Posted by Martin Heiland via Fulldisclosure on Sep 09

Dear subscribers,

We’re sharing our latest advisory with you and like to thank everyone who contributed in finding and solving those
vulnerabilities. Feel free to join our bug bounty programs for OX App Suite, Dovecot and PowerDNS at YesWeHack.

This advisory has also been published at
https://documentation.open-xchange.com/appsuite/security/advisories/html/2024/oxas-adv-2024-0005.html.

Yours sincerely,
Martin Heiland, Open-Xchange…

Read More

FEDORA-2024-acb9425c93

Packages in this update:

bluez-5.78-1.fc41
iwd-2.21-1.fc41
libell-0.69-1.fc41

Update description:

libell 0.69:

Add support for getting remaining microseconds left on a timer.
Add support for setting link MTU on a network interface.

iwd 2.21:

Fix issue with pending scan requests after regdom update.
Fix issue with handling the rearming of the roaming timeout.
Fix issue with survey request and externally triggered scans.
Fix issue with RSSI fallback when setting CQM threshold fails.
Fix issue with FT-over-Air without offchannel support.
Add support for per station Affinities property.

bluez 5.78:

Fix issue with handling notification of scanned BISes to BASS
Fix issue with handling checking BIS caps against peer caps.
Fix issue with handling MGMT Set Device Flags overwrites.
Fix issue with handling ASE notification order.
Fix issue with handling BIG Info report events.
Fix issue with handling PACS Server role.
Fix issue with registering UHID_START multiple times.
Fix issue with pairing method not setting auto-connect.

Read More

FEDORA-2024-223428e702

Packages in this update:

bluez-5.78-1.fc40
iwd-2.21-1.fc40
libell-0.69-1.fc40

Update description:

libell 0.69:

Add support for getting remaining microseconds left on a timer.
Add support for setting link MTU on a network interface.

iwd 2.21:

Fix issue with pending scan requests after regdom update.
Fix issue with handling the rearming of the roaming timeout.
Fix issue with survey request and externally triggered scans.
Fix issue with RSSI fallback when setting CQM threshold fails.
Fix issue with FT-over-Air without offchannel support.
Add support for per station Affinities property.

bluez 5.78:

Fix issue with handling notification of scanned BISes to BASS
Fix issue with handling checking BIS caps against peer caps.
Fix issue with handling MGMT Set Device Flags overwrites.
Fix issue with handling ASE notification order.
Fix issue with handling BIG Info report events.
Fix issue with handling PACS Server role.
Fix issue with registering UHID_START multiple times.
Fix issue with pairing method not setting auto-connect.

Read More

FEDORA-2024-3dbf10c949

Packages in this update:

linux-firmware-20240909-1.fc39

Update description:

Update to upstream 20240909:

i915: Update MTL DMC v2.23
cirrus: cs35l56: Add firmware for Cirrus CS35L54 for some HP laptops
amdgpu: Revert sienna cichlid dmcub firmware update
iwlwifi: add Bz FW for core89-58 release
rtl_nic: add firmware rtl8126a-3
update MT7921 WiFi/bluetooth device firmware
amdgpu: update DMCUB to v0.0.232.0 for DCN314 and DCN351
amdgpu: DMCUB updates forvarious AMDGPU ASICs
rtw89: 8922a: add fw format-1 v0.35.41.0
update MT7925 WiFi/bluetooth device firmware
rtl_bt: Add firmware and config files for RTL8922A
rtl_bt: Add firmware file for the the RTL8723CS Bluetooth part
rtl_bt: de-dupe identical config.bin files
rename rtl8723bs_config-OBDA8723.bin -> rtl_bt/rtl8723bs_config.bin
Update AMD SEV firmware
update firmware for MT7996
Revert “i915: Update MTL DMC v2.22”
ath12k: WCN7850 hw2.0: update board-2.bin
ath11k: WCN6855 hw2.0: update to WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.41
ath11k: WCN6855 hw2.0: update board-2.bin
ath11k: QCA2066 hw2.1: add to WLAN.HSP.1.1-03926.13-QCAHSPSWPL_V2_SILICONZ_CE-2.52297.3
ath11k: QCA2066 hw2.1: add board-2.bin
ath11k: IPQ5018 hw1.0: update to WLAN.HK.2.6.0.1-01291-QCAHKSWPL_SILICONZ-1
qcom: vpu: add video firmware for sa8775p
amdgpu: DMCUB updates for various AMDGPU ASICs

Read More

FEDORA-2024-f32e633786

Packages in this update:

linux-firmware-20240909-1.fc40

Update description:

Update to upstream 20240909:

i915: Update MTL DMC v2.23
cirrus: cs35l56: Add firmware for Cirrus CS35L54 for some HP laptops
amdgpu: Revert sienna cichlid dmcub firmware update
iwlwifi: add Bz FW for core89-58 release
rtl_nic: add firmware rtl8126a-3
update MT7921 WiFi/bluetooth device firmware
amdgpu: update DMCUB to v0.0.232.0 for DCN314 and DCN351
amdgpu: DMCUB updates forvarious AMDGPU ASICs
rtw89: 8922a: add fw format-1 v0.35.41.0
update MT7925 WiFi/bluetooth device firmware
rtl_bt: Add firmware and config files for RTL8922A
rtl_bt: Add firmware file for the the RTL8723CS Bluetooth part
rtl_bt: de-dupe identical config.bin files
rename rtl8723bs_config-OBDA8723.bin -> rtl_bt/rtl8723bs_config.bin
Update AMD SEV firmware
update firmware for MT7996
Revert “i915: Update MTL DMC v2.22”
ath12k: WCN7850 hw2.0: update board-2.bin
ath11k: WCN6855 hw2.0: update to WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.41
ath11k: WCN6855 hw2.0: update board-2.bin
ath11k: QCA2066 hw2.1: add to WLAN.HSP.1.1-03926.13-QCAHSPSWPL_V2_SILICONZ_CE-2.52297.3
ath11k: QCA2066 hw2.1: add board-2.bin
ath11k: IPQ5018 hw1.0: update to WLAN.HK.2.6.0.1-01291-QCAHKSWPL_SILICONZ-1
qcom: vpu: add video firmware for sa8775p
amdgpu: DMCUB updates for various AMDGPU ASICs

Read More

FEDORA-2024-3cd42e9e29

Packages in this update:

linux-firmware-20240909-1.fc41

Update description:

Update to upstream 20240909:

i915: Update MTL DMC v2.23
cirrus: cs35l56: Add firmware for Cirrus CS35L54 for some HP laptops
amdgpu: Revert sienna cichlid dmcub firmware update
iwlwifi: add Bz FW for core89-58 release
rtl_nic: add firmware rtl8126a-3
update MT7921 WiFi/bluetooth device firmware
amdgpu: update DMCUB to v0.0.232.0 for DCN314 and DCN351
amdgpu: DMCUB updates forvarious AMDGPU ASICs
rtw89: 8922a: add fw format-1 v0.35.41.0
update MT7925 WiFi/bluetooth device firmware
rtl_bt: Add firmware and config files for RTL8922A
rtl_bt: Add firmware file for the the RTL8723CS Bluetooth part
rtl_bt: de-dupe identical config.bin files
rename rtl8723bs_config-OBDA8723.bin -> rtl_bt/rtl8723bs_config.bin
Update AMD SEV firmware
update firmware for MT7996
Revert “i915: Update MTL DMC v2.22”
ath12k: WCN7850 hw2.0: update board-2.bin
ath11k: WCN6855 hw2.0: update to WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.41
ath11k: WCN6855 hw2.0: update board-2.bin
ath11k: QCA2066 hw2.1: add to WLAN.HSP.1.1-03926.13-QCAHSPSWPL_V2_SILICONZ_CE-2.52297.3
ath11k: QCA2066 hw2.1: add board-2.bin
ath11k: IPQ5018 hw1.0: update to WLAN.HK.2.6.0.1-01291-QCAHKSWPL_SILICONZ-1
qcom: vpu: add video firmware for sa8775p
amdgpu: DMCUB updates for various AMDGPU ASICs

Read More

FEDORA-2024-55a5adeec4

Packages in this update:

firefox-130.0-5.fc41

Update description:

PipeWire camera support: backport set of upstream patches

New upstream update (130.0)

Read More

It was discovered that LibTIFF incorrectly handled memory. An attacker
could possibly use this issue to cause the application to crash, resulting
in a denial of service.

Read More

USN-6841-1 fixed a vulnerability in PHP. This update provides the
corresponding updates for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.

Original advisory details:

It was discovered that PHP could early return in the filter_var function
resulting in invalid user information being treated as valid user
information. An attacker could possibly use this issue to expose raw
user input information.

Read More

Several security issues were discovered in the WebKitGTK Web and JavaScript
engines. If a user were tricked into viewing a malicious website, a remote
attacker could exploit a variety of issues related to web browser security,
including cross-site scripting attacks, denial of service attacks, and
arbitrary code execution.

Read More