Aggregator

glibc-2.37-19.fc38

Fedora Security Advisories
2 days 2 hours ago
FEDORA-2024-f7ae5df88d Packages in this update:
  • glibc-2.37-19.fc38
Update description:

This update includes several bug fixes from the upstream glibc release branch, including a fix for CVE-2024-2961.

glibc-2.38-18.fc39

Fedora Security Advisories
2 days 2 hours ago
FEDORA-2024-9be1b94714 Packages in this update:
  • glibc-2.38-18.fc39
Update description:

This update includes several bug fixes from the upstream glibc release branch, including a fix for CVE-2024-2961.

golang-github-prometheus-alertmanager-0.27.0-1.fc41

Fedora Security Advisories
2 days 3 hours ago
FEDORA-2024-8580c06716 Packages in this update:
  • golang-github-prometheus-alertmanager-0.27.0-1.fc41
Update description:

Automatic update for golang-github-prometheus-alertmanager-0.27.0-1.fc41.

Changelog * Thu Apr 18 2024 Mikel Olasagasti Uranga <mikel@olasagasti.info> - 0.27.0-1 - Update to 0.27.0 - Closes rhbz#2064711 rhbz#2248329 rhbz#2260773 rhbz#2261192 * Sun Feb 11 2024 Maxwell G <maxwell@gtmx.me> - 0.23.0-20 - Rebuild for golang 1.22.0 * Wed Jan 24 2024 Fedora Release Engineering <releng@fedoraproject.org> - 0.23.0-19 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Sat Jan 20 2024 Fedora Release Engineering <releng@fedoraproject.org> - 0.23.0-18 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Thu Jul 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 0.23.0-16 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild

USN-6729-2: Apache HTTP Server vulnerabilities

Ubuntu Security Advisories
2 days 21 hours ago
USN-6729-1 fixed several vulnerabilities in Apache. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: Orange Tsai discovered that the Apache HTTP Server incorrectly handled validating certain input. A remote attacker could possibly use this issue to perform HTTP request splitting attacks. (CVE-2023-38709) Keran Mu and Jianjun Chen discovered that the Apache HTTP Server incorrectly handled validating certain input. A remote attacker could possibly use this issue to perform HTTP request splitting attacks. (CVE-2024-24795) Bartek Nowotarski discovered that the Apache HTTP Server HTTP/2 module incorrectly handled endless continuation frames. A remote attacker could possibly use this issue to cause the server to consume resources, leading to a denial of service. This issue was addressed only in Ubuntu 18.04 LTS. (CVE-2024-27316)

USN-6726-3: Linux kernel (Xilinx ZynqMP) vulnerabilities

Ubuntu Security Advisories
2 days 23 hours ago
Pratyush Yadav discovered that the Xen network backend implementation in the Linux kernel did not properly handle zero length data request, leading to a null pointer dereference vulnerability. An attacker in a guest VM could possibly use this to cause a denial of service (host domain crash). (CVE-2023-46838) It was discovered that the IPv6 implementation of the Linux kernel did not properly manage route cache memory usage. A remote attacker could use this to cause a denial of service (memory exhaustion). (CVE-2023-52340) It was discovered that the device mapper driver in the Linux kernel did not properly validate target size during certain memory allocations. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-52429, CVE-2024-23851) Dan Carpenter discovered that the netfilter subsystem in the Linux kernel did not store data in properly sized memory locations. A local user could use this to cause a denial of service (system crash). (CVE-2024-0607) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Architecture specifics; - Cryptographic API; - Android drivers; - EDAC drivers; - GPU drivers; - Media drivers; - MTD block device drivers; - Network drivers; - NVME drivers; - TTY drivers; - Userspace I/O drivers; - F2FS file system; - GFS2 file system; - IPv6 Networking; - AppArmor security module; (CVE-2023-52464, CVE-2023-52448, CVE-2023-52457, CVE-2023-52443, CVE-2023-52439, CVE-2023-52612, CVE-2024-26633, CVE-2024-26597, CVE-2023-52449, CVE-2023-52444, CVE-2023-52609, CVE-2023-52469, CVE-2023-52445, CVE-2023-52451, CVE-2023-52470, CVE-2023-52454, CVE-2023-52436, CVE-2023-52438)