Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Fedora 40: FEDORA-2024-b7e1234bc7 Major: onnx Unauthorized Directory Access

fedora
Calendar Grey July 11, 2024
Dist Fedora Esm H88
Fedora 40 has issued a security patch for onnx that mitigates CVE-2024-5187, effectively solving a critical arbitrary file overwrite vulnerability.
Security fix for CVE-2024-5187

Summary

onnx provides an open source format for AI models, both deep learning and

traditional ML. It defines an extensible computation graph model, as well as

definitions of built-in operators and standard data types.

Update Information:

Security fix for CVE-2024-5187

Topics%20covered

Topics Covered

security advisory critical software update Fedora arbitrary file overwrite onnx

Change Log

* Tue Jul 2 2024 Alejandro Alvarez Ayllon - 1.14.1-3 - Backport of fix for CVE-2024-5187

References


[ 1 ] Bug #2290806 - CVE-2024-5187 onnx: arbitrary file overwrite in download_model_with_test_data https://bugzilla.redhat.com/show_bug.cgi?id=2290806

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-d9c7181a19' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: onnx
Product: Fedora 40
Version: 1.14.1
Release: 3.fc40
URL: https://github.com/onnx/onnx
Summary: Open standard for machine learning interoperability

Topics%20covered

Topics Covered

security advisory critical software update Fedora arbitrary file overwrite onnx

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here