It was discovered that GnuPG was not properly processing keys
with large amounts of signatures. An attacker could possibly
use this issue to cause a denial of service.
Monthly Archives: May 2022
DSA-5153 trafficserver – security update
Several vulnerabilities were discovered in Apache Traffic Server, a
reverse and forward proxy server, which could result in HTTP request
smuggling or MITM attacks.
DSA-5152 spip – security update
It was discovered that SPIP, a website engine for publishing, would
allow a malicious user to perform cross-site scripting attacks.
DSA-5151 smarty3 – security update
Several security vulnerabilities have been discovered in smarty3, the compiling
PHP template engine. Template authors are able to run restricted static php
methods or even arbitrary PHP code by crafting a malicious math string or by
choosing an invalid {block} or {include} file name. If a math string was passed
through as user provided data to the math function, remote users were able to
run arbitrary PHP code as well.
Trojan-Ransom.Thanos / Code Execution
Posted by malvuln on May 27
Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/be60e389a0108b2871dff12dfbb542ac.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Threat: Trojan-Ransom.Thanos
Vulnerability: Code Execution
Description: Thanos looks for and executes DLLs in its current directory.
Therefore, we can potentially hijack a vuln DLL execute our own code,
control and terminate the malware…
[CVE-2022-0779] User Meta “um_show_uploaded_file” Path Traversal / Local File Enumeration
Posted by Julien Ahrens (RCE Security) on May 27
RCE Security Advisory
https://www.rcesecurity.com
1. ADVISORY INFORMATION
=======================
Product: User Meta
Vendor URL: https://wordpress.org/plugins/user-meta
Type: Relative Path Traversal [CWE-23]
Date found: 2022-02-28
Date published: 2022-05-24
CVSSv3 Score: 4.3 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)
CVE: CVE-2022-0779
2. CREDITS
==========
This vulnerability was discovered and…
DSA-5150 rsyslog – security update
Peter Agten discovered that several modules for TCP syslog reception in
rsyslog, a system and kernel logging daemon, have buffer overflow flaws
when octet-counted framing is used, which could result in denial of
service or potentially the execution of arbitrary code.
Friday Squid Blogging: Squid Bites Diver
I agree; the diver deserved it.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Read my blog posting guidelines here.
dotnet3.1-3.1.419-1.fc34
FEDORA-2022-21c312c05b
Packages in this update:
dotnet3.1-3.1.419-1.fc34
Update description:
Upstream release notes: https://github.com/dotnet/core/blob/main/release-notes/3.1/3.1.25/3.1.25.md
dotnet3.1-3.1.419-1.fc35
FEDORA-2022-62c0ec2d98
Packages in this update:
dotnet3.1-3.1.419-1.fc35
Update description:
Upstream release notes: https://github.com/dotnet/core/blob/main/release-notes/3.1/3.1.25/3.1.25.md