FEDORA-2024-f831fe4030

Packages in this update:

apr-1.7.5-1.fc41

Update description:

Update APR to version 1.7.5.

Read More

This vulnerability allows remote attackers to escalate privileges on affected installations of Progress Software WhatsUp Gold. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2024-6672.

Read More

This vulnerability allows remote attackers to bypass authentication on affected installations of Progress Software WhatsUp Gold. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 9.8. The following CVEs are assigned: CVE-2024-6671.

Read More

This vulnerability allows remote attackers to bypass authentication on affected installations of Progress Software WhatsUp Gold. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 9.8. The following CVEs are assigned: CVE-2024-6670.

Read More

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Progress Software WS_FTP. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 4.3. The following CVEs are assigned: CVE-2024-7744.

Read More

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DTN Soft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-8255.

Read More

Multiple security issues were discovered in Ghostscript, the GPL
PostScript/PDF interpreter, which could result in denial of service and
potentially the execution of arbitrary code if malformed document files
are processed.

https://security-tracker.debian.org/tracker/DSA-5760-1

Read More

Security issues were discovered in Chromium which could result
in the execution of arbitrary code, denial of service, or information
disclosure.

https://security-tracker.debian.org/tracker/DSA-5761-1

Read More

Yuxuan Hu discovered that the Bluetooth RFCOMM protocol driver in the Linux
Kernel contained a race condition, leading to a NULL pointer dereference.
An attacker could possibly use this to cause a denial of service (system
crash). (CVE-2024-22099)

It was discovered that a race condition existed in the Bluetooth subsystem
in the Linux kernel, leading to a null pointer dereference vulnerability. A
privileged local attacker could use this to possibly cause a denial of
service (system crash). (CVE-2024-24860)

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– SuperH RISC architecture;
– User-Mode Linux (UML);
– GPU drivers;
– MMC subsystem;
– Network drivers;
– PHY drivers;
– Pin controllers subsystem;
– Xen hypervisor drivers;
– GFS2 file system;
– Core kernel;
– Bluetooth subsystem;
– IPv4 networking;
– IPv6 networking;
– HD-audio driver;
– ALSA SH drivers;
(CVE-2024-26903, CVE-2024-35835, CVE-2023-52644, CVE-2024-39292,
CVE-2024-36940, CVE-2024-26600, CVE-2023-52629, CVE-2024-35955,
CVE-2023-52760, CVE-2023-52806, CVE-2024-39484, CVE-2024-26679,
CVE-2024-26654, CVE-2024-36901, CVE-2024-26687, CVE-2023-52470)

Read More

FEDORA-2024-f28bec9f9c

Packages in this update:

python3.13-3.13.0~rc1-3.fc41

Update description:

Security fix for CVE-2024-8088

Read More