Aggregator

chromium-122.0.6261.128-1.el9

1 hour 29 minutes ago
FEDORA-EPEL-2024-879bfd3d5b Packages in this update:
  • chromium-122.0.6261.128-1.el9
Update description:

upstream security release 122.0.6261.128

  • High CVE-2024-2400: Use after free in Performance Manager

chromium-122.0.6261.128-1.el8

1 hour 29 minutes ago
FEDORA-EPEL-2024-f653e0bbf9 Packages in this update:
  • chromium-122.0.6261.128-1.el8
Update description:

upstream security release 122.0.6261.128

  • High CVE-2024-2400: Use after free in Performance Manager

chromium-122.0.6261.128-1.el7

1 hour 29 minutes ago
FEDORA-EPEL-2024-6e2c9aa156 Packages in this update:
  • chromium-122.0.6261.128-1.el7
Update description:

upstream security release 122.0.6261.128

  • High CVE-2024-2400: Use after free in Performance Manager

USN-6700-1: Linux kernel vulnerabilities

9 hours 46 minutes ago
It was discovered that the Layer 2 Tunneling Protocol (L2TP) implementation in the Linux kernel contained a race condition when releasing PPPoL2TP sockets in certain conditions, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-20567) It was discovered that the ext4 file system implementation in the Linux kernel did not properly handle block device modification while it is mounted. A privileged attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2023-34256) Eric Dumazet discovered that the netfilter subsystem in the Linux kernel did not properly handle DCCP conntrack buffers in certain situations, leading to an out-of-bounds read vulnerability. An attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2023-39197) It was discovered that a race condition existed in the AppleTalk networking subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-51781) It was discovered that the ext4 file system implementation in the Linux kernel did not properly handle the remount operation in certain cases, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2024-0775) Notselwyn discovered that the netfilter subsystem in the Linux kernel did not properly handle verdict parameters in certain cases, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2024-1086) It was discovered that a race condition existed in the SCSI Emulex LightPulse Fibre Channel driver in the Linux kernel when unregistering FCF and re-scanning an HBA FCF table, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2024-24855)

USN-6701-1: Linux kernel vulnerabilities

10 hours ago
Ruihan Li discovered that the bluetooth subsystem in the Linux kernel did not properly perform permissions checks when handling HCI sockets. A physically proximate attacker could use this to cause a denial of service (bluetooth communication). (CVE-2023-2002) It was discovered that the NVIDIA Tegra XUSB pad controller driver in the Linux kernel did not properly handle return values in certain error conditions. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-23000) It was discovered that Spectre-BHB mitigations were missing for Ampere processors. A local attacker could potentially use this to expose sensitive information. (CVE-2023-3006) It was discovered that the ext4 file system implementation in the Linux kernel did not properly handle block device modification while it is mounted. A privileged attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2023-34256) Eric Dumazet discovered that the netfilter subsystem in the Linux kernel did not properly handle DCCP conntrack buffers in certain situations, leading to an out-of-bounds read vulnerability. An attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2023-39197) It was discovered that the Siano USB MDTV receiver device driver in the Linux kernel did not properly handle device initialization failures in certain situations, leading to a use-after-free vulnerability. A physically proximate attacker could use this cause a denial of service (system crash). (CVE-2023-4132) Pratyush Yadav discovered that the Xen network backend implementation in the Linux kernel did not properly handle zero length data request, leading to a null pointer dereference vulnerability. An attacker in a guest VM could possibly use this to cause a denial of service (host domain crash). (CVE-2023-46838) It was discovered that a race condition existed in the AppleTalk networking subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-51781) Alon Zahavi discovered that the NVMe-oF/TCP subsystem of the Linux kernel did not properly handle connect command payloads in certain situations, leading to an out-of-bounds read vulnerability. A remote attacker could use this to expose sensitive information (kernel memory). (CVE-2023-6121) It was discovered that the ext4 file system implementation in the Linux kernel did not properly handle the remount operation in certain cases, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2024-0775) Notselwyn discovered that the netfilter subsystem in the Linux kernel did not properly handle verdict parameters in certain cases, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2024-1086) It was discovered that a race condition existed in the SCSI Emulex LightPulse Fibre Channel driver in the Linux kernel when unregistering FCF and re-scanning an HBA FCF table, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2024-24855)

w3m-0.5.3-63.git20230121.el7

10 hours 33 minutes ago
FEDORA-EPEL-2024-5253d48b14 Packages in this update:
  • w3m-0.5.3-63.git20230121.el7
Update description:
  • Added upstream patch to fix out-of-bounds access due to multiple backspaces to address incomplete fix for CVE-2022-38223 (#2222775, #2222780, #2255207)

w3m-0.5.3-63.git20230121.el9

10 hours 33 minutes ago
FEDORA-EPEL-2024-0398ebbbfa Packages in this update:
  • w3m-0.5.3-63.git20230121.el9
Update description:
  • Added upstream patch to fix out-of-bounds access due to multiple backspaces to address incomplete fix for CVE-2022-38223 (#2222775, #2222780, #2255207)

w3m-0.5.3-63.git20230121.el8

10 hours 33 minutes ago
FEDORA-EPEL-2024-bf31852fe0 Packages in this update:
  • w3m-0.5.3-63.git20230121.el8
Update description:
  • Added upstream patch to fix out-of-bounds access due to multiple backspaces to address incomplete fix for CVE-2022-38223 (#2222775, #2222780, #2255207)

w3m-0.5.3-63.git20230121.fc40

10 hours 35 minutes ago
FEDORA-2024-aeb75f8b5b Packages in this update:
  • w3m-0.5.3-63.git20230121.fc40
Update description:
  • Added upstream patch to fix out-of-bounds access due to multiple backspaces to address incomplete fix for CVE-2022-38223 (#2222775, #2222780, #2255207)

w3m-0.5.3-63.git20230121.fc38

10 hours 35 minutes ago
FEDORA-2024-38c2261ca0 Packages in this update:
  • w3m-0.5.3-63.git20230121.fc38
Update description:
  • Added upstream patch to fix out-of-bounds access due to multiple backspaces to address incomplete fix for CVE-2022-38223 (#2222775, #2222780, #2255207)

w3m-0.5.3-63.git20230121.fc39

10 hours 35 minutes ago
FEDORA-2024-3fc66f8bf3 Packages in this update:
  • w3m-0.5.3-63.git20230121.fc39
Update description:
  • Added upstream patch to fix out-of-bounds access due to multiple backspaces to address incomplete fix for CVE-2022-38223 (#2222775, #2222780, #2255207)

USN-6699-1: Linux kernel vulnerabilities

10 hours 36 minutes ago
Reima Ishii discovered that the nested KVM implementation for Intel x86 processors in the Linux kernel did not properly validate control registers in certain situations. An attacker in a guest VM could use this to cause a denial of service (guest crash). (CVE-2023-30456) It was discovered that the Quick Fair Queueing scheduler implementation in the Linux kernel did not properly handle network packets in certain conditions, leading to a use after free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-4921) It was discovered that a race condition existed in the SCSI Emulex LightPulse Fibre Channel driver in the Linux kernel when unregistering FCF and re-scanning an HBA FCF table, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2024-24855)

libreoffice-24.2.1.2-5.fc40

13 hours 8 minutes ago
FEDORA-2024-5f94556a31 Packages in this update:
  • libreoffice-24.2.1.2-5.fc40
Update description:

Patch for kf6/Qt6 scaling

Updated conditionals for kf* subpackages

24.2.1.2, include kf6.

USN-6697-1: Bash vulnerability

20 hours 43 minutes ago
It was discovered that Bash incorrectly handled certain memory operations when processing commands. If a user or automated system were tricked into running a specially crafted bash file, a remote attacker could use this issue to cause Bash to crash, resulting in a denial of service, or possibly execute arbitrary code.