Category Archives: Advisories

microcode_ctl-2.1-58.2.fc39

Read Time:2 Minute, 24 Second

FEDORA-2024-dca1b54441

Packages in this update:

microcode_ctl-2.1-58.2.fc39

Update description:

Update to upstream 2.1-44. 20240813
Update of 06-55-07/0xbf (CLX-SP/W/X B1/L1) microcode from revision 0x5003605 up to 0x5003707;
Update of 06-55-0b/0xbf (CPX-SP A1) microcode from revision 0x7002802 up to 0x7002904;
Update of 06-6a-06/0x87 (ICX-SP D0) microcode from revision 0xd0003d1 up to 0xd0003e7;
Update of 06-6c-01/0x10 (ICL-D B0) microcode from revision 0x1000290 up to 0x10002b0;
Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from revision 0xc4 up to 0xc6;
Update of 06-8c-01/0x80 (TGL-UP3/UP4 B1) microcode from revision 0xb6 up to 0xb8;
Update of 06-8c-02/0xc2 (TGL-R C0) microcode from revision 0x36 up to 0x38;
Update of 06-8d-01/0xc2 (TGL-H R0) microcode from revision 0x50 up to 0x52;
Update of 06-8e-09/0x10 (AML-Y 2+2 H0) microcode from revision 0xf4 up to 0xf6;
Update of 06-8e-09/0xc0 (KBL-U/U 2+3e/Y H0/J1) microcode from revision 0xf4 up to 0xf6;
Update of 06-8e-0a/0xc0 (CFL-U 4+3e D0, KBL-R Y0) microcode from revision 0xf4 up to 0xf6;
Update of 06-8e-0b/0xd0 (WHL-U W0) microcode from revision 0xf4 up to 0xf6;
Update of 06-8e-0c/0x94 (AML-Y 4+2 V0, CML-U 4+2 V0, WHL-U V0) microcode from revision 0xfa up to 0xfc;
Update of 06-96-01/0x01 (EHL B1) microcode from revision 0x19 up to 0x1a;
Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E U0) microcode from revision 0xf6 up to 0xf8;
Update of 06-9e-0b/0x02 (CFL-E/H/S B0) microcode from revision 0xf4 up to 0xf6;
Update of 06-9e-0c/0x22 (CFL-H/S/Xeon E P0) microcode from revision 0xf6 up to 0xf8;
Update of 06-9e-0d/0x22 (CFL-H/S/Xeon E R0) microcode from revision 0xfc up to 0x100;
Update of 06-a5-02/0x20 (CML-H R1) microcode from revision 0xfa up to 0xfc;
Update of 06-a5-03/0x22 (CML-S 6+2 G1) microcode from revision 0xfa up to 0xfc;
Update of 06-a5-05/0x22 (CML-S 10+2 Q0) microcode from revision 0xfa up to 0xfc;
Update of 06-a6-00/0x80 (CML-U 6+2 A0) microcode from revision 0xfa up to 0xfe;
Update of 06-a6-01/0x80 (CML-U 6+2 v2 K1) microcode from revision 0xfa up to 0xfc;
Update of 06-a7-01/0x02 (RKL-S B0) microcode from revision 0x5e up to 0x62;
Update of 06-aa-04/0xe6 (MTL-H/U C0) microcode from revision 0x1c up to 0x1e.
Addresses CVE-2024-24853, CVE-2024-24980, CVE-2024-25939

Read More

apr-1.7.5-1.fc40

Read Time:23 Second

FEDORA-2024-b40491b84b

Packages in this update:

apr-1.7.5-1.fc40

Update description:

This update to the apr package fixes a security issue in the handling of shared memory permissions.

SECURITY: CVE-2023-49582: Apache Portable Runtime (APR):
Unexpected lax shared memory permissions (cve.mitre.org)
Lax permissions set by the Apache Portable Runtime library on
Unix platforms would allow local users read access to named
shared memory segments, potentially revealing sensitive
application data.

Read More

apr-1.7.5-1.fc39

Read Time:23 Second

FEDORA-2024-318343049c

Packages in this update:

apr-1.7.5-1.fc39

Update description:

This update to the apr package fixes a security issue in the handling of shared memory permissions.

SECURITY: CVE-2023-49582: Apache Portable Runtime (APR):
Unexpected lax shared memory permissions (cve.mitre.org)
Lax permissions set by the Apache Portable Runtime library on
Unix platforms would allow local users read access to named
shared memory segments, potentially revealing sensitive
application data.

Read More

ZDI-24-1187: Progress Software WhatsUp Gold getMonitorJoin SQL Injection Privilege Escalation Vulnerability

Read Time:15 Second

This vulnerability allows remote attackers to escalate privileges on affected installations of Progress Software WhatsUp Gold. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2024-6672.

Read More

ZDI-24-1183: Delta Electronics DTN Soft BIN File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability

Read Time:17 Second

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DTN Soft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-8255.

Read More