Russia’s Sandworm group suspected of destructive attack
Monthly Archives: January 2023
CVE-2016-15022
A vulnerability was found in mosbth cimage up to 0.7.18. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file check_system.php. The manipulation of the argument $_SERVER[‘SERVER_SOFTWARE’] leads to cross site scripting. The attack can be launched remotely. Upgrading to version 0.7.19 is able to address this issue. The name of the patch is 401478c8393989836beeddfeac5ce44570af162b. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-219715.
CVE-2009-10003
A vulnerability was found in capnsquarepants wordcraft up to 0.6. It has been classified as problematic. Affected is an unknown function of the file tag.php. The manipulation of the argument tag leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 0.7 is able to address this issue. The name of the patch is be23028633e8105de92f387036871c03f34d3124. It is recommended to upgrade the affected component. VDB-219714 is the identifier assigned to this vulnerability.
USN-5823-3: MySQL regression
USN-5823-1 fixed vulnerabilities in MySQL. Unfortunately, 8.0.32 introduced
a regression in MySQL Router preventing connections from PyMySQL. This
update reverts most of the changes in MySQL Router to 8.0.31 until a proper
fix can be found.
We apologize for the inconvenience.
Original advisory details:
Multiple security issues were discovered in MySQL and this update includes
new upstream MySQL versions to fix these issues.
MySQL has been updated to 8.0.32 in Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and
Ubuntu 22.10. Ubuntu 18.04 LTS has been updated to MySQL 5.7.41.
In addition to security fixes, the updated packages contain bug fixes, new
features, and possibly incompatible changes.
Please see the following for more information:
https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-41.html
https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-32.html
https://www.oracle.com/security-alerts/cpujan2023.html
python3-pygments-2.4.2-1.el7
FEDORA-EPEL-2023-f41d6b3e32
Packages in this update:
python3-pygments-2.4.2-1.el7
Update description:
Update to 2.4.2
Add upstream patches for CVE-2021-20270 and CVE-2021-27291 (bz#1940605)
DSA-5334 varnish – security update
Martin van Kervel Smedshammer discovered that varnish, a state of the
art, high-performance web accelerator, is prone to a HTTP/2 request
forgery vulnerability.
DSA-5333 tiff – security update
Several buffer overflow, divide by zero or out of bounds read/write
vulnerabilities were discovered in tiff, the Tag Image File Format (TIFF)
library and tools, which may cause denial of service when processing a
crafted TIFF image.
CVE-2021-4315
A vulnerability has been found in NYUCCL psiTurk up to 3.2.0 and classified as critical. This vulnerability affects unknown code of the file psiturk/experiment.py. The manipulation of the argument mode leads to improper neutralization of special elements used in a template engine. The exploit has been disclosed to the public and may be used. Upgrading to version 3.2.1 is able to address this issue. The name of the patch is 47787e15cecd66f2aa87687bf852ae0194a4335f. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-219676.
bind-9.16.37-1.fc36 bind-dyndb-ldap-11.9-21.fc36
FEDORA-2023-a3d608daf4
Packages in this update:
bind-9.16.37-1.fc36
bind-dyndb-ldap-11.9-21.fc36
Update description:
rust-exa-0.10.1-9.el9 rust-pore-0.1.8-2.el9 rust-resctl-bench-2.1.2-8.el9 rust-resctl-demo-2.1.2-8.el9
FEDORA-EPEL-2023-b7a22b9abd
Packages in this update:
rust-exa-0.10.1-9.el9
rust-pore-0.1.8-2.el9
rust-resctl-bench-2.1.2-8.el9
rust-resctl-demo-2.1.2-8.el9
Update description:
This update contains rebuilds of all Rust applications against versions of the libgit2-sys crate that ship fixes for CVE-2022-24765 and CVE-2022-29187 in the bundled copies of libgit2.
Updates pore to 0.1.8
Speed up update_remote_refs
Fall back to /etc/pore.toml if it exists.