Versions
0:1.12.0-6.el8_6.9
0:2.1.5-2.el8_6.1
8060020240213164457.824efc52
8060020231005052631.ad008a3a
8060020231201202249.ad008a3a
0:3.6.16-5.el8_6.4
8060020231128234847.ad008a3a
0:1.12.0-6.el8_6.11
0:3.6.16-5.el8_6.2
0:4.15.5-15.el8_6
0:1.18.2-16.el8_6
8060020231222131040.ad008a3a
0:15.8-2.el8_6
0:4.18.0-372.91.1.el8_6
0:2.28-189.8.el8_6
0:4.18.0-372.93.1.el8_6
0:3.6.16-5.el8_6.3
0:1.7.3-17.el8_6.4
8060020240419071711.2e213529
2:4.6-17.el8_6
0:3.17.0-6.el8_6
0:4.15.5-13.el8_6
8060020240422155330.3b538bd8
8060020231128165328.ad008a3a
0:5.3.5-9.el8_6
0:1.12.0-6.el8_6.6
0:4.18.0-372.87.1.el8_6
0:4.18.0-372.75.1.el8_6
0:4.18.0-372.95.1.el8_6
8060020231031165747.ad008a3a
0:2.6.2-4.el8_6.3
0:3.2.2-1.el8_6
0:1.12.0-6.el8_6.4
0:1.28.29.1-2.el8_6
0:2.28-189.6.el8_6
8060020231114115246.ad008a3a
8060020231208020207.ada582f1
Recent CVEs
CVE-2023-3758
A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to improper authorization issues, granting or denying access to resources inappropriately.
CVE-2024-31083
A use-after-free vulnerability was found in the ProcRenderAddGlyphs() function of Xorg servers. This issue occurs when AllocateGlyph() is called to store new glyphs sent by the client to the X server, potentially resulting in multiple entries pointing to the same non-refcounted glyphs. Consequently, ProcRenderAddGlyphs() may free a glyph, leading to a use-after-free scenario when the same glyph pointer is subsequently accessed. This flaw allows an authenticated attacker to execute arbitrary code on the system by sending a specially crafted request.
CVE-2024-31081
A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIPassiveGrabDevice() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker's inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads.
CVE-2024-31080
A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIGetSelectedEvents() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker's inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads.