This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-8595.
Multiple security issues have been found in the Mozilla Firefox web
browser, which could potentially result in the execution of arbitrary
code, cross-site scripting, spoofing or information disclosure.
thunderbird-115.16.1-1.fc39
Update to 115.16.1
https://www.thunderbird.net/en-US/thunderbird/115.16.1esr/releasenotes/
krb5-1.21.3-3.fc41
Security:
CVE-2024-3596: Fix for BlastRADIUS vulnerability in libkrad (support for Message-Authenticator attribute)
Marvin attack: Removal of the “RSA” method for PKINIT
Fix of miscellaneous mistakes in the code
Enhancement:
Rework of TCP request timeout (disabled by default, global timeout setting added)
krb5-1.21.3-2.fc40
Security:
CVE-2024-3596: Fix for BlastRADIUS vulnerability in libkrad (support for Message-Authenticator attribute)
Marvin attack: Removal of the “RSA” method for PKINIT
Fix of miscellaneous mistakes in the code
Enhancement:
Rework of TCP request timeout (disabled by default, global timeout setting added)
krb5-1.21.3-2.fc39
Security:
CVE-2024-3596: Fix for BlastRADIUS vulnerability in libkrad (support for Message-Authenticator attribute)
Marvin attack: Removal of the “RSA” method for PKINIT
Fix of miscellaneous mistakes in the code
Enhancement:
Rework of TCP request timeout (disabled by default, global timeout setting added)
USN-7085-1 fixed a vulnerability in X.Org. This update provides
the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.
Original advisory details:
Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled
certain memory operations in the X Keyboard Extension. An attacker could
use this issue to cause the X Server to crash, leading to a denial of
service, or possibly execute arbitrary code.
USN-7084-1 fixed vulnerability in urllib3. This update provides the
corresponding update for the urllib3 module bundled into pip.
Original advisory details:
It was discovered that urllib3 didn’t strip HTTP Proxy-Authorization
header on cross-origin redirects. A remote attacker could possibly use
this issue to obtain sensitive information.
yasm-1.3.0^20230922git9defefa-2.el9
Update to latest upstream commit, fixes CVE-2021-31975 and CVE-2021-33454. Internal testsuite was also enabled as part of the build.
thunderbird-128.4.0-1.fc41
Update to 128.4.0
https://www.thunderbird.net/en-US/thunderbird/128.4.0esr/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2024-58/
