Category Archives: Advisories

linux-firmware-20240909-1.fc41

Read Time:1 Minute, 13 Second

FEDORA-2024-3cd42e9e29

Packages in this update:

linux-firmware-20240909-1.fc41

Update description:

Update to upstream 20240909:

i915: Update MTL DMC v2.23
cirrus: cs35l56: Add firmware for Cirrus CS35L54 for some HP laptops
amdgpu: Revert sienna cichlid dmcub firmware update
iwlwifi: add Bz FW for core89-58 release
rtl_nic: add firmware rtl8126a-3
update MT7921 WiFi/bluetooth device firmware
amdgpu: update DMCUB to v0.0.232.0 for DCN314 and DCN351
amdgpu: DMCUB updates forvarious AMDGPU ASICs
rtw89: 8922a: add fw format-1 v0.35.41.0
update MT7925 WiFi/bluetooth device firmware
rtl_bt: Add firmware and config files for RTL8922A
rtl_bt: Add firmware file for the the RTL8723CS Bluetooth part
rtl_bt: de-dupe identical config.bin files
rename rtl8723bs_config-OBDA8723.bin -> rtl_bt/rtl8723bs_config.bin
Update AMD SEV firmware
update firmware for MT7996
Revert “i915: Update MTL DMC v2.22”
ath12k: WCN7850 hw2.0: update board-2.bin
ath11k: WCN6855 hw2.0: update to WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.41
ath11k: WCN6855 hw2.0: update board-2.bin
ath11k: QCA2066 hw2.1: add to WLAN.HSP.1.1-03926.13-QCAHSPSWPL_V2_SILICONZ_CE-2.52297.3
ath11k: QCA2066 hw2.1: add board-2.bin
ath11k: IPQ5018 hw1.0: update to WLAN.HK.2.6.0.1-01291-QCAHKSWPL_SILICONZ-1
qcom: vpu: add video firmware for sa8775p
amdgpu: DMCUB updates for various AMDGPU ASICs

Read More

USN-6841-2: PHP vulnerability

Read Time:19 Second

USN-6841-1 fixed a vulnerability in PHP. This update provides the
corresponding updates for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.

Original advisory details:

It was discovered that PHP could early return in the filter_var function
resulting in invalid user information being treated as valid user
information. An attacker could possibly use this issue to expose raw
user input information.

Read More

USN-6996-1: WebKitGTK vulnerabilities

Read Time:15 Second

Several security issues were discovered in the WebKitGTK Web and JavaScript
engines. If a user were tricked into viewing a malicious website, a remote
attacker could exploit a variety of issues related to web browser security,
including cross-site scripting attacks, denial of service attacks, and
arbitrary code execution.

Read More

ZDI-24-1196: Adobe Acrobat Reader DC Doc Object Use-After-Free Information Disclosure Vulnerability

Read Time:17 Second

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 3.3. The following CVEs are assigned: CVE-2024-45107.

Read More

USN-6995-1: Thunderbird vulnerabilities

Read Time:1 Minute, 13 Second

Multiple security issues were discovered in Thunderbird. If a user were
tricked into opening a specially crafted website in a browsing context, an
attacker could potentially exploit these to cause a denial of service,
obtain sensitive information, bypass security restrictions, cross-site
tracing, or execute arbitrary code. (CVE-2024-7521, CVE-2024-7526,
CVE-2024-7527, CVE-2024-7529, CVE-2024-8382)

It was discovered that Thunderbird did not properly manage certain memory
operations when processing graphics shared memory. An attacker could
potentially exploit this issue to escape the sandbox. (CVE-2024-7519)

Irvan Kurniawan discovered that Thunderbird did not properly check an
attribute value in the editor component, leading to an out-of-bounds read
vulnerability. An attacker could possibly use this issue to cause a denial
of service or expose sensitive information. (CVE-2024-7522)

Rob Wu discovered that Thunderbird did not properly check permissions when
creating a StreamFilter. An attacker could possibly use this issue to
modify response body of requests on any site using a web extension.
(CVE-2024-7525)

Nils Bars discovered that Thunderbird contained a type confusion
vulnerability when performing certain property name lookups. An attacker
could potentially exploit this issue to cause a denial of service, or
execute arbitrary code. (CVE-2024-8381)

It was discovered that Thunderbird did not properly manage memory during
garbage collection. An attacker could potentially exploit this issue to
cause a denial of service, or execute arbitrary code. (CVE-2024-8384)

Read More