2 days 23 hours ago
Ruihan Li discovered that the bluetooth subsystem in the Linux kernel did
not properly perform permissions checks when handling HCI sockets. A
physically proximate attacker could use this to cause a denial of service
(bluetooth communication). (CVE-2023-2002)
It was discovered that the NVIDIA Tegra XUSB pad controller driver in the
Linux kernel did not properly handle return values in certain error
conditions. A local attacker could use this to cause a denial of service
(system crash). (CVE-2023-23000)
It was discovered that Spectre-BHB mitigations were missing for Ampere
processors. A local attacker could potentially use this to expose sensitive
information. (CVE-2023-3006)
It was discovered that the ext4 file system implementation in the Linux
kernel did not properly handle block device modification while it is
mounted. A privileged attacker could use this to cause a denial of service
(system crash) or possibly expose sensitive information. (CVE-2023-34256)
Eric Dumazet discovered that the netfilter subsystem in the Linux kernel
did not properly handle DCCP conntrack buffers in certain situations,
leading to an out-of-bounds read vulnerability. An attacker could possibly
use this to expose sensitive information (kernel memory). (CVE-2023-39197)
It was discovered that the Siano USB MDTV receiver device driver in the
Linux kernel did not properly handle device initialization failures in
certain situations, leading to a use-after-free vulnerability. A physically
proximate attacker could use this cause a denial of service (system crash).
(CVE-2023-4132)
Pratyush Yadav discovered that the Xen network backend implementation in
the Linux kernel did not properly handle zero length data request, leading
to a null pointer dereference vulnerability. An attacker in a guest VM
could possibly use this to cause a denial of service (host domain crash).
(CVE-2023-46838)
It was discovered that a race condition existed in the AppleTalk networking
subsystem of the Linux kernel, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2023-51781)
Alon Zahavi discovered that the NVMe-oF/TCP subsystem of the Linux kernel
did not properly handle connect command payloads in certain situations,
leading to an out-of-bounds read vulnerability. A remote attacker could use
this to expose sensitive information (kernel memory). (CVE-2023-6121)
It was discovered that the ext4 file system implementation in the Linux
kernel did not properly handle the remount operation in certain cases,
leading to a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or possibly expose sensitive
information. (CVE-2024-0775)
Notselwyn discovered that the netfilter subsystem in the Linux kernel did
not properly handle verdict parameters in certain cases, leading to a use-
after-free vulnerability. A local attacker could use this to cause a denial
of service (system crash) or possibly execute arbitrary code.
(CVE-2024-1086)
It was discovered that a race condition existed in the SCSI Emulex
LightPulse Fibre Channel driver in the Linux kernel when unregistering FCF
and re-scanning an HBA FCF table, leading to a null pointer dereference
vulnerability. A local attacker could use this to cause a denial of service
(system crash). (CVE-2024-24855)
3 days ago
It was discovered that the NVIDIA Tegra XUSB pad controller driver in the
Linux kernel did not properly handle return values in certain error
conditions. A local attacker could use this to cause a denial of service
(system crash). (CVE-2023-23000)
Quentin Minster discovered that the KSMBD implementation in the Linux
kernel did not properly handle session setup requests. A remote attacker
could possibly use this to cause a denial of service (memory exhaustion).
(CVE-2023-32247)
Lonial Con discovered that the netfilter subsystem in the Linux kernel did
not properly handle element deactivation in certain cases, leading to a
use-after-free vulnerability. A local attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2024-1085)
Notselwyn discovered that the netfilter subsystem in the Linux kernel did
not properly handle verdict parameters in certain cases, leading to a use-
after-free vulnerability. A local attacker could use this to cause a denial
of service (system crash) or possibly execute arbitrary code.
(CVE-2024-1086)
It was discovered that a race condition existed in the SCSI Emulex
LightPulse Fibre Channel driver in the Linux kernel when unregistering FCF
and re-scanning an HBA FCF table, leading to a null pointer dereference
vulnerability. A local attacker could use this to cause a denial of service
(system crash). (CVE-2024-24855)
3 days ago
Lonial Con discovered that the netfilter subsystem in the Linux kernel did
not properly handle element deactivation in certain cases, leading to a
use-after-free vulnerability. A local attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2024-1085)
Notselwyn discovered that the netfilter subsystem in the Linux kernel did
not properly handle verdict parameters in certain cases, leading to a use-
after-free vulnerability. A local attacker could use this to cause a denial
of service (system crash) or possibly execute arbitrary code.
(CVE-2024-1086)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Network drivers;
- PWM drivers;
(CVE-2024-26597, CVE-2024-26599)
3 days 1 hour ago
FEDORA-2024-53b69fdd40
Packages in this update:
Update description:
New upstream release 29.3, fixes rhbz#2271287
3 days 4 hours ago
FEDORA-2024-de10068888
Packages in this update:
Update description:
New upstream release 29.3, fixes rhbz#2271287
3 days 4 hours ago
FEDORA-2024-c28562640b
Packages in this update:
Update description:
New upstream release 29.3, fixes rhbz#2271287
3 days 8 hours ago
It was discovered that debmany in Debian Goodies incorrectly handled certain
deb files. An attacker could possibly use this issue to execute arbitrary shell
commands.
3 days 8 hours ago
FEDORA-2024-ff6a72d8e9
Packages in this update:
Update description:
2.6.0 - Security Update
BrainVisionMarker
BrainVision: proved parser and sanity checks
EGI
FAMOS: disabled, support can be enabled by setting BIOSIG_FAMOS_TRUST_INPUT=1
3 days 11 hours ago
It was discovered that QPDF incorrectly handled certain memory operations
when decoding JSON files. If a user or automated system were tricked into
processing a specially crafted JSON file, QPDF could be made to crash,
resulting in a denial of service, or possibly execute arbitrary code.
3 days 11 hours ago
It was discovered that Net::CIDR::Lite incorrectly handled extra zero
characters at the beginning of IP address strings. A remote attacker could
possibly use this issue to bypass access controls.
3 days 12 hours ago
Vincent Berg discovered that CRM shell incorrectly handled certain commands.
An local attacker could possibly use this issue to execute arbitrary code
via shell code injection to the crm history commandline.
3 days 21 hours ago
Version:next-20240325 (linux-next)
Released:2024-03-25
3 days 21 hours ago
Manfred Paul discovered that Firefox did not properly perform bounds
checking during range analysis, leading to an out-of-bounds write
vulnerability. A attacker could use this to cause a denial of service,
or execute arbitrary code. (CVE-2024-29943)
Manfred Paul discovered that Firefox incorrectly handled MessageManager
listeners under certain circumstances. An attacker who was able to inject
an event handler into a privileged object may have been able to execute
arbitrary code. (CVE-2024-29944)
4 days 2 hours ago
4 days 19 hours ago
4 days 19 hours ago
5 days 1 hour ago
FEDORA-EPEL-2024-3f86ec863a
Packages in this update:
- seamonkey-2.53.18.2-1.el7
Update description:
Update to 2.53.18.2
5 days 1 hour ago
FEDORA-EPEL-2024-8f366635a6
Packages in this update:
- seamonkey-2.53.18.2-1.el8
Update description:
Update to 2.53.18.2
5 days 1 hour ago
FEDORA-2024-ad50671f6c
Packages in this update:
- seamonkey-2.53.18.2-1.fc38
Update description:
Update to 2.53.18.2
5 days 1 hour ago
FEDORA-2024-8890015ff3
Packages in this update:
- seamonkey-2.53.18.2-1.fc39
Update description:
Update to 2.53.18.2