Security Bulletin: IBM Cloud Pak for Data Scheduling is vulnerable to remote attack due to golang compiler ( CVE-2023-39326 )

Summary Golang compiler is used by IBM Cloud Pak for Data Scheduling to create the scheduler binaries. CVE-2023-39326 Vulnerability Details CVEID:CVE-2023-39326 DESCRIPTION: Golang Go could allow a remote attacker to obtain sensitive information, caused by a flaw in the net/http package. By sendi...

CVE-2024-28458

Null Pointer Dereference vulnerability in swfdump in swftools 0.9.2 allows attackers to crash the appliation via the function compileSWFActionCode in action/actioncompiler.c...

CLSA-2024-1712837462 Fix CVE(s): CVE-2024-1013

SECURITY UPDATE: Fix incompatible pointer-to-integer types - debian/patch/CVE-2024-1013.patch: PostgreSQL driver: Fix incompatible pointer-to-integer types. This change is required to avoid a build failure with GCC 14. - CVE-2024-1013...

AZL-39791 CVE-2024-31852 affecting package compiler-rt for versions less than 18.1.2-2

LLVM before 18.1.3 generates code in which the LR register can be overwritten without data being saved to the stack, and thus there can sometimes be an exploitable error in the flow of control. This affects the ARM backend and can be demonstrated with Clang. NOTE: the vendor perspective is "we...

AZL-39842 CVE-2024-31852 affecting package rust for versions less than 1.72.0-8

LLVM before 18.1.3 generates code in which the LR register can be overwritten without data being saved to the stack, and thus there can sometimes be an exploitable error in the flow of control. This affects the ARM backend and can be demonstrated with Clang. NOTE: the vendor perspective is "we...

CVE-2024-26799 ASoC: qcom: Fix uninitialized pointer dmactl

In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom: Fix uninitialized pointer dmactl In the case where lpassgetdmactlhandle is called and the driver id daiid is invalid the pointer dmactl is not being assigned a value, and dmactl contains a garbage value since it has n...

CVE-2024-26706

In the Linux kernel, the following vulnerability has been resolved: parisc: Fix random data corruption from exception handler The current exception handler implementation, which assists when accessing user space memory, may exhibit random data corruption if the compiler decides to use a different...

CVE-2024-26706

In the Linux kernel, the following vulnerability has been resolved: parisc: Fix random data corruption from exception handler The current exception handler implementation, which assists when accessing user space memory, may exhibit random data corruption if the compiler decides to use a different...

CVE-2024-26706

In the Linux kernel, the following vulnerability has been resolved: parisc: Fix random data corruption from exception handler The current exception handler implementation, which assists when accessing user space memory, may exhibit random data corruption if the compiler decides to use a different...

CVE-2024-26706 parisc: Fix random data corruption from exception handler

In the Linux kernel, the following vulnerability has been resolved: parisc: Fix random data corruption from exception handler The current exception handler implementation, which assists when accessing user space memory, may exhibit random data corruption if the compiler decides to use a different...

CVE-2024-26706 parisc: Fix random data corruption from exception handler

In the Linux kernel, the following vulnerability has been resolved: parisc: Fix random data corruption from exception handler The current exception handler implementation, which assists when accessing user space memory, may exhibit random data corruption if the compiler decides to use a different...

CVE-2024-26706

The CVE-2024-26706 entry documents a parisc Linux kernel vulnerability where random data corruption could occur in the exception handler when accessing user space memory if the compiler reuses a different register than the one defined for the error code. The fix extends the __ex_table by three wo...

[SECURITY] Fedora 39 Update: ghc-hakyll-4.16.2.0-4.fc39

Hakyll is a static website compiler library. It provides you with the tools to create a simple or advanced static website using a Haskell DSL and formats su ch as markdown or RST. You can find more information, including a tutorial, on t he website:...

[SECURITY] Fedora 40 Update: ghc-hakyll-4.16.2.0-4.fc40

Hakyll is a static website compiler library. It provides you with the tools to create a simple or advanced static website using a Haskell DSL and formats su ch as markdown or RST. You can find more information, including a tutorial, on t he website:...

OpenJDK: array out-of-bounds access due to missing range check in C1 compiler (8314468)

Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or...

Important: Red Hat Security Advisory: golang security update

An update for golang is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

ALSA-2024:1462 Important: golang security update

The golang packages provide the Go programming language compiler. Security Fixes: golang: golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads CVE-2024-1394...

Security Bulletin: IBM Cloud Pak for Data Scheduling is vulnerable to denial of service due to golang compiler ( CVE-2023-39325 )

Summary Golang compiler is used by IBM Cloud Pak for Data Scheduling as part of the build process for the scheduler binaries . CVE-2023-39325. Vulnerability Details CVEID:CVE-2023-39325 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by an uncontrolled resource consumption fla...

CVE-2024-23139

A maliciously crafted ABC file, when parsed through Autodesk FBX, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process...

Ubuntu: Security Advisory (USN-6696-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...