Aggregator

Fabian Bäumer, Marcus Brinkmann, and Jörg Schwenk discovered that LXD incorrectly handled the handshake phase and the use of sequence numbers in SSH Binary Packet Protocol (BPP). If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to bypass integrity checks.

Hugo van Kemenade discovered that Pillow was not properly performing bounds checks when processing an ICC file, which could lead to a buffer overflow. If a user or automated system were tricked into processing a specially crafted ICC file, an attacker could possibly use this issue to cause a denial of service or execute arbitrary code.

FEDORA-2024-4e850a0f86 Packages in this update:

• sssd-2.9.4-7.fc41

Update description:

Automatic update for sssd-2.9.4-7.fc41.

Changelog * Fri Apr 19 2024 Pavel Březina <pbrezina@redhat.com> - 2.9.4-7 - Fix CVE-2023-3758 (rhbz#2275905)

FEDORA-2024-3798818c82 Packages in this update:

• sssd-2.9.4-7.fc40

Update description:

Fix CVE-2023-3758 https://bugzilla.redhat.com/show_bug.cgi?id=2275905

FEDORA-2024-78240de990 Packages in this update:

• sssd-2.9.4-2.fc39

Update description:

Fix CVE-2023-3758 https://bugzilla.redhat.com/show_bug.cgi?id=2275905

FEDORA-2024-44602bead8 Packages in this update:

• sssd-2.9.4-2.fc38

Update description:

Fix CVE-2023-3758 https://bugzilla.redhat.com/show_bug.cgi?id=2275905

Version:next-20240422 (linux-next) Released:2024-04-22

FEDORA-2024-c27e97ca79 Packages in this update:

• nextcloud-28.0.3-1.fc38

Update description:

• update to 28.0.3
• fix CVE-2024-22403

Version:6.9-rc5 (mainline) Released:2024-04-21 Source:linux-6.9-rc5.tar.gz Patch:full (incremental)

FEDORA-EPEL-2024-2bf39e0ba4 Packages in this update:

• chromium-124.0.6367.60-1.el9

Update description:

update to 124.0.6367.60

• High CVE-2024-3832: Object corruption in V8
• High CVE-2024-3833: Object corruption in WebAssembly
• High CVE-2024-3914: Use after free in V8
• High CVE-2024-3834: Use after free in Downloads
• Medium CVE-2024-3837: Use after free in QUIC
• Medium CVE-2024-3838: Inappropriate implementation in Autofill
• Medium CVE-2024-3839: Out of bounds read in Fonts
• Medium CVE-2024-3840: Insufficient policy enforcement in Site Isolation
• Medium CVE-2024-3841: Insufficient data validation in Browser Switcher
• Medium CVE-2024-3843: Insufficient data validation in Downloads
• Low CVE-2024-3844: Inappropriate implementation in Extensions
• Low CVE-2024-3845: Inappropriate implementation in Network
• Low CVE-2024-3846: Inappropriate implementation in Prompts
• Low CVE-2024-3847: Insufficient policy enforcement in WebUI

update to 123.0.6312.122

• High CVE-2024-3157: Out of bounds write in Compositing
• High CVE-2024-3516: Heap buffer overflow in ANGLE
• High CVE-2024-3515: Use after free in Dawn

FEDORA-2024-d652859efb Packages in this update:

• golang-gvisor-20240408.0-1.20240418git9e5a99b.fc38

Update description:

Update golang-gvisor to 20240408.0

FEDORA-2024-9cc0e0c63e Packages in this update:

• golang-gvisor-20240408.0-1.20240418git9e5a99b.fc39

Update description:

Update golang-gvisor to 20240408.0

FEDORA-2024-80e062d21a Packages in this update:

• golang-gvisor-20240408.0-1.20240418git9e5a99b.fc40

Update description:

Update golang-gvisor to 20240408.0

FEDORA-2024-6ec4e78241 Packages in this update:

• python-reportlab-4.2.0-1.fc39

Update description:

• Release 4.2.0

FEDORA-2024-dc844d0669 Packages in this update:

• python-reportlab-4.2.0-1.fc40

Update description:

• Release 4.2.0