Simone Margaritelli discovered that cups-browsed could be used to create
arbitrary printers from outside the local network. In combination with
issues in other printing components, a remote attacker could possibly use
this issue to connect to a system, created manipulated PPD files, and
execute arbitrary code when a printer is used. This update disables support
for the legacy CUPS printer discovery protocol.
Simone Margaritelli discovered that CUPS incorrectly sanitized IPP
data when creating PPD files. A remote attacker could possibly use this
issue to manipulate PPD files and execute arbitrary code when a printer is
used.
chromium-129.0.6668.70-1.fc41
Update to 129.0.6668.70
High CVE-2024-9120: Use after free in Dawn
High CVE-2024-9121: Inappropriate implementation in V8
High CVE-2024-9122: Type Confusion in V8
High CVE-2024-9123: Integer overflow in Skia
It was discovered that ConfigObj contains regex that is susceptible to
catastrophic backtracking. An attacker could possibly use this issue to
cause a regular expression denial of service.
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– GPU drivers;
– Input Device (Tablet) drivers;
– Modular ISDN driver;
– Multiple devices driver;
– Network drivers;
– Near Field Communication (NFC) drivers;
– SCSI drivers;
– GCT GDM724x LTE driver;
– USB subsystem;
– VFIO drivers;
– GFS2 file system;
– JFS file system;
– NILFS2 file system;
– Networking core;
– IPv4 networking;
– L2TP protocol;
– Netfilter;
– RxRPC session sockets;
(CVE-2024-26651, CVE-2024-38583, CVE-2023-52527, CVE-2024-26880,
CVE-2022-48850, CVE-2024-26733, CVE-2021-47188, CVE-2024-42154,
CVE-2023-52809, CVE-2024-42228, CVE-2022-48863, CVE-2022-48836,
CVE-2022-48838, CVE-2024-26677, CVE-2024-27437, CVE-2022-48857,
CVE-2022-48791, CVE-2021-47181, CVE-2024-26851, CVE-2024-40902,
CVE-2022-48851, CVE-2024-38570)
aws-24.0.0-3.fc41
CVE-2024-41708: Ada Web Server did not use a cryptographically secure pseudorandom number generator.
AWS.Utils.Random and AWS.Utils.Random_String used Ada.Numerics.Discrete_Random, which is not designed to be cryptographically secure. Random_String also introduced a bias in the generated pseudorandom string values, where the values “1” and “2” had a much higher frequency than any other character.
The internal state of the Mersenne Twister PRNG could be revealed, and lead to a session hijacking attack.
This update fixes the problem by using /dev/urandom instead of Discrete_Random.
More details: https://docs.adacore.com/corp/security-advisories/SEC.AWS-0040-v2.pdf
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– GPU drivers;
– BTRFS file system;
– F2FS file system;
– GFS2 file system;
– BPF subsystem;
– Netfilter;
– RxRPC session sockets;
– Integrity Measurement Architecture(IMA) framework;
(CVE-2024-39494, CVE-2024-38570, CVE-2024-27012, CVE-2024-39496,
CVE-2024-42160, CVE-2024-41009, CVE-2024-42228, CVE-2024-26677)
aws-24.0.0-3.fc42
Automatic update for aws-24.0.0-3.fc42.
* Thu Sep 26 2024 Björn Persson <Bjorn@Rombobjörn.se> – 2:24.0.0-3
– Fixed to use /dev/urandom instead of a non-cryptographic PRNG.
Resolves: CVE-2024-41708 (RHBZ#2314766)
cjson-1.7.18-1.el9
Update to new upstream version (closes rhbz#2237124)
Fix rhbz#2277268, closes rhbz#2277269
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– GPU drivers;
– Network drivers;
– SCSI drivers;
– F2FS file system;
– BPF subsystem;
– IPv4 networking;
(CVE-2024-42160, CVE-2024-42159, CVE-2024-42224, CVE-2024-41009,
CVE-2024-42154, CVE-2024-42228)
