A vulnerability was found in mosbth cimage up to 0.7.18. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file check_system.php. The manipulation of the argument $_SERVER[‘SERVER_SOFTWARE’] leads to cross site scripting. The attack can be launched remotely. Upgrading to version 0.7.19 is able to address this issue. The name of the patch is 401478c8393989836beeddfeac5ce44570af162b. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-219715.

Read More

A vulnerability was found in capnsquarepants wordcraft up to 0.6. It has been classified as problematic. Affected is an unknown function of the file tag.php. The manipulation of the argument tag leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 0.7 is able to address this issue. The name of the patch is be23028633e8105de92f387036871c03f34d3124. It is recommended to upgrade the affected component. VDB-219714 is the identifier assigned to this vulnerability.

Read More

USN-5823-1 fixed vulnerabilities in MySQL. Unfortunately, 8.0.32 introduced
a regression in MySQL Router preventing connections from PyMySQL. This
update reverts most of the changes in MySQL Router to 8.0.31 until a proper
fix can be found.

We apologize for the inconvenience.

Original advisory details:

Multiple security issues were discovered in MySQL and this update includes
new upstream MySQL versions to fix these issues.

MySQL has been updated to 8.0.32 in Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and
Ubuntu 22.10. Ubuntu 18.04 LTS has been updated to MySQL 5.7.41.

In addition to security fixes, the updated packages contain bug fixes, new
features, and possibly incompatible changes.

Please see the following for more information:

https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-41.html
https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-32.html
https://www.oracle.com/security-alerts/cpujan2023.html

Read More

FEDORA-EPEL-2023-f41d6b3e32

Packages in this update:

python3-pygments-2.4.2-1.el7

Update description:

Update to 2.4.2
Add upstream patches for CVE-2021-20270 and CVE-2021-27291 (bz#1940605)

Read More

Martin van Kervel Smedshammer discovered that varnish, a state of the
art, high-performance web accelerator, is prone to a HTTP/2 request
forgery vulnerability.

Read More

Several buffer overflow, divide by zero or out of bounds read/write
vulnerabilities were discovered in tiff, the Tag Image File Format (TIFF)
library and tools, which may cause denial of service when processing a
crafted TIFF image.

Read More