FEDORA-2024-926631fe97
Packages in this update:
mingw-python3-3.11.9-1.fc40
Update description:
Update to python-3.11.9. Backport fix for CVE-2024-6923.
mingw-python3-3.11.9-1.fc40
Update to python-3.11.9. Backport fix for CVE-2024-6923.
mingw-python3-3.11.9-1.fc39
Update to python-3.11.9. Backport fix for CVE-2024-6923.
Several vulnerabilities were discovered in Apache Traffic Server,
a reverse and forward proxy server, which could result in denial
of service or request smuggling.
calibre-7.17.0-3.fc40
Fix fonts for < f41 releases.
Upgrade to latest upstream release to fix 4 CVE’s and enable new hardware
Posted by Jeffrey Walton on Aug 24
There’s no difference between sending the password or Hash(password)
at the client. It is similar to (but weaker than) HTTP digest
authentication.
There’s nothing to see here.
Jeff
Posted by David Brown via Fulldisclosure on Aug 24
Title
=====
SCHUTZWERK-SA-2024-004: Buffer overread in U-Boot DHCP
Status
======
PUBLISHED
Version
=======
1.0
CVE reference
=============
CVE-2024-42040
Link
====
https://www.schutzwerk.com/advisories/schutzwerk-sa-2024-004/
Text-only version:
https://www.schutzwerk.com/advisories/SCHUTZWERK-SA-2024-004.txt
Affected products/vendor
========================
Das U-Boot, https://docs.u-boot.org
Summary
=======
Das U-Boot (U-Boot) is a…
calibre-7.17.0-2.fc40
Upgrade to latest upstream release to fix 4 CVE’s and enable new hardware
Multiple vulnerabilities have been discovered in SolarWinds Web Help Desk (WHD), the most severe of which could allow for remote code execution. Web Help Desk (WHD) is a SolarWinds IT help desk solution. Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution in the context of the system. Depending on the privileges associated with the system, an attacker could then install programs; view, change, or delete data.
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– SuperH RISC architecture;
– User-Mode Linux (UML);
– MMC subsystem;
– Network drivers;
– GFS2 file system;
– IPv4 networking;
– IPv6 networking;
(CVE-2024-26921, CVE-2023-52629, CVE-2024-26680, CVE-2024-26830,
CVE-2024-39484, CVE-2024-39292, CVE-2024-36901, CVE-2023-52760)
Yuxuan Hu discovered that the Bluetooth RFCOMM protocol driver in the Linux
Kernel contained a race condition, leading to a NULL pointer dereference.
An attacker could possibly use this to cause a denial of service (system
crash). (CVE-2024-22099)
It was discovered that a race condition existed in the Bluetooth subsystem
in the Linux kernel, leading to a null pointer dereference vulnerability. A
privileged local attacker could use this to possibly cause a denial of
service (system crash). (CVE-2024-24860)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– SuperH RISC architecture;
– User-Mode Linux (UML);
– GPU drivers;
– MMC subsystem;
– Network drivers;
– PHY drivers;
– Pin controllers subsystem;
– Xen hypervisor drivers;
– GFS2 file system;
– Core kernel;
– Bluetooth subsystem;
– IPv4 networking;
– IPv6 networking;
– HD-audio driver;
– ALSA SH drivers;
(CVE-2024-26903, CVE-2024-35835, CVE-2023-52644, CVE-2024-39292,
CVE-2024-36940, CVE-2024-26600, CVE-2023-52629, CVE-2024-35955,
CVE-2023-52760, CVE-2023-52806, CVE-2024-39484, CVE-2024-26679,
CVE-2024-26654, CVE-2024-36901, CVE-2024-26687, CVE-2023-52470)