electron32 -- multiple vulnerabilities

Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2024-7966. Security: backported fix for CVE-2024-9370...

CVE-2024-49997 net: ethernet: lantiq_etop: fix memory disclosure

In the Linux kernel, the following vulnerability has been resolved: net: ethernet: lantiqetop: fix memory disclosure When applying padding, the buffer is not zeroed, which results in memory disclosure. The mentioned data is observed on the wire. This patch uses skbputpadto to pad Ethernet frames...

OPENSUSE-SU-2024:0329-1 Security update for seamonkey

This update for seamonkey fixes the following issues: update to SeaMonkey 2.53.19: Cancel button in SeaMonkey bookmarking star ui not working bug 1872623. Remove OfflineAppCacheHelper.jsm copy from SeaMonkey and use the one in toolkit bug 1896292. Remove obsolete registerFactoryLocation calls fro...

PT-2024-40549 · Mozilla · Seamonkey

Name of the Vulnerable Software and Affected Versions: SeaMonkey versions prior to 2.53.19 Description: The issue concerns a security vulnerability in SeaMonkey. It is mentioned that SeaMonkey 2.53.19 contains relevant Firefox 60.8 security fixes and shares most parts of the mail and news code wi...

Low: Red Hat Security Advisory: Security update for service-interconnect rhel9 container images

Updated service-interconnect container images are now available for Service Interconnect 1 for RHEL 9. Users of service-interconnect rhel9 container images are advised to upgrade to these updated images, which contain backported patches to correct security issues and fix bugs. Users of these imag...

Moderate: Red Hat Bug Fix Advisory: updated el8/flatpak-sdk container image

Updated el8/flatpak-sdk container image is now available for Red Hat Enterprise Linux 8. The el8/flatpak-sdk container image has been updated for Red Hat Enterprise Linux 8 to address the following security advisory: RHSA-2024:7000 see References Users of el8/flatpak-sdk container images are...

Low: Red Hat Security Advisory: Updated service-interconnect rhel9 container images for 1.4 LTS

Updated service-interconnect container images are now available for Service Interconnect 1.4 LTS for RHEL 9. Users of service-interconnect 1.4 LTS rhel9 container images are advised to upgrade to these updated images, which contain backported patches to correct security issues and fix bugs. Users...

CVE-2024-42321 net: flow_dissector: use DEBUG_NET_WARN_ON_ONCE

In the Linux kernel, the following vulnerability has been resolved: net: flowdissector: use DEBUGNETWARNONONCE The following splat is easy to reproduce upstream as well as in -stable kernels. Florian Westphal provided the following commit: d1dab4f71d37 "net: add and use skbgethashsymmetricnet" bu...

Moderate: Red Hat Bug Fix Advisory: updated el8/flatpak-sdk container image

Updated el8/flatpak-sdk container image is now available for Red Hat Enterprise Linux 8. The el8/flatpak-sdk container image has been updated for Red Hat Enterprise Linux 8 to address the following security advisory: RHSA-2024:5101 see References Users of el8/flatpak-sdk container images are...

CVE-2024-40725

A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local...

electron29 -- multiple vulnerabilities

Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2024-6291. Security: backported fix for CVE-2024-6293. Security: backported fix for CVE-2024-6290. Security: backported fix for CVE-2024-6292...

AZL-44796 CVE-2024-34702 affecting package botan2 2.14.0-2

Botan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit encoding of the parameters. Prior to 3.5.0 and 2.19.5, checking name constraints in X.509 certificates is quadratic in the number of names and name constraints...

Moderate: Red Hat Security Advisory: Red Hat build of Cryostat 3.0.0: new RHEL 8 container image security update

New Red Hat build of Cryostat 3.0.0 on RHEL 8 container images are now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

AZL-42808 CVE-2024-37890 affecting package reaper for versions less than 3.1.1-10

ws is an open source WebSocket client and server for Node.js. A request with a number of headers exceeding theserver.maxHeadersCount threshold could be used to crash a ws server. The vulnerability was fixed in [email protected] e55e510 and backported to [email protected] 22c2876, [email protected] eeb76d3, and [email protected]...

rpm-ostree security update

2024.3-3 - Backport https://github.com/coreos/rpm-ostree/security/advisories/GHSA-2m76-cwhg-7wv6 Resolves: RHEL-31852 2024.3-2 - Backport https://github.com/coreos/rpm-ostree/security/advisories/GHSA-2m76-cwhg-7wv6 Resolves: RHEL-31852...

electron29 -- use after free in Dawn

Electron developers report: This update fixes the following vulnerability: Security: backported fix for CVE-2024-4948...

FOSUserBundle Entropy is lost in the TokenGenerator

Description Because of the usage of baseconvert which looses precision for large inputs, the entropy of tokens generated by FOSUserBundle for the email confirmation and password resetting is lost. This makes these tokens much less random than they are expected to be, and so not cryptographically...

electron29 -- multiple vulnerabilities

Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2024-3914. Security: backported fix for CVE-2024-4558...

glib: Timeout in fuzz_variant_text

A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect gli...

electron{27,28,29} -- multiple vulnerabilities

Electron develpers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2024-3515. Security: backported fix for CVE-2024-3516. Security: backported fix for CVE-2024-3157. Security: backported fix for CVE-2024-1580...