This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open Design Alliance (ODA) Drawing SDK. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
Monthly Archives: February 2023
python-django3-3.2.18-1.fc38
FEDORA-2023-a74513bda8
Packages in this update:
python-django3-3.2.18-1.fc38
Update description:
Security fixes for CVE-2022-24580 and CVE-2023-41323
python-django3-3.2.18-1.el8
FEDORA-EPEL-2023-934b856e97
Packages in this update:
python-django3-3.2.18-1.el8
Update description:
Security fixes for CVE-2022-24580 and CVE-2023-41323
python-django3-3.2.18-1.fc36
FEDORA-2023-3d775d93be
Packages in this update:
python-django3-3.2.18-1.fc36
Update description:
Security fixes for CVE-2022-24580 and CVE-2023-41323
python-django3-3.2.18-1.fc37
FEDORA-2023-bde7913e5a
Packages in this update:
python-django3-3.2.18-1.fc37
Update description:
Security fixes for CVE-2022-24580 and CVE-2023-41323
Companies urged to patch critical vulnerability in Fortinet FortiNAC
Proof-of-concept exploit code is now available for a critical vulnerability in Fortinet FortiNAC appliances and attackers have already started using it in the wild. Users are advised to patch their systems as soon as possible.
FortiNAC is a zero-trust network access solution that can be deployed both as a hardware device or as a virtual machine appliance. It is used for network segmentation, visibility, and control of devices and users connected to the network. As such, it can be deployed at the network perimeter, making it an easier target for internet-based attacks. According to Shodan scans, more than 700,000 Fortinet devices are connected to the internet around the world.
DSA-5361 tiff – security update
Several flaws were found in tiffcrop, a program distributed by tiff, the Tag
Image File Format (TIFF) library and tools. A specially crafted tiff file
can lead to an out-of-bounds write or read resulting in a denial of service.
DSA-5362 frr – security update
An out-of-bounds read in the BGP daemon of FRRouting FRR before 8.4 may lead
to a segmentation fault and denial of service. This occurs in
bgp_capability_msg_parse in bgpd/bgp_packet.c.
DSA-5363 php7.4 – security update
Multiple security issues were found in PHP, a widely-used open source
general purpose scripting language which could result in denial of
service or incorrect validation of BCrypt hashes.
perl-HTTP-Daemon-6.15-1.fc38
FEDORA-2023-d04facf6ce
Packages in this update:
perl-HTTP-Daemon-6.15-1.fc38
Update description:
6.15 2023-02-22 22:02:46Z
Fix CVE-2022-31081: Inconsistent Interpretation of HTTP Requests
Correctly handle multiple Content-Length headers and its variants
(Theo van Hoesel)
Closes “Discrepancies in the Parsing of Content Length header …” (GH#56)
(blessingcharles)
kill test server with KILL rather than QUIT (GH#63) (Graham Knop)
Create TestServer test lib for running daemon process (GH#62) (Graham Knop)
Clean up tests (GH#61) (Graham Knop)