Category Archives: Advisories

USN-6968-2: PostgreSQL vulnerability

Read Time:18 Second

USN-6968-1 fixed CVE-2024-7348 in PostgreSQL-12, PostgreSQL-14, and
PostgreSQL-16

This update provides the corresponding updates for PostgreSQL-9.5 in
Ubuntu 16.04 LTS.

Original advisory details:

Noah Misch discovered that PostgreSQL incorrectly handled certain
SQL objects. An attacker could possibly use this issue to execute
arbitrary SQL functions as the superuser.

Read More

USN-7015-2: Python vulnerabilities

Read Time:42 Second

USN-7015-1 fixed several vulnerabilities in Python. This update provides
one of the corresponding updates for python2.7 for Ubuntu 16.04 LTS,
Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS, and a second for
python3.5 for Ubuntu 16.04 LTS.

Original advisory details:

It was discovered that Python allowed excessive backtracking while
parsing certain tarfile headers. A remote attacker could possibly use
this issue to cause Python to consume resources, leading to a denial
of service. This issue only affected python3.5 for
Ubuntu 16.04 LTS (CVE-2024-6232)

It was discovered that the Python http.cookies module incorrectly
handled parsing cookies that contained backslashes for quoted
characters. A remote attacker could possibly use this issue to cause
Python to consume resources, leading to a denial of service.
(CVE-2024-7592)

Read More

USN-7027-1: Emacs vulnerabilities

Read Time:1 Minute, 23 Second

It was discovered that Emacs incorrectly handled input sanitization. An
attacker could possibly use this issue to execute arbitrary commands. This
issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04
LTS. (CVE-2022-45939)

Xi Lu discovered that Emacs incorrectly handled input sanitization. An
attacker could possibly use this issue to execute arbitrary commands. This
issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS
and Ubuntu 22.04 LTS. (CVE-2022-48337)

Xi Lu discovered that Emacs incorrectly handled input sanitization. An
attacker could possibly use this issue to execute arbitrary commands. This
issue only affected Ubuntu 22.04 LTS. (CVE-2022-48338)

Xi Lu discovered that Emacs incorrectly handled input sanitization. An
attacker could possibly use this issue to execute arbitrary commands. This
issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04
LTS. (CVE-2022-48339)

It was discovered that Emacs incorrectly handled filename sanitization. An
attacker could possibly use this issue to execute arbitrary commands. This
issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04
LTS. (CVE-2023-28617)

It was discovered that Emacs incorrectly handled certain crafted files. An
attacker could possibly use this issue to crash the program, resulting in
a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu
18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2024-30203,
CVE-2024-30204, CVE-2024-30205)

It was discovered that Emacs incorrectly handled certain crafted files. An
attacker could possibly use this issue to execute arbitrary commands.
(CVE-2024-39331)

Read More

helix-24.07-2.fc42 rust-cargo-0.79.0-4.fc42 rust-cargo-deny-0.14.24-3.fc42 rust-dua-cli-2.29.2-1.fc42 rust-gix-0.66.0-1.fc42 rust-gix-actor-0.32.0-1.fc42 rust-gix-archive-0.15.0-1.fc42 rust-gix-attributes-0.22.5-1.fc42 rust-gix-command-0.3.9-1.fc42 rust-gix-commitgraph-0.24.3-1.fc42 rust-gix-config-0.40.0-1.fc42 rust-gix-config-value-0.14.8-1.fc42 rust-gix-credentials-0.24.5-1.fc42 rust-gix-date-0.9.0-1.fc42 rust-gix-diff-0.46.0-1.fc42 rust-gix-dir-0.8.0-1.fc42 rust-gix-discover-0.35.0-1.fc42 rust-gix-features-0.38.2-3.fc42 rust-gix-filter-0.13.0-1.fc42 rust-gix-fs-0.11.3-1.fc42 rust-gix-glob-0.16.5-1.fc42 rust-gix-ignore-0.11.4-1.fc42 rust-gix-index-0.35.0-1.fc42 rust-gix-mailmap-0.24.0-1.fc42 rust-gix-negotiate-0.15.0-1.fc42 rust-gix-object-0.44.0-1.fc42 rust-gix-odb-0.63.0-1.fc42 rust-gix-pack-0.53.0-1.fc42 rust-gix-packetline-0.17.6-1.fc42 rust-gix-packetline-blocking-0.17.5-1.fc42 rust-gix-path-0.10.11-1.fc42 rust-gix-pathspec-0.7.7-1.fc42 rust-gix-prompt-0.8.7-1.fc42 rust-gix-protocol-0.45.3-1.fc42 rust-gix-ref-0.47.0-1.fc42 rust-gix-refspec-0.25.0-1.fc42 rust-gix-revision-0.29.0-1.fc42 rust-gix-revwalk-0.15.0-1.fc42 rust-gix-sec-0.10.8-1.fc42 rust-gix-status-0.13.0-1.fc42 rust-gix-submodule-0.14.0-1.fc42 rust-gix-tempfile-14.0.2-1.fc42 rust-gix-trace-0.1.10-1.fc42 rust-gix-transport-0.42.3-1.fc42 rust-gix-traverse-0.41.0-1.fc42 rust-gix-url-0.27.5-1.fc42 rust-gix-validate-0.9.0-1.fc42 rust-gix-worktree-0.36.0-1.fc42 rust-gix-worktree-state-0.13.0-1.fc42 rust-gix-worktree-stream-0.15.0-1.fc42 rust-onefetch-2.21.0-4.fc42 rust-prodash-29.0.0-1.fc42 rust-rustsec-0.29.3-3.fc42 rust-tame-index-0.12.0-3.fc42 rust-vergen-8.3.1-4.fc42 stgit-2.4.12-1.fc42

Read Time:2 Minute, 17 Second

FEDORA-2024-1b3089c689

Packages in this update:

helix-24.07-2.fc42
rust-cargo-0.79.0-4.fc42
rust-cargo-deny-0.14.24-3.fc42
rust-dua-cli-2.29.2-1.fc42
rust-gix-0.66.0-1.fc42
rust-gix-actor-0.32.0-1.fc42
rust-gix-archive-0.15.0-1.fc42
rust-gix-attributes-0.22.5-1.fc42
rust-gix-command-0.3.9-1.fc42
rust-gix-commitgraph-0.24.3-1.fc42
rust-gix-config-0.40.0-1.fc42
rust-gix-config-value-0.14.8-1.fc42
rust-gix-credentials-0.24.5-1.fc42
rust-gix-date-0.9.0-1.fc42
rust-gix-diff-0.46.0-1.fc42
rust-gix-dir-0.8.0-1.fc42
rust-gix-discover-0.35.0-1.fc42
rust-gix-features-0.38.2-3.fc42
rust-gix-filter-0.13.0-1.fc42
rust-gix-fs-0.11.3-1.fc42
rust-gix-glob-0.16.5-1.fc42
rust-gix-ignore-0.11.4-1.fc42
rust-gix-index-0.35.0-1.fc42
rust-gix-mailmap-0.24.0-1.fc42
rust-gix-negotiate-0.15.0-1.fc42
rust-gix-object-0.44.0-1.fc42
rust-gix-odb-0.63.0-1.fc42
rust-gix-pack-0.53.0-1.fc42
rust-gix-packetline-0.17.6-1.fc42
rust-gix-packetline-blocking-0.17.5-1.fc42
rust-gix-path-0.10.11-1.fc42
rust-gix-pathspec-0.7.7-1.fc42
rust-gix-prompt-0.8.7-1.fc42
rust-gix-protocol-0.45.3-1.fc42
rust-gix-ref-0.47.0-1.fc42
rust-gix-refspec-0.25.0-1.fc42
rust-gix-revision-0.29.0-1.fc42
rust-gix-revwalk-0.15.0-1.fc42
rust-gix-sec-0.10.8-1.fc42
rust-gix-status-0.13.0-1.fc42
rust-gix-submodule-0.14.0-1.fc42
rust-gix-tempfile-14.0.2-1.fc42
rust-gix-trace-0.1.10-1.fc42
rust-gix-transport-0.42.3-1.fc42
rust-gix-traverse-0.41.0-1.fc42
rust-gix-url-0.27.5-1.fc42
rust-gix-validate-0.9.0-1.fc42
rust-gix-worktree-0.36.0-1.fc42
rust-gix-worktree-state-0.13.0-1.fc42
rust-gix-worktree-stream-0.15.0-1.fc42
rust-onefetch-2.21.0-4.fc42
rust-prodash-29.0.0-1.fc42
rust-rustsec-0.29.3-3.fc42
rust-tame-index-0.12.0-3.fc42
rust-vergen-8.3.1-4.fc42
stgit-2.4.12-1.fc42

Update description:

Update gix to version 0.66

Read More

webkitgtk-2.46.0-1.fc39

Read Time:25 Second

FEDORA-2024-01501ccce2

Packages in this update:

webkitgtk-2.46.0-1.fc39

Update description:

Use Skia instead of cairo for 2D rendering and enable GPU rendering by default.
Enable offscreen canvas by default.
Add support for system tracing with Sysprof.
Implement printing using the Print portal.
Add new API to load settings from a config file.
Add a new setting to enable or disable the 2D canvas acceleration (enabled by default).
Undeprecate console messages API and make it available in 6.0 API.

Read More

chromium-129.0.6668.58-1.fc41

Read Time:22 Second

FEDORA-2024-b85d941d78

Packages in this update:

chromium-129.0.6668.58-1.fc41

Update description:

update to 129.0.6668.58

High CVE-2024-8904: Type Confusion in V8
Medium CVE-2024-8905: Inappropriate implementation in V8
Medium CVE-2024-8906: Incorrect security UI in Downloads
Medium CVE-2024-8907: Insufficient data validation in Omnibox
Low CVE-2024-8908: Inappropriate implementation in Autofill
Low CVE-2024-8909: Inappropriate implementation in UI

Read More

chromium-129.0.6668.58-1.el8

Read Time:22 Second

FEDORA-EPEL-2024-2cc55c9f93

Packages in this update:

chromium-129.0.6668.58-1.el8

Update description:

update to 129.0.6668.58

High CVE-2024-8904: Type Confusion in V8
Medium CVE-2024-8905: Inappropriate implementation in V8
Medium CVE-2024-8906: Incorrect security UI in Downloads
Medium CVE-2024-8907: Insufficient data validation in Omnibox
Low CVE-2024-8908: Inappropriate implementation in Autofill
Low CVE-2024-8909: Inappropriate implementation in UI

Read More