Aggregator

chromium-124.0.6367.60-1.fc38

Fedora Security Advisories
7 hours 16 minutes ago
FEDORA-2024-5d8f4f86b0 Packages in this update:
  • chromium-124.0.6367.60-1.fc38
Update description:

update to 124.0.6367.60

  • High CVE-2024-3832: Object corruption in V8
  • High CVE-2024-3833: Object corruption in WebAssembly
  • High CVE-2024-3914: Use after free in V8
  • High CVE-2024-3834: Use after free in Downloads
  • Medium CVE-2024-3837: Use after free in QUIC
  • Medium CVE-2024-3838: Inappropriate implementation in Autofill
  • Medium CVE-2024-3839: Out of bounds read in Fonts
  • Medium CVE-2024-3840: Insufficient policy enforcement in Site Isolation
  • Medium CVE-2024-3841: Insufficient data validation in Browser Switcher
  • Medium CVE-2024-3843: Insufficient data validation in Downloads
  • Low CVE-2024-3844: Inappropriate implementation in Extensions
  • Low CVE-2024-3845: Inappropriate implementation in Network
  • Low CVE-2024-3846: Inappropriate implementation in Prompts
  • Low CVE-2024-3847: Insufficient policy enforcement in WebUI

chromium-124.0.6367.60-1.fc39

Fedora Security Advisories
7 hours 16 minutes ago
FEDORA-2024-12edb9dec8 Packages in this update:
  • chromium-124.0.6367.60-1.fc39
Update description:

update to 124.0.6367.60

  • High CVE-2024-3832: Object corruption in V8
  • High CVE-2024-3833: Object corruption in WebAssembly
  • High CVE-2024-3914: Use after free in V8
  • High CVE-2024-3834: Use after free in Downloads
  • Medium CVE-2024-3837: Use after free in QUIC
  • Medium CVE-2024-3838: Inappropriate implementation in Autofill
  • Medium CVE-2024-3839: Out of bounds read in Fonts
  • Medium CVE-2024-3840: Insufficient policy enforcement in Site Isolation
  • Medium CVE-2024-3841: Insufficient data validation in Browser Switcher
  • Medium CVE-2024-3843: Insufficient data validation in Downloads
  • Low CVE-2024-3844: Inappropriate implementation in Extensions
  • Low CVE-2024-3845: Inappropriate implementation in Network
  • Low CVE-2024-3846: Inappropriate implementation in Prompts
  • Low CVE-2024-3847: Insufficient policy enforcement in WebUI

USN-6737-1: GNU C Library vulnerability

Ubuntu Security Advisories
17 hours 51 minutes ago
Charles Fol discovered that the GNU C Library iconv feature incorrectly handled certain input sequences. An attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code.

glibc-2.37-19.fc38

Fedora Security Advisories
19 hours 13 minutes ago
FEDORA-2024-f7ae5df88d Packages in this update:
  • glibc-2.37-19.fc38
Update description:

This update includes several bug fixes from the upstream glibc release branch, including a fix for CVE-2024-2961.

glibc-2.38-18.fc39

Fedora Security Advisories
19 hours 13 minutes ago
FEDORA-2024-9be1b94714 Packages in this update:
  • glibc-2.38-18.fc39
Update description:

This update includes several bug fixes from the upstream glibc release branch, including a fix for CVE-2024-2961.

golang-github-prometheus-alertmanager-0.27.0-1.fc41

Fedora Security Advisories
20 hours 53 minutes ago
FEDORA-2024-8580c06716 Packages in this update:
  • golang-github-prometheus-alertmanager-0.27.0-1.fc41
Update description:

Automatic update for golang-github-prometheus-alertmanager-0.27.0-1.fc41.

Changelog * Thu Apr 18 2024 Mikel Olasagasti Uranga <mikel@olasagasti.info> - 0.27.0-1 - Update to 0.27.0 - Closes rhbz#2064711 rhbz#2248329 rhbz#2260773 rhbz#2261192 * Sun Feb 11 2024 Maxwell G <maxwell@gtmx.me> - 0.23.0-20 - Rebuild for golang 1.22.0 * Wed Jan 24 2024 Fedora Release Engineering <releng@fedoraproject.org> - 0.23.0-19 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Sat Jan 20 2024 Fedora Release Engineering <releng@fedoraproject.org> - 0.23.0-18 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Thu Jul 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 0.23.0-16 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild

USN-6729-2: Apache HTTP Server vulnerabilities

Ubuntu Security Advisories
1 day 14 hours ago
USN-6729-1 fixed several vulnerabilities in Apache. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: Orange Tsai discovered that the Apache HTTP Server incorrectly handled validating certain input. A remote attacker could possibly use this issue to perform HTTP request splitting attacks. (CVE-2023-38709) Keran Mu and Jianjun Chen discovered that the Apache HTTP Server incorrectly handled validating certain input. A remote attacker could possibly use this issue to perform HTTP request splitting attacks. (CVE-2024-24795) Bartek Nowotarski discovered that the Apache HTTP Server HTTP/2 module incorrectly handled endless continuation frames. A remote attacker could possibly use this issue to cause the server to consume resources, leading to a denial of service. This issue was addressed only in Ubuntu 18.04 LTS. (CVE-2024-27316)