FEDORA-2023-0070b20b20
Packages in this update:
cpp-httplib-0.12.5-1.fc38
Update description:
Update to https://github.com/yhirose/cpp-httplib/releases/tag/v0.12.5
cpp-httplib-0.12.5-1.fc38
Update to https://github.com/yhirose/cpp-httplib/releases/tag/v0.12.5
Posted by Julien Ahrens (RCE Security) on Jun 02
RCE Security Advisory
https://www.rcesecurity.com
1. ADVISORY INFORMATION
=======================
Product: FC Red Bull Salzburg App
Vendor URL: https://play.google.com/store/apps/details?id=laola.redbull
Type: Improper Authorization in Handler for Custom URL Scheme [CWE-939]
Date found: 2023-04-06
Date published: 2023-06-01
CVSSv3 Score: 6.1 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
CVE: CVE-2023-29459…
Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in
the netfilter subsystem of the Linux kernel when processing batch requests,
leading to a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2023-32233)
Gwangun Jung discovered that the Quick Fair Queueing scheduler
implementation in the Linux kernel contained an out-of-bounds write
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-31436)
Reima Ishii discovered that the nested KVM implementation for Intel x86
processors in the Linux kernel did not properly validate control registers
in certain situations. An attacker in a guest VM could use this to cause a
denial of service (guest crash). (CVE-2023-30456)
It was discovered that the Broadcom FullMAC USB WiFi driver in the Linux
kernel did not properly perform data buffer size validation in some
situations. A physically proximate attacker could use this to craft a
malicious USB device that when inserted, could cause a denial of service
(system crash) or possibly expose sensitive information. (CVE-2023-1380)
Jean-Baptiste Cayrou discovered that the shiftfs file system in the Ubuntu
Linux kernel contained a race condition when handling inode locking in some
situations. A local attacker could use this to cause a denial of service
(kernel deadlock). (CVE-2023-2612)
sympa-6.2.72-2.el8
Update to sympa 6.2.72
Fixes CVE-2021-32850
For details, see:
https://github.com/sympa-community/sympa/releases/tag/6.2.72
sympa-6.2.72-2.el9
Update to sympa 6.2.72
Fixes CVE-2021-32850
For details, see:
https://github.com/sympa-community/sympa/releases/tag/6.2.72
sympa-6.2.72-2.el7
Update to sympa 6.2.72
Fixes CVE-2021-32850
For details, see:
https://github.com/sympa-community/sympa/releases/tag/6.2.72
sympa-6.2.72-2.fc38
Update to sympa 6.2.72
Fixes CVE-2021-32850
For details, see:
https://github.com/sympa-community/sympa/releases/tag/6.2.72
sympa-6.2.72-2.fc37
Update to sympa 6.2.72
Fixes CVE-2021-32850
For details, see:
https://github.com/sympa-community/sympa/releases/tag/6.2.72
A Vulnerability has been discovered in Progress Moveit Transfer, which could allow for potential unauthorized access to the environment, escalated privileges, and remote code execution. MOVEit Transfer is a managed file transfer software that allows the enterprise to securely transfer files between business partners and customers using SFTP, SCP, and HTTP-based uploads. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights
matrix-synapse-1.63.1-3.fc37
Security fix for CVE-2022-39335