Read Time:9 Second
FEDORA-2024-4ef97ebbfc
Packages in this update:
python-pillow-9.5.0-3.fc38
Update description:
Backport fix for CVE-2023-50447.
Update patch for CVE-2023-44271
Category Archives: Advisories
kernel-6.6.14-200.fc39
Read Time:9 Second
FEDORA-2024-50ab089b1d
Packages in this update:
kernel-6.6.14-200.fc39
Update description:
The 6.6.14 stable kernel update contains a number of important fixes across the tree.
kernel-6.6.14-100.fc38
Read Time:9 Second
FEDORA-2024-0f89e13079
Packages in this update:
kernel-6.6.14-100.fc38
Update description:
The 6.6.14 stable kernel update contains a number of important fixes across the tree.
clojure-1.8.0-2.el7
Read Time:7 Second
FEDORA-EPEL-2024-54270ec4b3
Packages in this update:
clojure-1.8.0-2.el7
Update description:
Security fix for CVE-2017-20189
DSA-5608-1 gst-plugins-bad1.0 – security update
Read Time:16 Second
A heap-based buffer overflow during tile list parsing was discovered in
the AV1 video codec parser for the GStreamer media framework, which may
result in denial of service or potentially the execution of arbitrary
code if a malformed media file is opened.
selinux-policy-39.4-1.fc39
Read Time:6 Second
FEDORA-2024-334b3be641
Packages in this update:
selinux-policy-39.4-1.fc39
Update description:
New F39 selinux-policy build
chromium-121.0.6167.85-1.el8
Read Time:36 Second
FEDORA-EPEL-2024-93d34f40f0
Packages in this update:
chromium-121.0.6167.85-1.el8
Update description:
update to 121.0.6167.85
High CVE-2024-0807: Use after free in WebAudio
High CVE-2024-0812: Inappropriate implementation in Accessibility
High CVE-2024-0808: Integer underflow in WebUI
Medium CVE-2024-0810: Insufficient policy enforcement in DevTools
Medium CVE-2024-0814: Incorrect security UI in Payments
Medium CVE-2024-0813: Use after free in Reading Mode
Medium CVE-2024-0806: Use after free in Passwords
Medium CVE-2024-0805: Inappropriate implementation in Downloads
Medium CVE-2024-0804: Insufficient policy enforcement in iOS Security UI
Low CVE-2024-0811: Inappropriate implementation in Extensions API
Low CVE-2024-0809: Inappropriate implementation in Autofill
chromium-121.0.6167.85-1.el9
Read Time:36 Second
FEDORA-EPEL-2024-44533eb648
Packages in this update:
chromium-121.0.6167.85-1.el9
Update description:
update to 121.0.6167.85
High CVE-2024-0807: Use after free in WebAudio
High CVE-2024-0812: Inappropriate implementation in Accessibility
High CVE-2024-0808: Integer underflow in WebUI
Medium CVE-2024-0810: Insufficient policy enforcement in DevTools
Medium CVE-2024-0814: Incorrect security UI in Payments
Medium CVE-2024-0813: Use after free in Reading Mode
Medium CVE-2024-0806: Use after free in Passwords
Medium CVE-2024-0805: Inappropriate implementation in Downloads
Medium CVE-2024-0804: Insufficient policy enforcement in iOS Security UI
Low CVE-2024-0811: Inappropriate implementation in Extensions API
Low CVE-2024-0809: Inappropriate implementation in Autofill
Buffer overflow in Sane
Read Time:23 Second
Posted by Meng Ruijie on Jan 26
[Vulnerability description]
A buffer overflow existed in Sane v.1.2.1 via a crafted config file to the init_options() function.
[Vulnerability Type]
Buffer Overflow
[Vendor of Product]
sane
[Affected Product Code Base]
sane – 1.2.1
[Reference]
https://gitlab.com/sane-project/backends/-/issues/709
[CVE Reference]
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2023-46052 to this
vulnerability.
null pointer deference in tex-live
Read Time:22 Second
Posted by Meng Ruijie on Jan 26
[Vulnerability description]
A null pointer deference existed in tex-live v.944e257 via a crafted file to the texk/web2c/pdftexdir/tounicode.c
function.
[VulnerabilityType Other]
null pointer deference
[Vendor of Product]
tex-live
[Affected Product Code Base]
tex-live – 944e257
[Reference]
https://tug.org/pipermail/tex-live/2023-August/049406.html
[CVE Reference]
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned…