Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– GPU drivers;
– BTRFS file system;
– F2FS file system;
– GFS2 file system;
– BPF subsystem;
– Netfilter;
– RxRPC session sockets;
– Integrity Measurement Architecture(IMA) framework;
(CVE-2024-27012, CVE-2024-38570, CVE-2024-42228, CVE-2024-41009,
CVE-2024-39494, CVE-2024-42160, CVE-2024-39496, CVE-2024-26677)
Category Archives: Advisories
webkitgtk-2.46.3-1.fc40
FEDORA-2024-4d940908db
Packages in this update:
webkitgtk-2.46.3-1.fc40
Update description:
Update to WebKitGTK 2.46.3:
Flatten layers to a plane when preseve-3d style is set.
Fix DuckDuckGo links by adding a user agent quirk.
Fix several crashes and rendering issues.
Fixes: CVE-2024-44244, CVE-2024-44296
Changes from WebKitGTK 2.46.2:
Own well-known bus name on a11y bus.
Improve memory consumption when putImageData is used repeatedly on accelerated canvas.
Disable cached web process suspension for now to prevent leaks.
Improve text kerning with different combinations of antialias and hinting settings.
Destroy all network sessions on process exit.
Fix visible rectangle calculation when there are animations.
Fix the build with ENABLE_NOTIFICATIONS=OFF.
Fix several crashes and rendering issues.
webkitgtk-2.46.3-1.fc41
FEDORA-2024-4e0b4ce6ad
Packages in this update:
webkitgtk-2.46.3-1.fc41
Update description:
Update to WebKitGTK 2.46.3:
Flatten layers to a plane when preseve-3d style is set.
Fix DuckDuckGo links by adding a user agent quirk.
Fix several crashes and rendering issues.
Fixes: CVE-2024-44244, CVE-2024-44296
Changes from WebKitGTK 2.46.2:
Own well-known bus name on a11y bus.
Improve memory consumption when putImageData is used repeatedly on accelerated canvas.
Disable cached web process suspension for now to prevent leaks.
Improve text kerning with different combinations of antialias and hinting settings.
Destroy all network sessions on process exit.
Fix visible rectangle calculation when there are animations.
Fix the build with ENABLE_NOTIFICATIONS=OFF.
Fix several crashes and rendering issues.
webkitgtk-2.46.3-1.fc39
FEDORA-2024-0f8a88da75
Packages in this update:
webkitgtk-2.46.3-1.fc39
Update description:
Update to WebKitGTK 2.46.3:
Flatten layers to a plane when preseve-3d style is set.
Fix DuckDuckGo links by adding a user agent quirk.
Fix several crashes and rendering issues.
Fixes: CVE-2024-44244, CVE-2024-44296
Changes from WebKitGTK 2.46.2:
Own well-known bus name on a11y bus.
Improve memory consumption when putImageData is used repeatedly on accelerated canvas.
Disable cached web process suspension for now to prevent leaks.
Improve text kerning with different combinations of antialias and hinting settings.
Destroy all network sessions on process exit.
Fix visible rectangle calculation when there are animations.
Fix the build with ENABLE_NOTIFICATIONS=OFF.
Fix several crashes and rendering issues.
USN-7086-1: Firefox vulnerabilities
Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code. (CVE-2024-10458
CVE-2024-10459, CVE-2024-10460, CVE-2024-10461, CVE-2024-10462,
CVE-2024-10463, CVE-2024-10464, CVE-2024-10465, CVE-2024-10466,
CVE-2024-10467, CVE-2024-10468)
USN-7087-1: libarchive vulnerability
It was discovered that libarchive incorrectly handled certain RAR archive
files. If a user or automated system were tricked into processing a
specially crafted RAR archive, an attacker could use this issue to cause
libarchive to crash, resulting in a denial of service, or possibly execute
arbitrary code.
ZDI-24-1451: Apple macOS ICC Profile Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-44284.
ZDI-24-1450: Apple macOS ICC Profile Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 3.3. The following CVEs are assigned: CVE-2024-44283.
ZDI-24-1449: Apple macOS CoreFoundation Font Glyphs Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 3.3. The following CVEs are assigned: CVE-2024-44282.
ZDI-24-1448: Apple macOS ICC Profile Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 3.3. The following CVEs are assigned: CVE-2024-44281.