Aggregator

USN-7179-1: Linux kernel vulnerabilities

2 days 13 hours ago
Andy Nguyen discovered that the Bluetooth L2CAP implementation in the Linux kernel contained a type-confusion error. A physically proximate remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-12351) Andy Nguyen discovered that the Bluetooth A2MP implementation in the Linux kernel did not properly initialize memory in some situations. A physically proximate remote attacker could use this to expose sensitive information (kernel memory). (CVE-2020-12352) Andy Nguyen discovered that the Bluetooth HCI event packet parser in the Linux kernel did not properly handle event advertisements of certain sizes, leading to a heap-based buffer overflow. A physically proximate remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-24490) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - GPU drivers; - Media drivers; - Network drivers; - SMB network file system; - Bluetooth subsystem; - Amateur Radio drivers; - Network traffic control; - VMware vSockets driver; (CVE-2024-43904, CVE-2024-35963, CVE-2024-35967, CVE-2024-40973, CVE-2024-26822, CVE-2024-35965, CVE-2024-40910, CVE-2024-38553, CVE-2024-53057, CVE-2024-50264, CVE-2024-35966)

USN-7173-2: Linux kernel vulnerabilities

2 days 13 hours ago
Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer dereference. A local attacker could possibly trigger this vulnerability to cause a denial of service. (CVE-2022-38096) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - GPU drivers; - Network drivers; - SCSI subsystem; - Ext4 file system; - Bluetooth subsystem; - Memory management; - Amateur Radio drivers; - Network traffic control; - Sun RPC protocol; - VMware vSockets driver; (CVE-2023-52821, CVE-2024-40910, CVE-2024-43892, CVE-2024-49967, CVE-2024-50264, CVE-2024-36952, CVE-2024-38553, CVE-2021-47101, CVE-2021-47001, CVE-2024-35965, CVE-2024-35963, CVE-2024-35966, CVE-2024-35967, CVE-2024-53057, CVE-2024-38597)

swiftlint-0.57.1-1.fc42

2 days 20 hours ago
FEDORA-2024-87d30b4fbf Packages in this update:
  • swiftlint-0.57.1-1.fc42
Update description:

Automatic update for swiftlint-0.57.1-1.fc42.

Changelog * Fri Dec 20 2024 Davide Cavalca <dcavalca@fedoraproject.org> - 0.57.1-1 - Update to 0.57.1; Fixes: RHBZ#2280939, RHBZ#2301323, RHBZ#2280426, RHBZ#2280433, RHBZ#2280449, RHBZ#2280455, RHBZ#2280469, RHBZ#2280475, RHBZ#2280487, RHBZ#2302835, RHBZ#2307674 * Sat Jul 20 2024 Fedora Release Engineering <releng@fedoraproject.org> - 0.53.0-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild

USN-7166-3: Linux kernel (HWE) vulnerabilities

2 days 20 hours ago
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM32 architecture; - RISC-V architecture; - S390 architecture; - x86 architecture; - Block layer subsystem; - ACPI drivers; - Drivers core; - ATA over ethernet (AOE) driver; - TPM device driver; - Clock framework and drivers; - Buffer Sharing and Synchronization framework; - EFI core; - GPIO subsystem; - GPU drivers; - HID subsystem; - I2C subsystem; - InfiniBand drivers; - Input Device core drivers; - Mailbox framework; - Media drivers; - Ethernet bonding driver; - Network drivers; - Mellanox network drivers; - Microsoft Azure Network Adapter (MANA) driver; - STMicroelectronics network drivers; - NTB driver; - Virtio pmem driver; - PCI subsystem; - x86 platform drivers; - S/390 drivers; - SCSI subsystem; - SPI subsystem; - Thermal drivers; - USB Device Class drivers; - USB Type-C Port Controller Manager driver; - VFIO drivers; - Virtio Host (VHOST) subsystem; - Framebuffer layer; - 9P distributed file system; - BTRFS file system; - Ceph distributed file system; - File systems infrastructure; - Ext4 file system; - F2FS file system; - GFS2 file system; - JFS file system; - Network file system (NFS) client; - Network file system (NFS) server daemon; - NILFS2 file system; - Network file system (NFS) superblock; - Bluetooth subsystem; - Network traffic control; - Network sockets; - TCP network protocol; - BPF subsystem; - Perf events; - Kernel thread helper (kthread); - Padata parallel execution mechanism; - Arbitrary resource management; - Static call mechanism; - Tracing infrastructure; - Memory management; - Ethernet bridge; - CAN network layer; - Networking core; - IPv4 networking; - IPv6 networking; - MAC80211 subsystem; - Multipath TCP; - Netfilter; - Netlink; - SCTP protocol; - TIPC protocol; - SELinux security module; - Simplified Mandatory Access Control Kernel framework; - AudioScience HPI driver; - Amlogic Meson SoC drivers; - USB sound devices; (CVE-2024-49944, CVE-2024-49907, CVE-2024-50062, CVE-2024-36893, CVE-2024-49985, CVE-2024-49903, CVE-2024-49886, CVE-2024-50180, CVE-2024-47757, CVE-2024-49938, CVE-2024-49902, CVE-2024-47709, CVE-2024-49884, CVE-2024-49967, CVE-2024-49977, CVE-2024-47734, CVE-2024-49954, CVE-2024-49963, CVE-2024-47747, CVE-2024-50008, CVE-2024-47696, CVE-2024-50038, CVE-2024-46695, CVE-2024-47705, CVE-2024-49957, CVE-2024-38538, CVE-2024-50019, CVE-2024-38544, CVE-2024-50003, CVE-2024-50095, CVE-2024-50000, CVE-2024-49981, CVE-2024-49863, CVE-2024-47710, CVE-2024-49983, CVE-2024-26947, CVE-2024-46852, CVE-2024-49871, CVE-2024-49936, CVE-2024-47720, CVE-2024-49881, CVE-2024-47672, CVE-2024-50040, CVE-2024-49997, CVE-2024-50044, CVE-2023-52532, CVE-2024-47740, CVE-2024-44942, CVE-2024-49948, CVE-2023-52621, CVE-2024-49959, CVE-2024-47718, CVE-2024-50188, CVE-2024-47699, CVE-2024-47756, CVE-2024-47723, CVE-2024-46849, CVE-2024-50035, CVE-2024-50189, CVE-2024-47684, CVE-2024-49900, CVE-2024-50024, CVE-2024-49851, CVE-2024-49860, CVE-2024-49924, CVE-2024-49946, CVE-2024-44940, CVE-2023-52904, CVE-2024-47679, CVE-2024-47748, CVE-2023-52917, CVE-2024-47735, CVE-2024-46858, CVE-2024-35904, CVE-2024-47673, CVE-2024-49878, CVE-2024-47739, CVE-2024-49973, CVE-2024-49935, CVE-2024-49875, CVE-2024-49896, CVE-2024-47690, CVE-2024-50007, CVE-2024-49933, CVE-2024-49958, CVE-2024-49913, CVE-2024-49883, CVE-2024-47742, CVE-2024-41016, CVE-2024-50002, CVE-2024-49969, CVE-2024-46853, CVE-2024-50031, CVE-2024-47698, CVE-2024-47749, CVE-2024-50059, CVE-2024-49966, CVE-2024-50093, CVE-2024-27072, CVE-2024-50186, CVE-2024-49895, CVE-2024-38632, CVE-2024-49995, CVE-2024-38545, CVE-2024-38667, CVE-2024-36968, CVE-2024-49952, CVE-2024-50001, CVE-2024-47697, CVE-2024-50045, CVE-2024-49856, CVE-2024-49852, CVE-2024-47712, CVE-2023-52639, CVE-2024-49975, CVE-2024-42158, CVE-2024-49962, CVE-2024-50181, CVE-2024-42156, CVE-2024-46855, CVE-2024-47693, CVE-2024-47670, CVE-2024-47706, CVE-2024-50184, CVE-2024-49965, CVE-2024-39463, CVE-2024-50191, CVE-2024-49866, CVE-2024-49890, CVE-2024-49877, CVE-2024-49879, CVE-2024-49927, CVE-2024-50039, CVE-2024-46859, CVE-2024-47674, CVE-2024-50096, CVE-2024-50013, CVE-2024-46854, CVE-2024-49868, CVE-2024-49882, CVE-2024-47671, CVE-2024-50179, CVE-2024-44931, CVE-2024-50046, CVE-2024-50006, CVE-2024-49892, CVE-2024-49949, CVE-2024-42079, CVE-2024-46865, CVE-2024-47692, CVE-2024-47713, CVE-2024-47701, CVE-2024-49889, CVE-2024-49894, CVE-2024-50015, CVE-2024-49858, CVE-2024-49955, CVE-2024-49867, CVE-2024-35951, CVE-2024-50033, CVE-2024-49982, CVE-2024-47695, CVE-2024-50049, CVE-2024-49930, CVE-2024-50041, CVE-2024-47737, CVE-2024-47685)

USN-7159-4: Linux kernel (IoT) vulnerabilities

2 days 21 hours ago
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM32 architecture; - ARM64 architecture; - S390 architecture; - x86 architecture; - Power management core; - GPU drivers; - InfiniBand drivers; - Network drivers; - S/390 drivers; - TTY drivers; - BTRFS file system; - EROFS file system; - F2FS file system; - File systems infrastructure; - BPF subsystem; - Socket messages infrastructure; - Bluetooth subsystem; - Ethernet bridge; - Networking core; - IPv4 networking; - SELinux security module; (CVE-2022-48938, CVE-2024-42156, CVE-2024-36953, CVE-2024-38538, CVE-2021-47501, CVE-2024-42068, CVE-2024-26947, CVE-2024-46724, CVE-2024-36968, CVE-2023-52497, CVE-2024-35951, CVE-2023-52488, CVE-2024-44940, CVE-2022-48733, CVE-2023-52498, CVE-2022-48943, CVE-2024-35904, CVE-2024-42077, CVE-2024-36938, CVE-2023-52639, CVE-2024-42240, CVE-2024-44942, CVE-2021-47076)

chromium-131.0.6778.204-1.el8

3 days 2 hours ago
FEDORA-EPEL-2024-c27d1a40bc Packages in this update:
  • chromium-131.0.6778.204-1.el8
Update description:

Update to 131.0.6778.204

  • High CVE-2024-12692: Type Confusion in V8
  • High CVE-2024-12693: Out of bounds memory access in V8
  • High CVE-2024-12694: Use after free in Compositing
  • High CVE-2024-12695: Out of bounds write in V8

chromium-131.0.6778.204-1.el10_0

3 days 2 hours ago
FEDORA-EPEL-2024-b98ed0b39c Packages in this update:
  • chromium-131.0.6778.204-1.el10_0
Update description:

Update to 131.0.6778.204

  • High CVE-2024-12692: Type Confusion in V8
  • High CVE-2024-12693: Out of bounds memory access in V8
  • High CVE-2024-12694: Use after free in Compositing
  • High CVE-2024-12695: Out of bounds write in V8

chromium-131.0.6778.204-1.fc41

3 days 2 hours ago
FEDORA-2024-21c7531146 Packages in this update:
  • chromium-131.0.6778.204-1.fc41
Update description:

Update to 131.0.6778.204

  • High CVE-2024-12692: Type Confusion in V8
  • High CVE-2024-12693: Out of bounds memory access in V8
  • High CVE-2024-12694: Use after free in Compositing
  • High CVE-2024-12695: Out of bounds write in V8

chromium-131.0.6778.204-1.fc40

3 days 2 hours ago
FEDORA-2024-4808dce926 Packages in this update:
  • chromium-131.0.6778.204-1.fc40
Update description:

Update to 131.0.6778.204

  • High CVE-2024-12692: Type Confusion in V8
  • High CVE-2024-12693: Out of bounds memory access in V8
  • High CVE-2024-12694: Use after free in Compositing
  • High CVE-2024-12695: Out of bounds write in V8

chromium-131.0.6778.204-1.el9

3 days 2 hours ago
FEDORA-EPEL-2024-74ea1d7890 Packages in this update:
  • chromium-131.0.6778.204-1.el9
Update description:

Update to 131.0.6778.204

  • High CVE-2024-12692: Type Confusion in V8
  • High CVE-2024-12693: Out of bounds memory access in V8
  • High CVE-2024-12694: Use after free in Compositing
  • High CVE-2024-12695: Out of bounds write in V8

USN-7178-1: DPDK vulnerability

3 days 19 hours ago
It was discovered that DPDK incorrectly handled the Vhost library checksum offload feature. An malicious guest could possibly use this issue to cause the hypervisor's vSwitch to crash, resulting in a denial of service.