FEDORA-2024-4f08c1a90a
Packages in this update:
age-1.2.1-1.fc41
Update description:
Update to 1.2.1 to fix https://github.com/FiloSottile/age/security/advisories/GHSA-32gq-x56h-299c security issue.
age-1.2.1-1.fc41
Update to 1.2.1 to fix https://github.com/FiloSottile/age/security/advisories/GHSA-32gq-x56h-299c security issue.
It was discovered that libvpx did not properly handle certain malformed
media files. If an application using libvpx opened a specially crafted
file, a remote attacker could cause a denial of service, or possibly
execute arbitrary code. Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, Ubuntu 18.04
LTS, and Ubuntu 16.04 LTS were previously addressed in USN-6403-1,
USN-6403-2, and USN-6403-3. This update addresses the issue in Ubuntu 14.04
LTS.
Antonio Morales discovered that GStreamer Good Plugins incorrectly handled
certain malformed media files. An attacker could use these issues to cause
GStreamer Good Plugins to crash, resulting in a denial of service, or
possibly execute arbitrary code.
Antonio Morales discovered that GStreamer Base Plugins incorrectly handled
certain malformed media files. An attacker could use these issues to cause
GStreamer Base Plugins to crash, resulting in a denial of service, or
possibly execute arbitrary code.
Antonio Morales discovered that GStreamer incorrectly handled allocating
memory for certain buffers. An attacker could use this issue to cause
GStreamer to crash, resulting in a denial of service, or possibly execute
arbitrary code.
It was discovered that PHPUnit incorrectly handled web requests if exposed
to the internet. An attacker could possibly use this issue to achive remote
code execution or obtain sensitive information.
It was discovered that EditorConfig improperly managed memory when handling
certain inputs, leading to overflows. An attacker could possibly use these
issues to cause a denial of service, or execute arbitrary code.
dante-1.4.4-1.fc42
Automatic update for dante-1.4.4-1.fc42.
* Wed Dec 18 2024 Tim Semeijn <tim@semeijn.net> – 1.4.4-1
– Update to 1.4.4 (fixes rhbz#2332886, rhbz#2332915, rhbz#2332916,
rhbz#2332917 & rhbz#2332918)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– ARM32 architecture;
– ARM64 architecture;
– S390 architecture;
– x86 architecture;
– Power management core;
– GPU drivers;
– InfiniBand drivers;
– Network drivers;
– S/390 drivers;
– TTY drivers;
– BTRFS file system;
– EROFS file system;
– F2FS file system;
– File systems infrastructure;
– BPF subsystem;
– Socket messages infrastructure;
– Bluetooth subsystem;
– Ethernet bridge;
– Networking core;
– IPv4 networking;
– SELinux security module;
(CVE-2022-48938, CVE-2024-42156, CVE-2024-36953, CVE-2024-38538,
CVE-2021-47501, CVE-2024-42068, CVE-2024-26947, CVE-2024-46724,
CVE-2024-36968, CVE-2023-52497, CVE-2024-35951, CVE-2023-52488,
CVE-2024-44940, CVE-2022-48733, CVE-2023-52498, CVE-2022-48943,
CVE-2024-35904, CVE-2024-42077, CVE-2024-36938, CVE-2023-52639,
CVE-2024-42240, CVE-2024-44942, CVE-2021-47076)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– ARM32 architecture;
– RISC-V architecture;
– S390 architecture;
– x86 architecture;
– Block layer subsystem;
– ACPI drivers;
– Drivers core;
– ATA over ethernet (AOE) driver;
– TPM device driver;
– Clock framework and drivers;
– Buffer Sharing and Synchronization framework;
– EFI core;
– GPIO subsystem;
– GPU drivers;
– HID subsystem;
– I2C subsystem;
– InfiniBand drivers;
– Input Device core drivers;
– Mailbox framework;
– Media drivers;
– Ethernet bonding driver;
– Network drivers;
– Mellanox network drivers;
– Microsoft Azure Network Adapter (MANA) driver;
– STMicroelectronics network drivers;
– NTB driver;
– Virtio pmem driver;
– PCI subsystem;
– x86 platform drivers;
– S/390 drivers;
– SCSI subsystem;
– SPI subsystem;
– Thermal drivers;
– USB Device Class drivers;
– USB Type-C Port Controller Manager driver;
– VFIO drivers;
– Virtio Host (VHOST) subsystem;
– Framebuffer layer;
– 9P distributed file system;
– BTRFS file system;
– Ceph distributed file system;
– File systems infrastructure;
– Ext4 file system;
– F2FS file system;
– GFS2 file system;
– JFS file system;
– Network file system (NFS) client;
– Network file system (NFS) server daemon;
– NILFS2 file system;
– Network file system (NFS) superblock;
– Bluetooth subsystem;
– Network traffic control;
– Network sockets;
– TCP network protocol;
– BPF subsystem;
– Perf events;
– Kernel thread helper (kthread);
– Padata parallel execution mechanism;
– Arbitrary resource management;
– Static call mechanism;
– Tracing infrastructure;
– Memory management;
– Ethernet bridge;
– CAN network layer;
– Networking core;
– IPv4 networking;
– IPv6 networking;
– MAC80211 subsystem;
– Multipath TCP;
– Netfilter;
– Netlink;
– SCTP protocol;
– TIPC protocol;
– SELinux security module;
– Simplified Mandatory Access Control Kernel framework;
– AudioScience HPI driver;
– Amlogic Meson SoC drivers;
– USB sound devices;
(CVE-2024-49944, CVE-2024-49907, CVE-2024-50062, CVE-2024-36893,
CVE-2024-49985, CVE-2024-49903, CVE-2024-49886, CVE-2024-50180,
CVE-2024-47757, CVE-2024-49938, CVE-2024-49902, CVE-2024-47709,
CVE-2024-49884, CVE-2024-49967, CVE-2024-49977, CVE-2024-47734,
CVE-2024-49954, CVE-2024-49963, CVE-2024-47747, CVE-2024-50008,
CVE-2024-47696, CVE-2024-50038, CVE-2024-46695, CVE-2024-47705,
CVE-2024-49957, CVE-2024-38538, CVE-2024-50019, CVE-2024-38544,
CVE-2024-50003, CVE-2024-50095, CVE-2024-50000, CVE-2024-49981,
CVE-2024-49863, CVE-2024-47710, CVE-2024-49983, CVE-2024-26947,
CVE-2024-46852, CVE-2024-49871, CVE-2024-49936, CVE-2024-47720,
CVE-2024-49881, CVE-2024-47672, CVE-2024-50040, CVE-2024-49997,
CVE-2024-50044, CVE-2023-52532, CVE-2024-47740, CVE-2024-44942,
CVE-2024-49948, CVE-2023-52621, CVE-2024-49959, CVE-2024-47718,
CVE-2024-50188, CVE-2024-47699, CVE-2024-47756, CVE-2024-47723,
CVE-2024-46849, CVE-2024-50035, CVE-2024-50189, CVE-2024-47684,
CVE-2024-49900, CVE-2024-50024, CVE-2024-49851, CVE-2024-49860,
CVE-2024-49924, CVE-2024-49946, CVE-2024-44940, CVE-2023-52904,
CVE-2024-47679, CVE-2024-47748, CVE-2023-52917, CVE-2024-47735,
CVE-2024-46858, CVE-2024-35904, CVE-2024-47673, CVE-2024-49878,
CVE-2024-47739, CVE-2024-49973, CVE-2024-49935, CVE-2024-49875,
CVE-2024-49896, CVE-2024-47690, CVE-2024-50007, CVE-2024-49933,
CVE-2024-49958, CVE-2024-49913, CVE-2024-49883, CVE-2024-47742,
CVE-2024-41016, CVE-2024-50002, CVE-2024-49969, CVE-2024-46853,
CVE-2024-50031, CVE-2024-47698, CVE-2024-47749, CVE-2024-50059,
CVE-2024-49966, CVE-2024-50093, CVE-2024-27072, CVE-2024-50186,
CVE-2024-49895, CVE-2024-38632, CVE-2024-49995, CVE-2024-38545,
CVE-2024-38667, CVE-2024-36968, CVE-2024-49952, CVE-2024-50001,
CVE-2024-47697, CVE-2024-50045, CVE-2024-49856, CVE-2024-49852,
CVE-2024-47712, CVE-2023-52639, CVE-2024-49975, CVE-2024-42158,
CVE-2024-49962, CVE-2024-50181, CVE-2024-42156, CVE-2024-46855,
CVE-2024-47693, CVE-2024-47670, CVE-2024-47706, CVE-2024-50184,
CVE-2024-49965, CVE-2024-39463, CVE-2024-50191, CVE-2024-49866,
CVE-2024-49890, CVE-2024-49877, CVE-2024-49879, CVE-2024-49927,
CVE-2024-50039, CVE-2024-46859, CVE-2024-47674, CVE-2024-50096,
CVE-2024-50013, CVE-2024-46854, CVE-2024-49868, CVE-2024-49882,
CVE-2024-47671, CVE-2024-50179, CVE-2024-44931, CVE-2024-50046,
CVE-2024-50006, CVE-2024-49892, CVE-2024-49949, CVE-2024-42079,
CVE-2024-46865, CVE-2024-47692, CVE-2024-47713, CVE-2024-47701,
CVE-2024-49889, CVE-2024-49894, CVE-2024-50015, CVE-2024-49858,
CVE-2024-49955, CVE-2024-49867, CVE-2024-35951, CVE-2024-50033,
CVE-2024-49982, CVE-2024-47695, CVE-2024-50049, CVE-2024-49930,
CVE-2024-50041, CVE-2024-47737, CVE-2024-47685)