USN-5788-1: curl vulnerabilities

Read Time:25 Second

Hiroki Kurosawa discovered that curl incorrectly handled HSTS support
when certain hostnames included IDN characters. A remote attacker could
possibly use this issue to cause curl to use unencrypted connections. This
issue only affected Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2022-43551)

It was discovered that curl incorrectly handled denials when using HTTP
proxies. A remote attacker could use this issue to cause curl to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2022-43552)

Read More

jpegoptim-1.5.1-1.el9

Read Time:17 Second

FEDORA-EPEL-2023-bbe003fd1e

Packages in this update:

jpegoptim-1.5.1-1.el9

Update description:

v1.5.1

fix logging to stdout when –stdout is used *thanks to Eta
update –treshold option accept decimal numbers as parameter
fix crashes when processing certain broken JPEG images
fix memory leaks
fix (logging) output in parallel processing mode

Read More

jpegoptim-1.5.1-1.fc37

Read Time:17 Second

FEDORA-2023-d9c91f39a5

Packages in this update:

jpegoptim-1.5.1-1.fc37

Update description:

v1.5.1

fix logging to stdout when –stdout is used *thanks to Eta
update –treshold option accept decimal numbers as parameter
fix crashes when processing certain broken JPEG images
fix memory leaks
fix (logging) output in parallel processing mode

Read More

CVE-2014-125041

Read Time:15 Second

A vulnerability classified as critical was found in Miccighel PR-CWT. This vulnerability affects unknown code. The manipulation leads to sql injection. The name of the patch is e412127d07004668e5a213932c94807d87067a1f. It is recommended to apply a patch to fix this issue. VDB-217486 is the identifier assigned to this vulnerability.

Read More

CVE-2014-125040

Read Time:20 Second

A vulnerability was found in stevejagodzinski DevNewsAggregator. It has been rated as critical. Affected by this issue is the function getByName of the file php/data_access/RemoteHtmlContentDataAccess.php. The manipulation of the argument name leads to sql injection. The name of the patch is b9de907e7a8c9ca9d75295da675e58c5bf06b172. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217484.

Read More

USN-5782-2: Firefox regressions

Read Time:1 Minute, 15 Second

USN-5782-1 fixed vulnerabilities in Firefox. The update introduced
several minor regressions. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

It was discovered that Firefox was using an out-of-date libusrsctp library.
An attacker could possibly use this library to perform a reentrancy issue
on Firefox. (CVE-2022-46871)

Nika Layzell discovered that Firefox was not performing a check on paste
received from cross-processes. An attacker could potentially exploit this
to obtain sensitive information. (CVE-2022-46872)

Pete Freitag discovered that Firefox did not implement the unsafe-hashes
CSP directive. An attacker who was able to inject markup into a page
otherwise protected by a Content Security Policy may have been able to
inject an executable script. (CVE-2022-46873)

Matthias Zoellner discovered that Firefox was not keeping the filename
ending intact when using the drag-and-drop event. An attacker could
possibly use this issue to add a file with a malicious extension, leading
to execute arbitrary code. (CVE-2022-46874)

Hafiizh discovered that Firefox was not handling fullscreen notifications
when the browser window goes into fullscreen mode. An attacker could
possibly use this issue to spoof the user and obtain sensitive information.
(CVE-2022-46877)

Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code. (CVE-2022-46878,
CVE-2022-46879)

Read More