024-0810: Insufficient policy enforcement in DevTools
Medium CVE-2024-0814: Incorrect security UI in Payments
Medium CVE-2024-0813: Use after free in Reading Mode
Medium CVE-2024-0806: Use after free in Passwords
Medium CVE-2024-0805: Inappropriate implementation in Downloads
Medium CVE-2024-0804: Insufficient policy enforcement in iOS Security UI
Low CVE-2024-0811: Inappropriate implementation in Extensions API
Low CVE-2024-0809: Inappropriate implementation in Autofill
chromium-121.0.6167.85-1.el9
Read Time:36 Second
FEDORA-EPEL-2024-44533eb648
Packages in this update:
chromium-121.0.6167.85-1.el9
Update description:
update to 121.0.6167.85
High CVE-2024-0807: Use after free in WebAudio
High CVE-2024-0812: Inappropriate implementation in Accessibility
High CVE-2024-0808: Integer underflow in WebUI
Medium CVE-2024-0810: Insufficient policy enforcement in DevTools
Medium CVE-2024-0814: Incorrect security UI in Payments
Medium CVE-2024-0813: Use after free in Reading Mode
Medium CVE-2024-0806: Use after free in Passwords
Medium CVE-2024-0805: Inappropriate implementation in Downloads
Medium CVE-2024-0804: Insufficient policy enforcement in iOS Security UI
Low CVE-2024-0811: Inappropriate implementation in Extensions API
Low CVE-2024-0809: Inappropriate implementation in Autofill
Buffer overflow in Sane
Read Time:23 Second
Posted by Meng Ruijie on Jan 26
[Vulnerability description]
A buffer overflow existed in Sane v.1.2.1 via a crafted config file to the init_options() function.
[Vulnerability Type]
Buffer Overflow
[Vendor of Product]
sane
[Affected Product Code Base]
sane – 1.2.1
[Reference]
https://gitlab.com/sane-project/backends/-/issues/709
[CVE Reference]
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2023-46052 to this
vulnerability.
null pointer deference in tex-live
Read Time:22 Second
Posted by Meng Ruijie on Jan 26
[Vulnerability description]
A null pointer deference existed in tex-live v.944e257 via a crafted file to the texk/web2c/pdftexdir/tounicode.c
function.
[VulnerabilityType Other]
null pointer deference
[Vendor of Product]
tex-live
[Affected Product Code Base]
tex-live – 944e257
[Reference]
https://tug.org/pipermail/tex-live/2023-August/049406.html
[CVE Reference]
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned…
null pointer deference in MiniZinc via a crafted Preferences.json file
Read Time:21 Second
Posted by Meng Ruijie on Jan 26
[Vulnerability description]
A null pointer deference existed in MiniZinc v.2.7.6 via a crafted Preferences.json file.
[VulnerabilityType Other]
null pointer deference
[Vendor of Product]
MiniZinc
[Affected Product Code Base]
MiniZinc – 2.7.6
[Reference]
https://github.com/MiniZinc/libminizinc/issues/729
[CVE Reference]
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2023-46050 to this…
null pointer deference in LLVM
Read Time:22 Second
Posted by Meng Ruijie on Jan 26
[Vulnerability description]
A null pointer deference existed in LLVM v.15.0.0 via a crafted pdflatex.fmt file.
[VulnerabilityType Other]
null pointer deference
[Vendor of Product]
llvm
[Affected Product Code Base]
llvm – LLVM-15
[Reference]
https://github.com/llvm/llvm-project/issues/67388
[CVE Reference]
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2023-46049 to this
vulnerability.