python3.6-3.6.15-35.fc42
Automatic update for python3.6-3.6.15-35.fc42.
* Fri Aug 16 2024 Tomáš Hrnčiar <thrnciar@redhat.com> – 3.6.15-35
– Security fix for CVE-2024-6923 (rhbz#2303161)
Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code. (CVE-2024-7518,
CVE-2024-7521, CVE-2024-7524, CVE-2024-7526, CVE-2024-7527, CVE-2024-7528,
CVE-2024-7529, CVE-2024-7530, CVE-2024-7531)
It was discovered that Firefox did not properly manage certain memory
operations when processing graphics shared memory. An attacker could
potentially exploit this issue to escape the sandbox. (CVE-2024-7519)
Nan Wang discovered that Firefox did not properly handle type check in
WebAssembly. An attacker could potentially exploit this issue to execute
arbitrary code. (CVE-2024-7520)
Irvan Kurniawan discovered that Firefox did not properly check an attribute
value in the editor component, leading to an out-of-bounds read
vulnerability. An attacker could possibly use this issue to cause a denial
of service or expose sensitive information. (CVE-2024-7522)
Rob Wu discovered that Firefox did not properly check permissions when
creating a StreamFilter. An attacker could possibly use this issue to
modify response body of requests on any site using a web extension.
(CVE-2024-7525)
It was discovered that Rack incorrectly parsed certain media types. A
remote attacker could possibly use this issue to cause Rack to consume
resources, leading to a denial of service. This issue only affected
Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2024-25126)
It was discovered that Rack incorrectly handled certain Range headers. A
remote attacker could possibly use this issue to cause Rack to create
large responses, leading to a denial of service. (CVE-2024-26141)
It was discovered that Rack incorrectly handled certain crafted headers. A
remote attacker could possibly use this issue to cause Rack to consume
resources, leading to a denial of service. (CVE-2024-26146)
Joshua Rogers that incorrect parsing of ESI variables in the Squid proxy
caching server could result in memory corruption.
dotnet8.0-8.0.108-1.fc39
This is the August 2024 monthly update for .NET 8. This includes a fix for CVE-2024-38167
Release Notes:
SDK: https://github.com/dotnet/core/blob/main/release-notes/8.0/8.0.8/8.0.108.md
Runtime: https://github.com/dotnet/core/blob/main/release-notes/8.0/8.0.8/8.0.8.md
dotnet8.0-8.0.108-1.fc40
This is the August 2024 monthly update for .NET 8. This includes a fix for CVE-2024-38167
Release Notes:
SDK: https://github.com/dotnet/core/blob/main/release-notes/8.0/8.0.8/8.0.108.md
Runtime: https://github.com/dotnet/core/blob/main/release-notes/8.0/8.0.8/8.0.8.md
webkit2gtk4.0-2.44.3-2.fc40
Update to 2.44.3
restic-0.17.0-1.fc41
Automatic update for restic-0.17.0-1.fc41.
* Sun Aug 18 2024 Mikel Olasagasti Uranga <mikel@olasagasti.info> – 0.17.0-1
– Update to 0.17.0 – Closes rhbz#2258380 rhbz#2292718 rhbz#2255107
restic-0.17.0-1.fc42
Automatic update for restic-0.17.0-1.fc42.
* Sun Aug 18 2024 Mikel Olasagasti Uranga <mikel@olasagasti.info> – 0.17.0-1
– Update to 0.17.0 – Closes rhbz#2258380 rhbz#2292718 rhbz#2255107
Posted by Andrey Stoykov on Aug 17
# Exploit Title: Authenticated Code Injection – smfv2.1.4
# Date: 8/2024
# Exploit Author: Andrey Stoykov
# Version: 2.1.4
# Tested on: Ubuntu 22.04
# Blog:
https://msecureltd.blogspot.com/2024/06/friday-fun-pentest-series-7-smfv214.html
Code Injection Authenticated:
Steps to Reproduce:
1. Login as admin
2. Browse to “Current Theme”
3. Click on “Modify Themes” > “SMF Default Theme”
4. Click on…
