[SECURITY] Fedora 40 Update: javacc-7.0.13-5.fc40

Java Compiler Compiler JavaCC is the most popular parser generator for use with Java applications. A parser generator is a tool that reads a grammar specification and converts it to a Java program that can recognize matches to the grammar. In addition to the parser generator itself, JavaCC provid...

[SECURITY] Fedora 40 Update: frysk-0.4-94.fc40

Frysk is an execution-analysis technology implemented using native Java and C++. It is aimed at providing developers and sysadmins with the ability to both examine and analyze running multi-host, multi-process, multi-threaded systems. Frysk allows the monitoring of running processes and threads, ...

[SECURITY] Fedora 40 Update: bsh-2.1.0-12.fc40

BeanShell is a small, free, embeddable, Java source interpreter with object scripting language features, written in Java. BeanShell executes standard Java statements and expressions, in addition to obvious scripting commands and syntax. BeanShell supports scripted objects as simple method closure...

cups: heap buffer overflow may lead to DoS

A flaw was found in the Cups package. A buffer overflow vulnerability in the |formatlogline| function could allow remote attackers to cause a denial of service. Exploitation is only possible when the configuration file, cupsd.conf, has the value of loglevel set to DEBUG...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: inet: fully convert sk-skrxdst to RCU rules syzbot reported various issues around early demux, one being included in this changelog 1 sk-skrxdst is using RCU protection without clearly documenting it. And following sequences in...

CVE-2021-47103 inet: fully convert sk->sk_rx_dst to RCU rules

In the Linux kernel, the following vulnerability has been resolved: inet: fully convert sk-skrxdst to RCU rules syzbot reported various issues around early demux, one being included in this changelog 1 sk-skrxdst is using RCU protection without clearly documenting it. And following sequences in...

DEBIAN-CVE-2023-52516

In the Linux kernel, the following vulnerability has been resolved: dma-debug: don't call dmaentryalloccheckleak under freeentrieslock dmaentryalloccheckleak calls into printk - serial console output qcom geni and grabs port-lock under freeentrieslock spin lock, which is a reverse locking...

Potential leakage of Sentry auth tokens by React Native SDK with Expo plugin

Impact SDK versions between and including 5.16.0 and 5.19.0 allowed Sentry auth tokens to be set in the optional authToken configuration parameter, for debugging purposes. Doing so would result in the auth token being built into the application bundle, and therefore the auth token could be...

CVE-2021-46990

CVE-2021-46990 affects powerpc/64s in the Linux kernel. The vulnerability arises from runtime patching of entry flush mitigations via a debugfs entry (entry_flush), which can be unsafe when CPUs are active, potentially causing a crash due to an LR restore issue. The fixed vulnerability patches ar...

CVE-2021-46957

In the Linux kernel, the following vulnerability has been resolved: riscv/kprobe: fix kernel panic when invoking sysread traced by kprobe The execution of sysread end up hitting a BUGON in findgetblock after installing kprobe at sysread, the BUG message like the following: 65.708663 ------------...

CVE-2021-46910

CVE-2021-46910 relates to the Linux kernel’s kmap_local(): when CONFIG_DEBUG_KMAP_LOCAL=y, per-CPU fixmap slots are doubled, causing the fixmap region to grow downwards and potentially collide with the virtual DT mapping. The documented impact is a local exploit path leading to kernel instability...

CVE-2021-46910 ARM: 9063/1: mm: reduce maximum number of CPUs if DEBUG_KMAP_LOCAL is enabled

In the Linux kernel, the following vulnerability has been resolved: ARM: 9063/1: mm: reduce maximum number of CPUs if DEBUGKMAPLOCAL is enabled The debugging code for kmaplocal doubles the number of per-CPU fixmap slots allocated for kmaplocal, in order to use half of them as guard regions. This...

CVE-2021-46910

In the Linux kernel, the following vulnerability has been resolved: ARM: 9063/1: mm: reduce maximum number of CPUs if DEBUGKMAPLOCAL is enabled The debugging code for kmaplocal doubles the number of per-CPU fixmap slots allocated for kmaplocal, in order to use half of them as guard regions. This...

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the debugging code of kmaplocal doubling the number of per-CPU repair mapping slots allocated to kmaplocal s...

CVE-2024-27350

Amazon Fire OS 7 before 7.6.6.9 and 8 before 8.1.0.3 allows Fire TV applications to establish local ADB Android Debug Bridge connections. NOTE: some third parties dispute whether this has security relevance, because an ADB connection is only possible after the non-default ADB Debugging option is...

Design/Logic Flaw

Amazon Fire OS 7 before 7.6.6.9 and 8 before 8.1.0.3 allows Fire TV applications to establish local ADB Android Debug Bridge connections. NOTE: some third parties dispute whether this has security relevance, because an ADB connection is only possible after the non-default ADB Debugging option is...

CVE-2024-27350

Amazon Fire OS 7 before 7.6.6.9 and 8 before 8.1.0.3 allows Fire TV applications to establish local ADB Android Debug Bridge connections. NOTE: some third parties dispute whether this has security relevance, because an ADB connection is only possible after the non-default ADB Debugging option is...

PT-2024-21841 · Amazon · Amazon Fire Os

Name of the Vulnerable Software and Affected Versions: Amazon Fire OS versions 7.0.0 through 7.6.6.8 Amazon Fire OS versions 8.0.0 through 8.1.0.2 Description: The issue allows Fire TV applications to establish local ADB Android Debug Bridge connections. This is only possible after the non-defaul...

Heap overflow

In wolfSSL prior to 5.6.6, if callback functions are enabled via the WOLFSSLCALLBACKS flag, then a malicious TLS client or network attacker can trigger a buffer over-read on the heap of 5 bytes WOLFSSLCALLBACKS is only intended for debugging...

CVE-2023-6936 Heap-buffer over-read with WOLFSSL_CALLBACKS

In wolfSSL prior to 5.6.6, if callback functions are enabled via the WOLFSSLCALLBACKS flag, then a malicious TLS client or network attacker can trigger a buffer over-read on the heap of 5 bytes WOLFSSLCALLBACKS is only intended for debugging...