12 hours 1 minute ago
FEDORA-2024-d652859efb
Packages in this update:
- golang-gvisor-20240408.0-1.20240418git9e5a99b.fc38
Update description:
Update golang-gvisor to 20240408.0
12 hours 2 minutes ago
FEDORA-2024-9cc0e0c63e
Packages in this update:
- golang-gvisor-20240408.0-1.20240418git9e5a99b.fc39
Update description:
Update golang-gvisor to 20240408.0
12 hours 2 minutes ago
FEDORA-2024-80e062d21a
Packages in this update:
- golang-gvisor-20240408.0-1.20240418git9e5a99b.fc40
Update description:
Update golang-gvisor to 20240408.0
19 hours 37 minutes ago
FEDORA-2024-6ec4e78241
Packages in this update:
- python-reportlab-4.2.0-1.fc39
Update description:
19 hours 37 minutes ago
FEDORA-2024-dc844d0669
Packages in this update:
- python-reportlab-4.2.0-1.fc40
Update description:
19 hours 40 minutes ago
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- JFS file system;
- BPF subsystem;
- Netfilter;
(CVE-2023-52600, CVE-2024-26589, CVE-2024-26591, CVE-2024-26581,
CVE-2023-52603)
19 hours 53 minutes ago
Daniele Antonioli discovered that the Secure Simple Pairing and Secure
Connections pairing in the Bluetooth protocol could allow an
unauthenticated user to complete authentication without pairing
credentials. A physically proximate attacker placed between two Bluetooth
devices could use this to subsequently impersonate one of the paired
devices. (CVE-2023-24023)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- JFS file system;
- Netfilter;
(CVE-2024-26581, CVE-2023-52600, CVE-2023-52603)
20 hours 2 minutes ago
Daniele Antonioli discovered that the Secure Simple Pairing and Secure
Connections pairing in the Bluetooth protocol could allow an
unauthenticated user to complete authentication without pairing
credentials. A physically proximate attacker placed between two Bluetooth
devices could use this to subsequently impersonate one of the paired
devices. (CVE-2023-24023)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- JFS file system;
- BPF subsystem;
- Netfilter;
(CVE-2023-52603, CVE-2023-52600, CVE-2024-26581, CVE-2024-26589)
20 hours 11 minutes ago
Wei Chen discovered that a race condition existed in the TIPC protocol
implementation in the Linux kernel, leading to a null pointer dereference
vulnerability. A local attacker could use this to cause a denial of service
(system crash). (CVE-2023-1382)
It was discovered that the virtio network implementation in the Linux
kernel did not properly handle file references in the host, leading to a
use-after-free vulnerability. A local attacker could use this to cause a
denial of service (system crash) or possibly expose sensitive information
(kernel memory). (CVE-2023-1838)
Jose Oliveira and Rodrigo Branco discovered that the Spectre Variant 2
mitigations with prctl syscall were insufficient in some situations. A
local attacker could possibly use this to expose sensitive information.
(CVE-2023-1998)
Daniele Antonioli discovered that the Secure Simple Pairing and Secure
Connections pairing in the Bluetooth protocol could allow an
unauthenticated user to complete authentication without pairing
credentials. A physically proximate attacker placed between two Bluetooth
devices could use this to subsequently impersonate one of the paired
devices. (CVE-2023-24023)
shanzhulig discovered that the DRM subsystem in the Linux kernel contained
a race condition when performing certain operation while handling driver
unload, leading to a use-after-free vulnerability. A local attacker could
use this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2023-51043)
It was discovered that a race condition existed in the Bluetooth subsystem
of the Linux kernel, leading to a use-after-free vulnerability. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2023-51779)
It was discovered that the device mapper driver in the Linux kernel did not
properly validate target size during certain memory allocations. A local
attacker could use this to cause a denial of service (system crash).
(CVE-2023-52429, CVE-2024-23851)
Zhenghan Wang discovered that the generic ID allocator implementation in
the Linux kernel did not properly check for null bitmap when releasing IDs.
A local attacker could use this to cause a denial of service (system
crash). (CVE-2023-6915)
It was discovered that the SCTP protocol implementation in the Linux kernel
contained a race condition when handling lock acquisition in certain
situations. A local attacker could possibly use this to cause a denial of
service (kernel deadlock). (CVE-2024-0639)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Architecture specifics;
- EDAC drivers;
- Media drivers;
- JFS file system;
(CVE-2023-52603, CVE-2023-52464, CVE-2023-52600, CVE-2023-52445,
CVE-2023-52451)
20 hours 21 minutes ago
It was discovered that a race condition existed in the instruction emulator
of the Linux kernel on Arm 64-bit systems. A local attacker could use this
to cause a denial of service (system crash). (CVE-2022-20422)
Wei Chen discovered that a race condition existed in the TIPC protocol
implementation in the Linux kernel, leading to a null pointer dereference
vulnerability. A local attacker could use this to cause a denial of service
(system crash). (CVE-2023-1382)
Jose Oliveira and Rodrigo Branco discovered that the Spectre Variant 2
mitigations with prctl syscall were insufficient in some situations. A
local attacker could possibly use this to expose sensitive information.
(CVE-2023-1998)
Daniele Antonioli discovered that the Secure Simple Pairing and Secure
Connections pairing in the Bluetooth protocol could allow an
unauthenticated user to complete authentication without pairing
credentials. A physically proximate attacker placed between two Bluetooth
devices could use this to subsequently impersonate one of the paired
devices. (CVE-2023-24023)
shanzhulig discovered that the DRM subsystem in the Linux kernel contained
a race condition when performing certain operation while handling driver
unload, leading to a use-after-free vulnerability. A local attacker could
use this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2023-51043)
It was discovered that a race condition existed in the Bluetooth subsystem
of the Linux kernel, leading to a use-after-free vulnerability. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2023-51779)
It was discovered that the device mapper driver in the Linux kernel did not
properly validate target size during certain memory allocations. A local
attacker could use this to cause a denial of service (system crash).
(CVE-2023-52429, CVE-2024-23851)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Architecture specifics;
- ACPI drivers;
- I2C subsystem;
- Media drivers;
- JFS file system;
- IPv4 Networking;
- Open vSwitch;
(CVE-2021-46966, CVE-2021-46936, CVE-2023-52451, CVE-2019-25162,
CVE-2023-52445, CVE-2023-52600, CVE-2021-46990, CVE-2021-46955,
CVE-2023-52603)
23 hours 55 minutes ago
FEDORA-2024-c8d21fe399
Packages in this update:
Update description:
Update to 1.15.8
Fix CVE-2024-32462
1 day 1 hour ago
FEDORA-2024-43ea98691e
Packages in this update:
Update description:
Update to 1.15.8
Fixes CVE-2024-32462
1 day 3 hours ago
Version:next-20240419 (linux-next)
Released:2024-04-19
1 day 5 hours ago
1 day 5 hours ago
1 day 11 hours ago
FEDORA-2024-5d8f4f86b0
Packages in this update:
- chromium-124.0.6367.60-1.fc38
Update description:
update to 124.0.6367.60
- High CVE-2024-3832: Object corruption in V8
- High CVE-2024-3833: Object corruption in WebAssembly
- High CVE-2024-3914: Use after free in V8
- High CVE-2024-3834: Use after free in Downloads
- Medium CVE-2024-3837: Use after free in QUIC
- Medium CVE-2024-3838: Inappropriate implementation in Autofill
- Medium CVE-2024-3839: Out of bounds read in Fonts
- Medium CVE-2024-3840: Insufficient policy enforcement in Site Isolation
- Medium CVE-2024-3841: Insufficient data validation in Browser Switcher
- Medium CVE-2024-3843: Insufficient data validation in Downloads
- Low CVE-2024-3844: Inappropriate implementation in Extensions
- Low CVE-2024-3845: Inappropriate implementation in Network
- Low CVE-2024-3846: Inappropriate implementation in Prompts
- Low CVE-2024-3847: Insufficient policy enforcement in WebUI
1 day 11 hours ago
FEDORA-2024-12edb9dec8
Packages in this update:
- chromium-124.0.6367.60-1.fc39
Update description:
update to 124.0.6367.60
- High CVE-2024-3832: Object corruption in V8
- High CVE-2024-3833: Object corruption in WebAssembly
- High CVE-2024-3914: Use after free in V8
- High CVE-2024-3834: Use after free in Downloads
- Medium CVE-2024-3837: Use after free in QUIC
- Medium CVE-2024-3838: Inappropriate implementation in Autofill
- Medium CVE-2024-3839: Out of bounds read in Fonts
- Medium CVE-2024-3840: Insufficient policy enforcement in Site Isolation
- Medium CVE-2024-3841: Insufficient data validation in Browser Switcher
- Medium CVE-2024-3843: Insufficient data validation in Downloads
- Low CVE-2024-3844: Inappropriate implementation in Extensions
- Low CVE-2024-3845: Inappropriate implementation in Network
- Low CVE-2024-3846: Inappropriate implementation in Prompts
- Low CVE-2024-3847: Insufficient policy enforcement in WebUI
1 day 20 hours ago
FEDORA-2024-73644489ec
Packages in this update:
Update description:
Update to 3.7 (rhbz#2274439), security fix for CVE-2024-3651
1 day 20 hours ago
FEDORA-2024-9176fdb518
Packages in this update:
Update description:
Update to 3.7 (rhbz#2274439), security fix for CVE-2024-3651
1 day 21 hours ago
Charles Fol discovered that the GNU C Library iconv feature incorrectly
handled certain input sequences. An attacker could use this issue to cause
the GNU C Library to crash, resulting in a denial of service, or possibly
execute arbitrary code.