Read Time:6 Second
FEDORA-2022-61f5b492b7
Packages in this update:
libapreq2-2.17-1.fc36
Update description:
Fix CVE-2022-22728.
Monthly Archives: September 2022
libapreq2-2.17-1.fc37
Read Time:6 Second
FEDORA-2022-9e5046934e
Packages in this update:
libapreq2-2.17-1.fc37
Update description:
Fix CVE-2022-22728.
libapreq2-2.17-1.el8
Read Time:6 Second
FEDORA-EPEL-2022-ebbc78f3cb
Packages in this update:
libapreq2-2.17-1.el8
Update description:
Fix CVE-2022-22728.
libapreq2-2.17-1.el7
Read Time:6 Second
FEDORA-EPEL-2022-b86f845eb8
Packages in this update:
libapreq2-2.17-1.el7
Update description:
Fix CVE-2022-22728.
CVE-2020-29260
Read Time:5 Second
libvncclient v0.9.13 was discovered to contain a memory leak via the function rfbClientCleanup().
Friday Squid Blogging: Squid Images
Read Time:12 Second
iStock has over 13,000 royalty-free images of squid.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Read my blog posting guidelines here.
CVE-2021-27693
Read Time:7 Second
Server-side Request Forgery (SSRF) vulnerability in PublicCMS before 4.0.202011.b via /publiccms/admin/ueditor when the action is catchimage.
CVE-2020-22669
Read Time:13 Second
Modsecurity owasp-modsecurity-crs 3.2.0 (Paranoia level at PL1) has a SQL injection bypass vulnerability. Attackers can use the comment characters and variable assignments in the SQL syntax to bypass Modsecurity WAF protection and implement SQL injection attacks on Web applications.
protobuf-c-1.4.1-2.fc36
Read Time:7 Second
FEDORA-2022-3be472fe11
Packages in this update:
protobuf-c-1.4.1-2.fc36
Update description:
Updated to version 1.4.1.
OpenSSF releases npm best practices to help developers tackle open-source dependency risks
Read Time:33 Second
The Open Source Security Foundation (OpenSSF) has released the npm Best Practices Guide to help JavaScript and TypeScript developers reduce the security risks associated with using open-source dependencies. The guide, a product of the OpenSSF Best Practices Working Group, focuses on dependency management and supply chain security for npm and covers various areas such as how to set up a secure CI configuration, how to avoid dependency confusion, and how to limit the consequences of a hijacked dependency. The release comes as developers increasingly share and use dependencies which, while contributing to faster development and innovation, can also introduce risks.