ALSA-2024:4720 Important: httpd:2.4 security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: Encoding problem in modproxy CVE-2024-38473 httpd: Substitution encoding issue in modrewrite CVE-2024-38474 httpd: Improper escaping of output in modrewrite CVE-2024-38475...

RHEL 8 : kernel (RHSA-2024:4731)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4731 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: GSM multiplexing race conditio...

CVE-2024-3176

CVE-2024-3176 affects Google Chrome with an out-of-bounds write in SwiftShader triggered by a crafted HTML page, enabling remote memory corruption. Chrome versions prior to 117.0.5938.62 are vulnerable; upgrade to 117.0.5938.62 or later to mitigate. Other connected sources corroborate the same Ch...

CVE-2023-7012

CVE-2023-7012 affects Google Chrome’s Permission Prompts due to insufficient data validation, potentially enabling a sandbox escape when a user runs a malicious app. Described for Chrome versions before 117.0.5938.62; exploitation requires user interaction and a malicious file. Astra Linux bullet...

CVE-2023-4860

CVE-2023-4860 affects Google Chrome (Skia) via an inappropriate Skia implementation in Chromium before 115.0.5790.98, allowing a remote attacker who has compromised the renderer process to potentially escape the sandbox by crafting an HTML page. The vulnerability is rooted in the Skia component a...

CVE-2023-7010

CVE-2023-7010 is a use-after-free vulnerability in WebRTC in Google Chrome, with impact described as potential heap corruption. The affected software is Google Chrome (WebRTC component); the concrete detail provided indicates exploitation could be remote via a crafted HTML page, and the vulnerabi...

CVE-2019-25154

The CVE-2019-25154 entry describes an Inappropriate implementation in iframe handling in Google Chrome prior to 77.0.3865.75, which could allow a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Affected software is Google Chrome (Chromium-based); the underlying is...

CVE-2024-3175

CVE-2024-3175 concerns insufficient data validation in the Chrome Extensions component, enabling privilege escalation via a crafted Chrome Extension. The primary documentation states vulnerable component as Extensions, with affected Chrome versions before 120.0.6099.62 (remediation: update to 120...

CVE-2024-3174

The CVE-2024-3174 entry describes an issue in Google Chrome/Chromium’s V8: an inappropriate implementation allowed remote attackers to potentially trigger object corruption via a crafted HTML page. Affected version set is before 119.0.6045.105 (Chromium), with High severity per NVD. The vulnerabi...

CVE-2024-3170

CVE-2024-3170 affects Google Chrome prior to 121.0.6167.85, where a Use-after-Free in WebRTC could allow a remote attacker to cause heap corruption via a crafted HTML page. The issue is in Chromium’s WebRTC handling and is addressed by updating Chrome to 121.0.6167.85 or later. Public exploits ex...

CVE-2024-3169

The CVE-2024-3169 issue affects Google Chrome (V8/Chromium) and is caused by a Use after free in V8, leading to potential heap corruption via a crafted HTML page. Affected software includes Google Chrome with V8, prior to 121.0.6167.139. Impact is high: remote attacker could potentially exploit t...

CVE-2024-2884

CVE-2024-2884 describes an out-of-bounds read in V8 (Chrome’s JavaScript engine) that could be triggered by a crafted HTML page. Affected product: Google Chrome (Linux/Mac/Windows) with versions prior to 121.0.6167.139. Root cause is an out-of-bounds memory access in V8, allowing remote attackers...

CVE-2024-3168

CVE-2024-3168 corresponds to a Use-after-free vulnerability in Chrome DevTools prior to 122.0.6261.57 that could allow a remote attacker to cause heap corruption via a crafted HTML page. Affected product is Google Chrome (DevTools component); root cause is a use-after-free in DevTools as describe...

CVE-2023-7013

CVE-2023-7013 affects Google Chrome’s Compositing component. The vulnerability arises from an inappropriate implementation that could allow a remote attacker to spoof the security UI via a crafted HTML page. Affected software is Chrome; root cause is within the Compositing path leading to UI spoo...

CVE-2023-7011

CVE-2023-7011 describes an improper implementation in Google Chrome’s Picture in Picture (PiP) feature that allowed a remote attacker to spoof the Omnibox contents via a crafted HTML page. Affected software is Google Chrome (PiP module) prior to version 119.0.6045.105. The underlying issue is an ...

CVE-2022-48853

In the Linux kernel, the following vulnerability has been resolved: swiotlb: fix info leak with DMAFROMDEVICE The problem I'm addressing was discovered by the LTP test covering cve-2018-1000204. A short description of what happens follows: 1 The test case issues a command code 00 TEST UNIT READY...

CVE-2022-48853 Reinstate some of "swiotlb: rework "fix info leak with DMA_FROM_DEVICE""

In the Linux kernel, the following vulnerability has been resolved: swiotlb: fix info leak with DMAFROMDEVICE The problem I'm addressing was discovered by the LTP test covering cve-2018-1000204. A short description of what happens follows: 1 The test case issues a command code 00 TEST UNIT READY...

CVE-2022-48853 Reinstate some of "swiotlb: rework "fix info leak with DMA_FROM_DEVICE""

In the Linux kernel, the following vulnerability has been resolved: swiotlb: fix info leak with DMAFROMDEVICE The problem I'm addressing was discovered by the LTP test covering cve-2018-1000204. A short description of what happens follows: 1 The test case issues a command code 00 TEST UNIT READY...

CVE-2022-48853

In the Linux kernel, the following vulnerability has been resolved: swiotlb: fix info leak with DMAFROMDEVICE The problem I'm addressing was discovered by the LTP test covering cve-2018-1000204. A short description of what happens follows: 1 The test case issues a command code 00 TEST UNIT READY...

CVE-2022-48840 iavf: Fix hang during reboot/shutdown

In the Linux kernel, the following vulnerability has been resolved: iavf: Fix hang during reboot/shutdown Recent commit 974578017fc1 "iavf: Add waiting so the port is initialized in remove" adds a wait-loop at the beginning of iavfremove to ensure that port initialization is finished prior...