Category Archives: Advisories

krb5-1.21.3-3.fc41

Read Time:18 Second

FEDORA-2024-c0961d31b8

Packages in this update:

krb5-1.21.3-3.fc41

Update description:

Security:

CVE-2024-3596: Fix for BlastRADIUS vulnerability in libkrad (support for Message-Authenticator attribute)
Marvin attack: Removal of the “RSA” method for PKINIT
Fix of miscellaneous mistakes in the code

Enhancement:

Rework of TCP request timeout (disabled by default, global timeout setting added)

Read More

krb5-1.21.3-2.fc40

Read Time:18 Second

FEDORA-2024-29a74ac2b0

Packages in this update:

krb5-1.21.3-2.fc40

Update description:

Security:

CVE-2024-3596: Fix for BlastRADIUS vulnerability in libkrad (support for Message-Authenticator attribute)
Marvin attack: Removal of the “RSA” method for PKINIT
Fix of miscellaneous mistakes in the code

Enhancement:

Rework of TCP request timeout (disabled by default, global timeout setting added)

Read More

krb5-1.21.3-2.fc39

Read Time:18 Second

FEDORA-2024-862f5c4156

Packages in this update:

krb5-1.21.3-2.fc39

Update description:

Security:

CVE-2024-3596: Fix for BlastRADIUS vulnerability in libkrad (support for Message-Authenticator attribute)
Marvin attack: Removal of the “RSA” method for PKINIT
Fix of miscellaneous mistakes in the code

Enhancement:

Rework of TCP request timeout (disabled by default, global timeout setting added)

Read More

USN-7085-2: X.Org X Server vulnerability

Read Time:22 Second

USN-7085-1 fixed a vulnerability in X.Org. This update provides
the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.

Original advisory details:

Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled
certain memory operations in the X Keyboard Extension. An attacker could
use this issue to cause the X Server to crash, leading to a denial of
service, or possibly execute arbitrary code.

Read More

USN-7084-2: pip vulnerability

Read Time:15 Second

USN-7084-1 fixed vulnerability in urllib3. This update provides the
corresponding update for the urllib3 module bundled into pip.

Original advisory details:

It was discovered that urllib3 didn’t strip HTTP Proxy-Authorization
header on cross-origin redirects. A remote attacker could possibly use
this issue to obtain sensitive information.

Read More