This vulnerability allows local attackers to disclose sensitive information on affected installations of Linux Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.5.
Multiple security issues were discovered in Python, a high-level,
interactive, object-oriented language:
CVE-2024-0397
A race condition in the ssl module was found when accessing
CA certificates.
CVE-2024-4032
The ipaddress module contained incorrect information whether
some ipv4 and ipv6 address ranges are designated as globally
reachable or private.
CVE-2024-8088
Incorrect handling of path names in the zipfile module could
result in an infinite loop when processing a zip archive
(resulting in denial of service)
It was discovered that a race condition existed in the Bluetooth subsystem
in the Linux kernel, leading to a null pointer dereference vulnerability. A
privileged local attacker could use this to possibly cause a denial of
service (system crash). (CVE-2024-24860)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– SuperH RISC architecture;
– MMC subsystem;
– Network drivers;
– SCSI drivers;
– GFS2 file system;
– IPv4 networking;
– IPv6 networking;
– HD-audio driver;
(CVE-2024-26830, CVE-2024-39484, CVE-2024-36901, CVE-2024-26929,
CVE-2024-26921, CVE-2021-46926, CVE-2023-52629, CVE-2023-52760)
mingw-python3-3.11.9-1.fc40
Update to python-3.11.9. Backport fix for CVE-2024-6923.
mingw-python3-3.11.9-1.fc39
Update to python-3.11.9. Backport fix for CVE-2024-6923.
Several vulnerabilities were discovered in Apache Traffic Server,
a reverse and forward proxy server, which could result in denial
of service or request smuggling.
calibre-7.17.0-3.fc40
Fix fonts for < f41 releases.
Upgrade to latest upstream release to fix 4 CVE’s and enable new hardware
Posted by Jeffrey Walton on Aug 24
There’s no difference between sending the password or Hash(password)
at the client. It is similar to (but weaker than) HTTP digest
authentication.
There’s nothing to see here.
Jeff
Posted by David Brown via Fulldisclosure on Aug 24
Title
=====
SCHUTZWERK-SA-2024-004: Buffer overread in U-Boot DHCP
Status
======
PUBLISHED
Version
=======
1.0
CVE reference
=============
CVE-2024-42040
Link
====
https://www.schutzwerk.com/advisories/schutzwerk-sa-2024-004/
Text-only version:
https://www.schutzwerk.com/advisories/SCHUTZWERK-SA-2024-004.txt
Affected products/vendor
========================
Das U-Boot, https://docs.u-boot.org
Summary
=======
Das U-Boot (U-Boot) is a…
calibre-7.17.0-2.fc40
Upgrade to latest upstream release to fix 4 CVE’s and enable new hardware
