It was discovered that libvpx did not properly handle certain malformed
media files. If an application using libvpx opened a specially crafted
file, a remote attacker could cause a denial of service, or possibly
execute arbitrary code. Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, Ubuntu 18.04
LTS, and Ubuntu 16.04 LTS were previously addressed in USN-6403-1,
USN-6403-2, and USN-6403-3. This update addresses the issue in Ubuntu 14.04
LTS.
Category Archives: Advisories
USN-7176-1: GStreamer Good Plugins vulnerabilities
Antonio Morales discovered that GStreamer Good Plugins incorrectly handled
certain malformed media files. An attacker could use these issues to cause
GStreamer Good Plugins to crash, resulting in a denial of service, or
possibly execute arbitrary code.
USN-7175-1: GStreamer Base Plugins vulnerabilities
Antonio Morales discovered that GStreamer Base Plugins incorrectly handled
certain malformed media files. An attacker could use these issues to cause
GStreamer Base Plugins to crash, resulting in a denial of service, or
possibly execute arbitrary code.
USN-7174-1: GStreamer vulnerability
Antonio Morales discovered that GStreamer incorrectly handled allocating
memory for certain buffers. An attacker could use this issue to cause
GStreamer to crash, resulting in a denial of service, or possibly execute
arbitrary code.
USN-7171-1: PHPUnit vulnerability
It was discovered that PHPUnit incorrectly handled web requests if exposed
to the internet. An attacker could possibly use this issue to achive remote
code execution or obtain sensitive information.
USN-7168-1: EditorConfig vulnerabilities
It was discovered that EditorConfig improperly managed memory when handling
certain inputs, leading to overflows. An attacker could possibly use these
issues to cause a denial of service, or execute arbitrary code.
dante-1.4.4-1.fc42
FEDORA-2024-e922e33593
Packages in this update:
dante-1.4.4-1.fc42
Update description:
Automatic update for dante-1.4.4-1.fc42.
Changelog
* Wed Dec 18 2024 Tim Semeijn <tim@semeijn.net> – 1.4.4-1
– Update to 1.4.4 (fixes rhbz#2332886, rhbz#2332915, rhbz#2332916,
rhbz#2332917 & rhbz#2332918)
USN-7159-3: Linux kernel vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– ARM32 architecture;
– ARM64 architecture;
– S390 architecture;
– x86 architecture;
– Power management core;
– GPU drivers;
– InfiniBand drivers;
– Network drivers;
– S/390 drivers;
– TTY drivers;
– BTRFS file system;
– EROFS file system;
– F2FS file system;
– File systems infrastructure;
– BPF subsystem;
– Socket messages infrastructure;
– Bluetooth subsystem;
– Ethernet bridge;
– Networking core;
– IPv4 networking;
– SELinux security module;
(CVE-2022-48938, CVE-2024-42156, CVE-2024-36953, CVE-2024-38538,
CVE-2021-47501, CVE-2024-42068, CVE-2024-26947, CVE-2024-46724,
CVE-2024-36968, CVE-2023-52497, CVE-2024-35951, CVE-2023-52488,
CVE-2024-44940, CVE-2022-48733, CVE-2023-52498, CVE-2022-48943,
CVE-2024-35904, CVE-2024-42077, CVE-2024-36938, CVE-2023-52639,
CVE-2024-42240, CVE-2024-44942, CVE-2021-47076)
USN-7166-2: Linux kernel (AWS) vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– ARM32 architecture;
– RISC-V architecture;
– S390 architecture;
– x86 architecture;
– Block layer subsystem;
– ACPI drivers;
– Drivers core;
– ATA over ethernet (AOE) driver;
– TPM device driver;
– Clock framework and drivers;
– Buffer Sharing and Synchronization framework;
– EFI core;
– GPIO subsystem;
– GPU drivers;
– HID subsystem;
– I2C subsystem;
– InfiniBand drivers;
– Input Device core drivers;
– Mailbox framework;
– Media drivers;
– Ethernet bonding driver;
– Network drivers;
– Mellanox network drivers;
– Microsoft Azure Network Adapter (MANA) driver;
– STMicroelectronics network drivers;
– NTB driver;
– Virtio pmem driver;
– PCI subsystem;
– x86 platform drivers;
– S/390 drivers;
– SCSI subsystem;
– SPI subsystem;
– Thermal drivers;
– USB Device Class drivers;
– USB Type-C Port Controller Manager driver;
– VFIO drivers;
– Virtio Host (VHOST) subsystem;
– Framebuffer layer;
– 9P distributed file system;
– BTRFS file system;
– Ceph distributed file system;
– File systems infrastructure;
– Ext4 file system;
– F2FS file system;
– GFS2 file system;
– JFS file system;
– Network file system (NFS) client;
– Network file system (NFS) server daemon;
– NILFS2 file system;
– Network file system (NFS) superblock;
– Bluetooth subsystem;
– Network traffic control;
– Network sockets;
– TCP network protocol;
– BPF subsystem;
– Perf events;
– Kernel thread helper (kthread);
– Padata parallel execution mechanism;
– Arbitrary resource management;
– Static call mechanism;
– Tracing infrastructure;
– Memory management;
– Ethernet bridge;
– CAN network layer;
– Networking core;
– IPv4 networking;
– IPv6 networking;
– MAC80211 subsystem;
– Multipath TCP;
– Netfilter;
– Netlink;
– SCTP protocol;
– TIPC protocol;
– SELinux security module;
– Simplified Mandatory Access Control Kernel framework;
– AudioScience HPI driver;
– Amlogic Meson SoC drivers;
– USB sound devices;
(CVE-2024-49944, CVE-2024-49907, CVE-2024-50062, CVE-2024-36893,
CVE-2024-49985, CVE-2024-49903, CVE-2024-49886, CVE-2024-50180,
CVE-2024-47757, CVE-2024-49938, CVE-2024-49902, CVE-2024-47709,
CVE-2024-49884, CVE-2024-49967, CVE-2024-49977, CVE-2024-47734,
CVE-2024-49954, CVE-2024-49963, CVE-2024-47747, CVE-2024-50008,
CVE-2024-47696, CVE-2024-50038, CVE-2024-46695, CVE-2024-47705,
CVE-2024-49957, CVE-2024-38538, CVE-2024-50019, CVE-2024-38544,
CVE-2024-50003, CVE-2024-50095, CVE-2024-50000, CVE-2024-49981,
CVE-2024-49863, CVE-2024-47710, CVE-2024-49983, CVE-2024-26947,
CVE-2024-46852, CVE-2024-49871, CVE-2024-49936, CVE-2024-47720,
CVE-2024-49881, CVE-2024-47672, CVE-2024-50040, CVE-2024-49997,
CVE-2024-50044, CVE-2023-52532, CVE-2024-47740, CVE-2024-44942,
CVE-2024-49948, CVE-2023-52621, CVE-2024-49959, CVE-2024-47718,
CVE-2024-50188, CVE-2024-47699, CVE-2024-47756, CVE-2024-47723,
CVE-2024-46849, CVE-2024-50035, CVE-2024-50189, CVE-2024-47684,
CVE-2024-49900, CVE-2024-50024, CVE-2024-49851, CVE-2024-49860,
CVE-2024-49924, CVE-2024-49946, CVE-2024-44940, CVE-2023-52904,
CVE-2024-47679, CVE-2024-47748, CVE-2023-52917, CVE-2024-47735,
CVE-2024-46858, CVE-2024-35904, CVE-2024-47673, CVE-2024-49878,
CVE-2024-47739, CVE-2024-49973, CVE-2024-49935, CVE-2024-49875,
CVE-2024-49896, CVE-2024-47690, CVE-2024-50007, CVE-2024-49933,
CVE-2024-49958, CVE-2024-49913, CVE-2024-49883, CVE-2024-47742,
CVE-2024-41016, CVE-2024-50002, CVE-2024-49969, CVE-2024-46853,
CVE-2024-50031, CVE-2024-47698, CVE-2024-47749, CVE-2024-50059,
CVE-2024-49966, CVE-2024-50093, CVE-2024-27072, CVE-2024-50186,
CVE-2024-49895, CVE-2024-38632, CVE-2024-49995, CVE-2024-38545,
CVE-2024-38667, CVE-2024-36968, CVE-2024-49952, CVE-2024-50001,
CVE-2024-47697, CVE-2024-50045, CVE-2024-49856, CVE-2024-49852,
CVE-2024-47712, CVE-2023-52639, CVE-2024-49975, CVE-2024-42158,
CVE-2024-49962, CVE-2024-50181, CVE-2024-42156, CVE-2024-46855,
CVE-2024-47693, CVE-2024-47670, CVE-2024-47706, CVE-2024-50184,
CVE-2024-49965, CVE-2024-39463, CVE-2024-50191, CVE-2024-49866,
CVE-2024-49890, CVE-2024-49877, CVE-2024-49879, CVE-2024-49927,
CVE-2024-50039, CVE-2024-46859, CVE-2024-47674, CVE-2024-50096,
CVE-2024-50013, CVE-2024-46854, CVE-2024-49868, CVE-2024-49882,
CVE-2024-47671, CVE-2024-50179, CVE-2024-44931, CVE-2024-50046,
CVE-2024-50006, CVE-2024-49892, CVE-2024-49949, CVE-2024-42079,
CVE-2024-46865, CVE-2024-47692, CVE-2024-47713, CVE-2024-47701,
CVE-2024-49889, CVE-2024-49894, CVE-2024-50015, CVE-2024-49858,
CVE-2024-49955, CVE-2024-49867, CVE-2024-35951, CVE-2024-50033,
CVE-2024-49982, CVE-2024-47695, CVE-2024-50049, CVE-2024-49930,
CVE-2024-50041, CVE-2024-47737, CVE-2024-47685)
USN-7173-1: Linux kernel vulnerabilities
Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not
properly handle certain error conditions, leading to a NULL pointer
dereference. A local attacker could possibly trigger this vulnerability to
cause a denial of service. (CVE-2022-38096)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– GPU drivers;
– Network drivers;
– SCSI subsystem;
– Ext4 file system;
– Bluetooth subsystem;
– Memory management;
– Amateur Radio drivers;
– Network traffic control;
– Sun RPC protocol;
– VMware vSockets driver;
(CVE-2023-52821, CVE-2024-40910, CVE-2024-43892, CVE-2024-49967,
CVE-2024-50264, CVE-2024-36952, CVE-2024-38553, CVE-2021-47101,
CVE-2021-47001, CVE-2024-35965, CVE-2024-35963, CVE-2024-35966,
CVE-2024-35967, CVE-2024-53057, CVE-2024-38597)