Multiple security issues were discovered in Python, a high-level,
interactive, object-oriented language:

CVE-2024-0397

A race condition in the ssl module was found when accessing
CA certificates.

CVE-2024-4032

The ipaddress module contained incorrect information whether
some ipv4 and ipv6 address ranges are designated as globally
reachable or private.

CVE-2024-8088

Incorrect handling of path names in the zipfile module could
result in an infinite loop when processing a zip archive
(resulting in denial of service)

https://security-tracker.debian.org/tracker/DSA-5759-1

Read More

It was discovered that a race condition existed in the Bluetooth subsystem
in the Linux kernel, leading to a null pointer dereference vulnerability. A
privileged local attacker could use this to possibly cause a denial of
service (system crash). (CVE-2024-24860)

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– SuperH RISC architecture;
– MMC subsystem;
– Network drivers;
– SCSI drivers;
– GFS2 file system;
– IPv4 networking;
– IPv6 networking;
– HD-audio driver;
(CVE-2024-26830, CVE-2024-39484, CVE-2024-36901, CVE-2024-26929,
CVE-2024-26921, CVE-2021-46926, CVE-2023-52629, CVE-2023-52760)

Read More

FEDORA-2024-926631fe97

Packages in this update:

mingw-python3-3.11.9-1.fc40

Update description:

Update to python-3.11.9. Backport fix for CVE-2024-6923.

Read More

FEDORA-2024-f3851065c0

Packages in this update:

mingw-python3-3.11.9-1.fc39

Update description:

Update to python-3.11.9. Backport fix for CVE-2024-6923.

Read More

Several vulnerabilities were discovered in Apache Traffic Server,
a reverse and forward proxy server, which could result in denial
of service or request smuggling.

https://security-tracker.debian.org/tracker/DSA-5758-1

Read More

FEDORA-2024-a455bea9ca

Packages in this update:

calibre-7.17.0-3.fc40

Update description:

Fix fonts for < f41 releases.

Upgrade to latest upstream release to fix 4 CVE’s and enable new hardware

Read More

Posted by Jeffrey Walton on Aug 24

There’s no difference between sending the password or Hash(password)
at the client. It is similar to (but weaker than) HTTP digest
authentication.

There’s nothing to see here.

Jeff

Read More

Posted by David Brown via Fulldisclosure on Aug 24

Title
=====

SCHUTZWERK-SA-2024-004: Buffer overread in U-Boot DHCP

Status
======

PUBLISHED

Version
=======

1.0

CVE reference
=============

CVE-2024-42040

Link
====

https://www.schutzwerk.com/advisories/schutzwerk-sa-2024-004/

Text-only version:
https://www.schutzwerk.com/advisories/SCHUTZWERK-SA-2024-004.txt

Affected products/vendor
========================

Das U-Boot, https://docs.u-boot.org

Summary
=======

Das U-Boot (U-Boot) is a…

Read More

FEDORA-2024-6f1ed8b501

Packages in this update:

calibre-7.17.0-2.fc40

Update description:

Upgrade to latest upstream release to fix 4 CVE’s and enable new hardware

Read More

Multiple vulnerabilities have been discovered in SolarWinds Web Help Desk (WHD), the most severe of which could allow for remote code execution. Web Help Desk (WHD) is a SolarWinds IT help desk solution. Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution in the context of the system. Depending on the privileges associated with the system, an attacker could then install programs; view, change, or delete data.

Read More