2 hours ago
FEDORA-2024-6ec4e78241
Packages in this update:
- python-reportlab-4.2.0-1.fc39
Update description:
2 hours ago
FEDORA-2024-dc844d0669
Packages in this update:
- python-reportlab-4.2.0-1.fc40
Update description:
2 hours 3 minutes ago
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- JFS file system;
- BPF subsystem;
- Netfilter;
(CVE-2023-52600, CVE-2024-26589, CVE-2024-26591, CVE-2024-26581,
CVE-2023-52603)
2 hours 15 minutes ago
Daniele Antonioli discovered that the Secure Simple Pairing and Secure
Connections pairing in the Bluetooth protocol could allow an
unauthenticated user to complete authentication without pairing
credentials. A physically proximate attacker placed between two Bluetooth
devices could use this to subsequently impersonate one of the paired
devices. (CVE-2023-24023)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- JFS file system;
- Netfilter;
(CVE-2024-26581, CVE-2023-52600, CVE-2023-52603)
2 hours 24 minutes ago
Daniele Antonioli discovered that the Secure Simple Pairing and Secure
Connections pairing in the Bluetooth protocol could allow an
unauthenticated user to complete authentication without pairing
credentials. A physically proximate attacker placed between two Bluetooth
devices could use this to subsequently impersonate one of the paired
devices. (CVE-2023-24023)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- JFS file system;
- BPF subsystem;
- Netfilter;
(CVE-2023-52603, CVE-2023-52600, CVE-2024-26581, CVE-2024-26589)
2 hours 34 minutes ago
Wei Chen discovered that a race condition existed in the TIPC protocol
implementation in the Linux kernel, leading to a null pointer dereference
vulnerability. A local attacker could use this to cause a denial of service
(system crash). (CVE-2023-1382)
It was discovered that the virtio network implementation in the Linux
kernel did not properly handle file references in the host, leading to a
use-after-free vulnerability. A local attacker could use this to cause a
denial of service (system crash) or possibly expose sensitive information
(kernel memory). (CVE-2023-1838)
Jose Oliveira and Rodrigo Branco discovered that the Spectre Variant 2
mitigations with prctl syscall were insufficient in some situations. A
local attacker could possibly use this to expose sensitive information.
(CVE-2023-1998)
Daniele Antonioli discovered that the Secure Simple Pairing and Secure
Connections pairing in the Bluetooth protocol could allow an
unauthenticated user to complete authentication without pairing
credentials. A physically proximate attacker placed between two Bluetooth
devices could use this to subsequently impersonate one of the paired
devices. (CVE-2023-24023)
shanzhulig discovered that the DRM subsystem in the Linux kernel contained
a race condition when performing certain operation while handling driver
unload, leading to a use-after-free vulnerability. A local attacker could
use this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2023-51043)
It was discovered that a race condition existed in the Bluetooth subsystem
of the Linux kernel, leading to a use-after-free vulnerability. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2023-51779)
It was discovered that the device mapper driver in the Linux kernel did not
properly validate target size during certain memory allocations. A local
attacker could use this to cause a denial of service (system crash).
(CVE-2023-52429, CVE-2024-23851)
Zhenghan Wang discovered that the generic ID allocator implementation in
the Linux kernel did not properly check for null bitmap when releasing IDs.
A local attacker could use this to cause a denial of service (system
crash). (CVE-2023-6915)
It was discovered that the SCTP protocol implementation in the Linux kernel
contained a race condition when handling lock acquisition in certain
situations. A local attacker could possibly use this to cause a denial of
service (kernel deadlock). (CVE-2024-0639)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Architecture specifics;
- EDAC drivers;
- Media drivers;
- JFS file system;
(CVE-2023-52603, CVE-2023-52464, CVE-2023-52600, CVE-2023-52445,
CVE-2023-52451)
2 hours 43 minutes ago
It was discovered that a race condition existed in the instruction emulator
of the Linux kernel on Arm 64-bit systems. A local attacker could use this
to cause a denial of service (system crash). (CVE-2022-20422)
Wei Chen discovered that a race condition existed in the TIPC protocol
implementation in the Linux kernel, leading to a null pointer dereference
vulnerability. A local attacker could use this to cause a denial of service
(system crash). (CVE-2023-1382)
Jose Oliveira and Rodrigo Branco discovered that the Spectre Variant 2
mitigations with prctl syscall were insufficient in some situations. A
local attacker could possibly use this to expose sensitive information.
(CVE-2023-1998)
Daniele Antonioli discovered that the Secure Simple Pairing and Secure
Connections pairing in the Bluetooth protocol could allow an
unauthenticated user to complete authentication without pairing
credentials. A physically proximate attacker placed between two Bluetooth
devices could use this to subsequently impersonate one of the paired
devices. (CVE-2023-24023)
shanzhulig discovered that the DRM subsystem in the Linux kernel contained
a race condition when performing certain operation while handling driver
unload, leading to a use-after-free vulnerability. A local attacker could
use this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2023-51043)
It was discovered that a race condition existed in the Bluetooth subsystem
of the Linux kernel, leading to a use-after-free vulnerability. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2023-51779)
It was discovered that the device mapper driver in the Linux kernel did not
properly validate target size during certain memory allocations. A local
attacker could use this to cause a denial of service (system crash).
(CVE-2023-52429, CVE-2024-23851)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Architecture specifics;
- ACPI drivers;
- I2C subsystem;
- Media drivers;
- JFS file system;
- IPv4 Networking;
- Open vSwitch;
(CVE-2021-46966, CVE-2021-46936, CVE-2023-52451, CVE-2019-25162,
CVE-2023-52445, CVE-2023-52600, CVE-2021-46990, CVE-2021-46955,
CVE-2023-52603)
6 hours 17 minutes ago
FEDORA-2024-c8d21fe399
Packages in this update:
Update description:
Update to 1.15.8
Fix CVE-2024-32462
7 hours 27 minutes ago
FEDORA-2024-43ea98691e
Packages in this update:
Update description:
Update to 1.15.8
Fixes CVE-2024-32462
9 hours 58 minutes ago
Version:next-20240419 (linux-next)
Released:2024-04-19
17 hours 33 minutes ago
FEDORA-2024-5d8f4f86b0
Packages in this update:
- chromium-124.0.6367.60-1.fc38
Update description:
update to 124.0.6367.60
- High CVE-2024-3832: Object corruption in V8
- High CVE-2024-3833: Object corruption in WebAssembly
- High CVE-2024-3914: Use after free in V8
- High CVE-2024-3834: Use after free in Downloads
- Medium CVE-2024-3837: Use after free in QUIC
- Medium CVE-2024-3838: Inappropriate implementation in Autofill
- Medium CVE-2024-3839: Out of bounds read in Fonts
- Medium CVE-2024-3840: Insufficient policy enforcement in Site Isolation
- Medium CVE-2024-3841: Insufficient data validation in Browser Switcher
- Medium CVE-2024-3843: Insufficient data validation in Downloads
- Low CVE-2024-3844: Inappropriate implementation in Extensions
- Low CVE-2024-3845: Inappropriate implementation in Network
- Low CVE-2024-3846: Inappropriate implementation in Prompts
- Low CVE-2024-3847: Insufficient policy enforcement in WebUI
17 hours 33 minutes ago
FEDORA-2024-12edb9dec8
Packages in this update:
- chromium-124.0.6367.60-1.fc39
Update description:
update to 124.0.6367.60
- High CVE-2024-3832: Object corruption in V8
- High CVE-2024-3833: Object corruption in WebAssembly
- High CVE-2024-3914: Use after free in V8
- High CVE-2024-3834: Use after free in Downloads
- Medium CVE-2024-3837: Use after free in QUIC
- Medium CVE-2024-3838: Inappropriate implementation in Autofill
- Medium CVE-2024-3839: Out of bounds read in Fonts
- Medium CVE-2024-3840: Insufficient policy enforcement in Site Isolation
- Medium CVE-2024-3841: Insufficient data validation in Browser Switcher
- Medium CVE-2024-3843: Insufficient data validation in Downloads
- Low CVE-2024-3844: Inappropriate implementation in Extensions
- Low CVE-2024-3845: Inappropriate implementation in Network
- Low CVE-2024-3846: Inappropriate implementation in Prompts
- Low CVE-2024-3847: Insufficient policy enforcement in WebUI
1 day 2 hours ago
FEDORA-2024-73644489ec
Packages in this update:
Update description:
Update to 3.7 (rhbz#2274439), security fix for CVE-2024-3651
1 day 3 hours ago
FEDORA-2024-9176fdb518
Packages in this update:
Update description:
Update to 3.7 (rhbz#2274439), security fix for CVE-2024-3651
1 day 4 hours ago
Charles Fol discovered that the GNU C Library iconv feature incorrectly
handled certain input sequences. An attacker could use this issue to cause
the GNU C Library to crash, resulting in a denial of service, or possibly
execute arbitrary code.
1 day 5 hours ago
FEDORA-2024-f7ae5df88d
Packages in this update:
Update description:
This update includes several bug fixes from the upstream glibc release branch, including a fix for CVE-2024-2961.
1 day 5 hours ago
FEDORA-2024-9be1b94714
Packages in this update:
Update description:
This update includes several bug fixes from the upstream glibc release branch, including a fix for CVE-2024-2961.
1 day 6 hours ago
FEDORA-2024-098b5d9719
Packages in this update:
Update description:
Update to 3.7 (rhbz#2274439), security fix for CVE-2024-3651
1 day 6 hours ago
FEDORA-2024-9435d59fbd
Packages in this update:
- thunderbird-115.10.0-1.fc39
Update description:
Update to 115.10.0
1 day 6 hours ago
FEDORA-2024-3bf131ce13
Packages in this update:
- thunderbird-115.10.0-1.fc38
Update description:
Update to 115.10.0