edk2:20240524 security update

20240524-6.0.1.el95.3 - edk2-OvmfPkg-Rerun-dispatcher-after-initializing-virtio-r.patch RHEL-58631 - Resolves: RHEL-58631 Regression HTTP Boot fails to work with edk2-ovmf-20231122-6.el94.2 and greater - edk2-OvmfPkg-ArmVirtPkg-Add-a-Fallback-RNG-RH-only.patch RHEL-66230 - Resolves: RHEL-66230...

DEBIAN-CVE-2024-56169

A validation integrity issue was discovered in Fort through 1.6.4 before 2.0.0. RPKI Relying Parties such as Fort are supposed to maintain a backup cache of the remote RPKI data. This can be employed as a fallback in case a new fetch fails or yields incorrect files. However, the product currently...

UBUNTU-CVE-2024-56169

A validation integrity issue was discovered in Fort through 1.6.4 before 2.0.0. RPKI Relying Parties such as Fort are supposed to maintain a backup cache of the remote RPKI data. This can be employed as a fallback in case a new fetch fails or yields incorrect files. However, the product currently...

PT-2024-36728 · Fort +1 · Fort +1

Name of the Vulnerable Software and Affected Versions: Fort versions 1.6.4 and earlier, up to but not including 2.0.0 Description: A validation integrity issue was discovered in the product. RPKI Relying Parties, such as Fort, are supposed to maintain a backup cache of the remote RPKI data, which...

CVE-2024-53259

CVE-2024-53259 affects the quic-go QUIC implementation. An off-path attacker can inject an ICMP Packet Too Large when IP_PMTUDISC_DO is used, causing the kernel to return a “message too large” error on sendmsg if a QUIC packet exceeds the MTU claimed in the ICMP message. This can disrupt a QUIC c...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: drm/amdgpu/mes: fixed the use-after-free issue. Deleted the fence fallback timer to fix the ramdom use-after-free issue. v2: moved to amdgpumes.c...

kernel: mptcp: ensure snd_una is properly initialized on connect

A vulnerability was found in the Linux kernel's match component in the initialization of the snduna variable while establishing a connection. The issue arises when retransmission occurs after a fallback, leaving the snduna sequence number uninitialized, leading to unpredictable behavior and...

kernel: mptcp: ensure snd_una is properly initialized on connect

A vulnerability was found in the Linux kernel's match component in the initialization of the snduna variable while establishing a connection. The issue arises when retransmission occurs after a fallback, leaving the snduna sequence number uninitialized, leading to unpredictable behavior and...

PT-2024-16572 · WordPress · Luna Radio Player

Name of the Vulnerable Software and Affected Versions: LUNA RADIO PLAYER plugin for WordPress versions up to, and including, 6.24.01.24 Description: The issue allows unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information, via the...

WordPress plugin LUNA RADIO PLAYER 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

kernel: igb: Fix string truncation warnings in igb_set_fw_version

In the Linux kernel, the following vulnerability has been resolved: igb: Fix string truncation warnings in igbsetfwversion Commit 1978d3ead82c "intel: fix string truncation warnings" fixes '-Wformat-truncation=' warnings in igbmain.c by using kasprintf...

Authentication Bypass

Overview djoser is a REST implementation of Django authentication system. Affected versions of this package are vulnerable to Authentication Bypass when the authenticate function fails. This is because the system falls back to querying the database directly, granting access to users with valid...

SUSE CVE-2024-50185

In the Linux kernel, the following vulnerability has been resolved: mptcp: handle consistently DSS corruption Bugged peer implementation can send corrupted DSS options, consistently hitting a few warning in the data path. Use DEBUGNET assertions, to avoid the splat on some builds and handle...

DEBIAN-CVE-2024-50185

In the Linux kernel, the following vulnerability has been resolved: mptcp: handle consistently DSS corruption Bugged peer implementation can send corrupted DSS options, consistently hitting a few warning in the data path. Use DEBUGNET assertions, to avoid the splat on some builds and handle...

UBUNTU-CVE-2024-50185

In the Linux kernel, the following vulnerability has been resolved: mptcp: handle consistently DSS corruption Bugged peer implementation can send corrupted DSS options, consistently hitting a few warning in the data path. Use DEBUGNET assertions, to avoid the splat on some builds and handle...

CVE-2024-50185 mptcp: handle consistently DSS corruption

In the Linux kernel, the following vulnerability has been resolved: mptcp: handle consistently DSS corruption Bugged peer implementation can send corrupted DSS options, consistently hitting a few warning in the data path. Use DEBUGNET assertions, to avoid the splat on some builds and handle...

Race Condition

Overview Affected versions of this package are vulnerable to Race Condition when the fallback socketpair implementation is used on platforms that lack native support and the vulnerable function does not properly authenticate the connected sockets. An attacker must be able to predict the address a...

kernel: mptcp: ensure snd_una is properly initialized on connect

A vulnerability was found in the Linux kernel's match component in the initialization of the snduna variable while establishing a connection. The issue arises when retransmission occurs after a fallback, leaving the snduna sequence number uninitialized, leading to unpredictable behavior and...

AZL-52029 CVE-2019-25219 affecting package asio for versions less than 1.31.0-1

Asio C++ Library before 1.13.0 lacks a fallback error code in the case of SSLERRORSYSCALL with no associated error information from the SSL library being used...

CVE-2019-25219

Asio C++ Library before 1.13.0 lacks a fallback error code in the case of SSLERRORSYSCALL with no associated error information from the SSL library being used...