Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in side channel attacks, leaking sensitive data to log files, denial of service or bypass of sandbox restrictions.
Archive for February 1st, 2024
Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
ImageMagick could be made to crash if it opened a specially crafted file.
A regression was fixed in X.Org X Server.
GNU C Library could be made to crash or run programs as an administrator if it handled a specially crafted request.
Update to 115.7.0 * https://www.mozilla.org/en- US/security/advisories/mfsa2024-04/ * https://www.thunderbird.net/en- US/thunderbird/115.7.0/releasenotes/
Security fix for CVE-2023-6246, CVE-2023-6779, and CVE-2023-6780. CVE-2023-6246: __vsyslog_internal did not handle a case where printing a SYSLOG_HEADER containing a long program name failed to update the required buffer size, leading to the allocation and overflow of a too-small buffer on the heap. CVE-2023-6779: __vsyslog_internal used the return value of