Read Time:11 Second
Multiple security issues were found in PHP, a widely-used open source
general purpose scripting language which could result in denial of
service, CLRF injection or information disclosure.
Category Archives: Advisories
USN-7125-1: RapidJSON vulnerability
Read Time:10 Second
It was discovered that RapidJSON incorrectly parsed numbers written in
scientific notation, leading to an integer underflow. An attacker could
possibly use this issue to cause a denial of service, or execute arbitrary
code.
USN-7121-3: Linux kernel (Oracle) vulnerabilities
Read Time:1 Minute, 12 Second
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– ARM64 architecture;
– S390 architecture;
– x86 architecture;
– Block layer subsystem;
– Cryptographic API;
– ATM drivers;
– Device frequency scaling framework;
– GPU drivers;
– Hardware monitoring drivers;
– VMware VMCI Driver;
– Network drivers;
– Device tree and open firmware driver;
– SCSI drivers;
– Greybus lights staging drivers;
– BTRFS file system;
– File systems infrastructure;
– F2FS file system;
– JFS file system;
– NILFS2 file system;
– Netfilter;
– Memory management;
– Ethernet bridge;
– IPv6 networking;
– IUCV driver;
– Logical Link layer;
– MAC80211 subsystem;
– NFC subsystem;
– Network traffic control;
– Unix domain sockets;
(CVE-2023-52614, CVE-2024-26633, CVE-2024-46758, CVE-2024-46723,
CVE-2023-52502, CVE-2024-41059, CVE-2024-44987, CVE-2024-36020,
CVE-2023-52599, CVE-2023-52639, CVE-2024-26668, CVE-2024-42094,
CVE-2022-48938, CVE-2022-48733, CVE-2024-27397, CVE-2023-52578,
CVE-2024-38560, CVE-2024-38538, CVE-2024-42310, CVE-2024-46722,
CVE-2024-46800, CVE-2024-41095, CVE-2024-42104, CVE-2024-35877,
CVE-2022-48943, CVE-2024-46743, CVE-2023-52531, CVE-2024-46757,
CVE-2024-36953, CVE-2024-46756, CVE-2024-38596, CVE-2023-52612,
CVE-2024-38637, CVE-2024-41071, CVE-2024-46759, CVE-2024-43882,
CVE-2024-26675, CVE-2024-43854, CVE-2024-44942, CVE-2024-44998,
CVE-2024-42240, CVE-2024-41089, CVE-2024-26636, CVE-2024-46738,
CVE-2024-42309)
firefox-133.0-1.fc41 nss-3.106.0-1.fc41
Read Time:9 Second
FEDORA-2024-b266d38c44
Packages in this update:
firefox-133.0-1.fc41
nss-3.106.0-1.fc41
Update description:
Update NSS to 3.106.0
Update to Firefox 133.0
firefox-133.0-1.fc40 nss-3.106.0-1.fc40
Read Time:9 Second
FEDORA-2024-ea7b2e66a1
Packages in this update:
firefox-133.0-1.fc40
nss-3.106.0-1.fc40
Update description:
Update NSS to 3.106.0
Update to Firefox 133.0
pam-1.6.1-7.fc41
Read Time:7 Second
FEDORA-2024-4d4d946073
Packages in this update:
pam-1.6.1-7.fc41
Update description:
pam_access: rework resolving of tokens as hostname.
USN-7124-1: OpenJDK 23 vulnerabilities
Read Time:33 Second
Andy Boothe discovered that the Networking component of OpenJDK 23 did not
properly handle access under certain circumstances. An unauthenticated
attacker could possibly use this issue to cause a denial of service.
(CVE-2024-21208)
It was discovered that the Hotspot component of OpenJDK 23 did not properly
handle vectorization under certain circumstances. An unauthenticated
attacker could possibly use this issue to access unauthorized resources
and expose sensitive information. (CVE-2024-21210, CVE-2024-21235)
It was discovered that the Serialization component of OpenJDK 23 did not
properly handle deserialization under certain circumstances. An
unauthenticated attacker could possibly use this issue to cause a denial
of service. (CVE-2024-21217)
needrestart-3.8-1.fc39
Read Time:6 Second
FEDORA-2024-6015ee69f0
Packages in this update:
needrestart-3.8-1.fc39
Update description:
Rebase to fix CVEs
needrestart-3.8-1.fc41
Read Time:6 Second
FEDORA-2024-a9cf3dad4f
Packages in this update:
needrestart-3.8-1.fc41
Update description:
Rebase to fix CVEs
needrestart-3.8-1.el8
Read Time:6 Second
FEDORA-EPEL-2024-6447a39121
Packages in this update:
needrestart-3.8-1.el8
Update description:
Rebase to fix CVEs