FEDORA-2023-123647648e
Packages in this update:
openssh-9.0p1-15.fc38
Update description:
Avoid possible self-DoS attack
Resolves: CVE-2023-25136
openssh-9.0p1-15.fc38
Avoid possible self-DoS attack
Resolves: CVE-2023-25136
ceph-16.2.12-1.fc36
ceph 16.2.12 GA
Security fix for CVE-2022-3650
It was discovered that the System V IPC implementation in the Linux kernel
did not properly handle large shared memory counts. A local attacker could
use this to cause a denial of service (memory exhaustion). (CVE-2021-3669)
It was discovered that the KVM VMX implementation in the Linux kernel did
not properly handle indirect branch prediction isolation between L1 and L2
VMs. An attacker in a guest VM could use this to expose sensitive
information from the host OS or other guest VMs. (CVE-2022-2196)
Gerald Lee discovered that the USB Gadget file system implementation in the
Linux kernel contained a race condition, leading to a use-after-free
vulnerability in some situations. A local attacker could use this to cause
a denial of service (system crash) or possibly execute arbitrary code.
(CVE-2022-4382)
It was discovered that the RNDIS USB driver in the Linux kernel contained
an integer overflow vulnerability. A local attacker with physical access
could plug in a malicious USB device to cause a denial of service (system
crash) or possibly execute arbitrary code. (CVE-2023-23559)
thunderbird-102.10.0-1.fc36
Update to 102.10.0 ;
https://www.mozilla.org/en-US/security/advisories/mfsa2023-15/ ;
https://www.thunderbird.net/en-US/thunderbird/102.10.0/releasenotes/
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sonos One Speaker. Authentication is not required to exploit this vulnerability.
This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Sonos One Speaker. Authentication is not required to exploit this vulnerability.
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sonos One Speaker. Authentication is not required to exploit this vulnerability.
This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Sonos One Speaker. Authentication is not required to exploit this vulnerability.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric APC Easy UPS Online. Authentication is not required to exploit this vulnerability.