52 minutes 56 seconds ago
FEDORA-2024-113454b56b
Packages in this update:
Update description:
52 minutes 56 seconds ago
FEDORA-2024-cd3a64f43b
Packages in this update:
Update description:
52 minutes 58 seconds ago
FEDORA-2024-7e71e9eaba
Packages in this update:
Update description:
1 hour 29 minutes ago
FEDORA-EPEL-2024-879bfd3d5b
Packages in this update:
- chromium-122.0.6261.128-1.el9
Update description:
upstream security release 122.0.6261.128
- High CVE-2024-2400: Use after free in Performance Manager
1 hour 29 minutes ago
FEDORA-EPEL-2024-f653e0bbf9
Packages in this update:
- chromium-122.0.6261.128-1.el8
Update description:
upstream security release 122.0.6261.128
- High CVE-2024-2400: Use after free in Performance Manager
1 hour 29 minutes ago
FEDORA-EPEL-2024-6e2c9aa156
Packages in this update:
- chromium-122.0.6261.128-1.el7
Update description:
upstream security release 122.0.6261.128
- High CVE-2024-2400: Use after free in Performance Manager
7 hours 56 minutes ago
Version:next-20240319 (linux-next)
Released:2024-03-19
9 hours 46 minutes ago
It was discovered that the Layer 2 Tunneling Protocol (L2TP) implementation
in the Linux kernel contained a race condition when releasing PPPoL2TP
sockets in certain conditions, leading to a use-after-free vulnerability.
A local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2022-20567)
It was discovered that the ext4 file system implementation in the Linux
kernel did not properly handle block device modification while it is
mounted. A privileged attacker could use this to cause a denial of service
(system crash) or possibly expose sensitive information. (CVE-2023-34256)
Eric Dumazet discovered that the netfilter subsystem in the Linux kernel
did not properly handle DCCP conntrack buffers in certain situations,
leading to an out-of-bounds read vulnerability. An attacker could possibly
use this to expose sensitive information (kernel memory). (CVE-2023-39197)
It was discovered that a race condition existed in the AppleTalk networking
subsystem of the Linux kernel, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2023-51781)
It was discovered that the ext4 file system implementation in the Linux
kernel did not properly handle the remount operation in certain cases,
leading to a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or possibly expose sensitive
information. (CVE-2024-0775)
Notselwyn discovered that the netfilter subsystem in the Linux kernel did
not properly handle verdict parameters in certain cases, leading to a use-
after-free vulnerability. A local attacker could use this to cause a denial
of service (system crash) or possibly execute arbitrary code.
(CVE-2024-1086)
It was discovered that a race condition existed in the SCSI Emulex
LightPulse Fibre Channel driver in the Linux kernel when unregistering FCF
and re-scanning an HBA FCF table, leading to a null pointer dereference
vulnerability. A local attacker could use this to cause a denial of service
(system crash). (CVE-2024-24855)
10 hours ago
Ruihan Li discovered that the bluetooth subsystem in the Linux kernel did
not properly perform permissions checks when handling HCI sockets. A
physically proximate attacker could use this to cause a denial of service
(bluetooth communication). (CVE-2023-2002)
It was discovered that the NVIDIA Tegra XUSB pad controller driver in the
Linux kernel did not properly handle return values in certain error
conditions. A local attacker could use this to cause a denial of service
(system crash). (CVE-2023-23000)
It was discovered that Spectre-BHB mitigations were missing for Ampere
processors. A local attacker could potentially use this to expose sensitive
information. (CVE-2023-3006)
It was discovered that the ext4 file system implementation in the Linux
kernel did not properly handle block device modification while it is
mounted. A privileged attacker could use this to cause a denial of service
(system crash) or possibly expose sensitive information. (CVE-2023-34256)
Eric Dumazet discovered that the netfilter subsystem in the Linux kernel
did not properly handle DCCP conntrack buffers in certain situations,
leading to an out-of-bounds read vulnerability. An attacker could possibly
use this to expose sensitive information (kernel memory). (CVE-2023-39197)
It was discovered that the Siano USB MDTV receiver device driver in the
Linux kernel did not properly handle device initialization failures in
certain situations, leading to a use-after-free vulnerability. A physically
proximate attacker could use this cause a denial of service (system crash).
(CVE-2023-4132)
Pratyush Yadav discovered that the Xen network backend implementation in
the Linux kernel did not properly handle zero length data request, leading
to a null pointer dereference vulnerability. An attacker in a guest VM
could possibly use this to cause a denial of service (host domain crash).
(CVE-2023-46838)
It was discovered that a race condition existed in the AppleTalk networking
subsystem of the Linux kernel, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2023-51781)
Alon Zahavi discovered that the NVMe-oF/TCP subsystem of the Linux kernel
did not properly handle connect command payloads in certain situations,
leading to an out-of-bounds read vulnerability. A remote attacker could use
this to expose sensitive information (kernel memory). (CVE-2023-6121)
It was discovered that the ext4 file system implementation in the Linux
kernel did not properly handle the remount operation in certain cases,
leading to a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or possibly expose sensitive
information. (CVE-2024-0775)
Notselwyn discovered that the netfilter subsystem in the Linux kernel did
not properly handle verdict parameters in certain cases, leading to a use-
after-free vulnerability. A local attacker could use this to cause a denial
of service (system crash) or possibly execute arbitrary code.
(CVE-2024-1086)
It was discovered that a race condition existed in the SCSI Emulex
LightPulse Fibre Channel driver in the Linux kernel when unregistering FCF
and re-scanning an HBA FCF table, leading to a null pointer dereference
vulnerability. A local attacker could use this to cause a denial of service
(system crash). (CVE-2024-24855)
10 hours 33 minutes ago
FEDORA-EPEL-2024-5253d48b14
Packages in this update:
- w3m-0.5.3-63.git20230121.el7
Update description:
- Added upstream patch to fix out-of-bounds access due to multiple backspaces to address incomplete fix for CVE-2022-38223 (#2222775, #2222780, #2255207)
10 hours 33 minutes ago
FEDORA-EPEL-2024-0398ebbbfa
Packages in this update:
- w3m-0.5.3-63.git20230121.el9
Update description:
- Added upstream patch to fix out-of-bounds access due to multiple backspaces to address incomplete fix for CVE-2022-38223 (#2222775, #2222780, #2255207)
10 hours 33 minutes ago
FEDORA-EPEL-2024-bf31852fe0
Packages in this update:
- w3m-0.5.3-63.git20230121.el8
Update description:
- Added upstream patch to fix out-of-bounds access due to multiple backspaces to address incomplete fix for CVE-2022-38223 (#2222775, #2222780, #2255207)
10 hours 35 minutes ago
FEDORA-2024-aeb75f8b5b
Packages in this update:
- w3m-0.5.3-63.git20230121.fc40
Update description:
- Added upstream patch to fix out-of-bounds access due to multiple backspaces to address incomplete fix for CVE-2022-38223 (#2222775, #2222780, #2255207)
10 hours 35 minutes ago
FEDORA-2024-38c2261ca0
Packages in this update:
- w3m-0.5.3-63.git20230121.fc38
Update description:
- Added upstream patch to fix out-of-bounds access due to multiple backspaces to address incomplete fix for CVE-2022-38223 (#2222775, #2222780, #2255207)
10 hours 35 minutes ago
FEDORA-2024-3fc66f8bf3
Packages in this update:
- w3m-0.5.3-63.git20230121.fc39
Update description:
- Added upstream patch to fix out-of-bounds access due to multiple backspaces to address incomplete fix for CVE-2022-38223 (#2222775, #2222780, #2255207)
10 hours 36 minutes ago
Reima Ishii discovered that the nested KVM implementation for Intel x86
processors in the Linux kernel did not properly validate control registers
in certain situations. An attacker in a guest VM could use this to cause a
denial of service (guest crash). (CVE-2023-30456)
It was discovered that the Quick Fair Queueing scheduler implementation in
the Linux kernel did not properly handle network packets in certain
conditions, leading to a use after free vulnerability. A local attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2023-4921)
It was discovered that a race condition existed in the SCSI Emulex
LightPulse Fibre Channel driver in the Linux kernel when unregistering FCF
and re-scanning an HBA FCF table, leading to a null pointer dereference
vulnerability. A local attacker could use this to cause a denial of service
(system crash). (CVE-2024-24855)
13 hours 8 minutes ago
FEDORA-2024-5f94556a31
Packages in this update:
- libreoffice-24.2.1.2-5.fc40
Update description:
Patch for kf6/Qt6 scaling
Updated conditionals for kf* subpackages
24.2.1.2, include kf6.
16 hours 55 minutes ago
Zhen Zhou discovered that Vim did not properly manage memory. An
attacker could possibly use this issue to cause a denial of service
18 hours 7 minutes ago
FEDORA-2024-ed884c3203
Packages in this update:
- postgresql-jdbc-42.7.3-1.fc40
Update description:
This rebase fixes CVE-2024-1597.
20 hours 43 minutes ago
It was discovered that Bash incorrectly handled certain memory operations
when processing commands. If a user or automated system were tricked into
running a specially crafted bash file, a remote attacker could use this
issue to cause Bash to crash, resulting in a denial of service, or possibly
execute arbitrary code.