Iggy Frankovic discovered that Quagga incorrectly handled certain BGP
messages. A remote attacker could possibly use this issue to cause Quagga
to crash, resulting in a denial of service.
Category Archives: Advisories
USN-7016-1: FRR vulnerability
Iggy Frankovic discovered that FRR incorrectly handled certain BGP
messages. A remote attacker could possibly use this issue to cause FRR to
crash, resulting in a denial of service.
USN-7000-2: Expat vulnerabilities
USN-7000-1 fixed vulnerabilities in Expat. This update
provides the corresponding updates for Ubuntu 22.04 LTS.
Original advisory details:
Shang-Hung Wan discovered that Expat did not properly handle certain
function calls when a negative input length was provided. An attacker
could use this issue to cause a denial of service or possibly execute
arbitrary code. (CVE-2024-45490)
Shang-Hung Wan discovered that Expat did not properly handle the
potential for an integer overflow on 32-bit platforms. An attacker
could use this issue to cause a denial of service or possibly execute
arbitrary code. (CVE-2024-45491, CVE-2024-45492)
USN-7001-2: xmltok library vulnerabilities
USN-7001-1 fixed vulnerabilities in xmltol library. This update
provides the corresponding updates for Ubuntu 24.04 LTS.
Original advisory details:
Shang-Hung Wan discovered that Expat, contained within the xmltok library,
did not properly handle certain function calls when a negative input
length was provided. An attacker could use this issue to cause a denial of
service or possibly execute arbitrary code. (CVE-2024-45490)
Shang-Hung Wan discovered that Expat, contained within the xmltok library,
did not properly handle the potential for an integer overflow on 32-bit
platforms. An attacker could use this issue to cause a denial of service
or possibly execute arbitrary code. (CVE-2024-45491)
chisel-1.10.0-1.fc39
FEDORA-2024-9b005962f9
Packages in this update:
chisel-1.10.0-1.fc39
Update description:
Update to new upstream version (closes rhbz#2303131)
chisel-1.10.0-1.fc40
FEDORA-2024-5aad2fda6a
Packages in this update:
chisel-1.10.0-1.fc40
Update description:
Update to new upstream version (closes rhbz#2303131)
chisel-1.10.0-1.fc41
FEDORA-2024-6b9aeecbe8
Packages in this update:
chisel-1.10.0-1.fc41
Update description:
Update to new upstream version (closes rhbz#2303131)
chisel-1.10.0-1.fc42
FEDORA-2024-37a2b3fac5
Packages in this update:
chisel-1.10.0-1.fc42
Update description:
Automatic update for chisel-1.10.0-1.fc42.
Changelog
* Tue Sep 17 2024 Fabian Affolter <mail@fabian-affolter.ch> – 1.10.0-1
– Update to new upstream version (closes rhbz#2303131)
– Set version (closes rhbz#2265825)
– Fix CVE-2024-43798 (closes rhbz#2308435, closes rhbz#2308436)
USN-7011-2: ClamAV vulnerabilities
USN-7011-1 fixed several vulnerabilities in ClamAV. This update provides
the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.
Original advisory details:
It was discovered that ClamAV incorrectly handled certain PDF files. A
remote attacker could possibly use this issue to cause ClamAV to crash,
resulting in a denial of service. (CVE-2024-20505)
It was discovered that ClamAV incorrectly handled logfile privileges. A
local attacker could use this issue to cause ClamAV to overwrite arbitrary
files, possibly leading to privilege escalation. (CVE-2024-20506)
USN-7010-1: DCMTK vulnerabilities
Jinsheng Ba discovered that DCMTK incorrectly handled certain requests. If
a user or an automated system were tricked into opening a certain specially
crafted input file, a remote attacker could possibly use this issue to
cause a denial of service. This issue only affected Ubuntu 20.04 LTS.
(CVE-2021-41687, CVE-2021-41688, CVE-2021-41689, CVE-2021-41690)
Sharon Brizinov and Noam Moshe discovered that DCMTK incorrectly handled
pointers. If a user or an automated system were tricked into opening a
certain specially crafted input file, a remote attacker could possibly use
this issue to cause a denial of service. This issue only affected
Ubuntu 20.04 LTS. (CVE-2022-2121)
It was discovered that DCMTK incorrectly handled certain inputs. If a
user or an automated system were tricked into opening a certain specially
crafted input file, a remote attacker could possibly use this issue to
cause a denial of service. This issue only affected Ubuntu 20.04 LTS.
(CVE-2022-43272)
It was discovered that DCMTK incorrectly handled certain inputs. If a
user or an automated system were tricked into opening a certain specially
crafted input file, a remote attacker could possibly use this issue to
execute arbitrary code. This issue was only addressed in Ubuntu 20.04 LTS
and Ubuntu 22.04 LTS. (CVE-2024-28130)
It was discovered that DCMTK incorrectly handled memory when processing an
invalid incoming DIMSE message. An attacker could possibly use this issue
to cause a denial of service. (CVE-2024-34508, CVE-2024-34509)