Read Time:6 Second
FEDORA-2023-677d58bb20
Packages in this update:
apptainer-1.1.6-1.fc36
Update description:
Update to upstream 1.1.6
Monthly Archives: February 2023
apptainer-1.1.6-1.el7
Read Time:7 Second
FEDORA-EPEL-2023-1eae057392
Packages in this update:
apptainer-1.1.6-1.el7
Update description:
Update to upstream 1.1.6
python-fastapi-0.92.0-1.fc39 python-starlette-0.25.0-1.fc39
Read Time:33 Second
FEDORA-2023-6c030b3c71
Packages in this update:
python-fastapi-0.92.0-1.fc39
python-starlette-0.25.0-1.fc39
Update description:
python-starlette 0.25.0
Fixed
Limit the number of fields and files when parsing multipart/form-data on the MultipartParser
python-fastapi 0.92.0
🚨 This is a security fix. Please upgrade as soon as possible.
Upgrades
⬆ Upgrade Starlette to 0.25.0.
This solves a vulnerability that could allow denial of service attacks by using many small multipart fields/files (parts), consuming high CPU and memory.
Only applications using forms (e.g. file uploads) could be affected.
For most cases, upgrading won’t have any breaking changes.
python-fastapi-0.92.0-1.fc38 python-starlette-0.25.0-1.fc38
Read Time:33 Second
FEDORA-2023-9d50269499
Packages in this update:
python-fastapi-0.92.0-1.fc38
python-starlette-0.25.0-1.fc38
Update description:
python-starlette 0.25.0
Fixed
Limit the number of fields and files when parsing multipart/form-data on the MultipartParser
python-fastapi 0.92.0
🚨 This is a security fix. Please upgrade as soon as possible.
Upgrades
⬆ Upgrade Starlette to 0.25.0.
This solves a vulnerability that could allow denial of service attacks by using many small multipart fields/files (parts), consuming high CPU and memory.
Only applications using forms (e.g. file uploads) could be affected.
For most cases, upgrading won’t have any breaking changes.
Attacks on industrial infrastructure on the rise, defenses struggle to keep up
Read Time:44 Second
The last year saw a rise in the sophistication and number of attacks targeting industrial infrastructure, including the discovery of a modular malware toolkit that’s capable of targeting tens of thousands of industrial control systems (ICS) across different industry verticals. At the same time, incident response engagements by industrial cybersecurity firm Dragos showed that 80% of impacted environments lacked visibility into ICS traffic and half had network segmentation issues and uncontrolled external connections into their OT networks.
“A number of the threats that Dragos tracks may evolve their disruptive and destructive capabilities in the future because adversaries often do extensive research and development (R&D) and build their programs and campaigns over time,” the Dragos researchers said in a newly released annual report. “This R&D informs their future campaigns and ultimately increases their disruptive capabilities.”
CyberDanube Security Research 20230213-0 | Multiple Vulnerabilities in JetWave Series
Read Time:11 Second
Posted by Thomas Weber on Feb 14
CyberDanube Security Research 20230213-0
——————————————————————————-
title| Multiple Vulnerabilities
product| JetWave4221 HP-E, JetWave 2212G, JetWave
2212X/2212S,
| JetWave 2211C, JetWave 2411/2111, JetWave
2411L/2111L,
| JetWave 2414/2114, JetWave…
Defense in depth — the Microsoft way (part 81): enabling UTF-8 support breaks existing code
Read Time:25 Second
Posted by Stefan Kanthak on Feb 14
Hi @ll,
almost 4 years ago, with Windows 10 1903, after more than a year
beta-testing in insider previews, Microsoft finally released UTF-8
support for the -A interfaces of the Windows API.
0) <https://docs.microsoft.com/en-us/windows/uwp/design/globalizing/use-utf8-code-page#activeCodePage>
| If the ANSI code page is configured for UTF-8, -A APIs typically
| operate in UTF-8. This model has the benefit of supporting
| existing…
SEC Consult SA-20230214-0 :: Multiple XSS Vulnerabilities in B&R Systems Diagnostics Manager
Read Time:18 Second
Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Feb 14
SEC Consult Vulnerability Lab Security Advisory < 20230214-0 >
=======================================================================
title: Multiple XSS Vulnerabilities
product: B&R Systems Diagnostics Manager
vulnerable version: >=3.00 and <=C4.93
fixed version: >=D4.93
CVE number: CVE-2022-4286
impact: medium
homepage: https://www.br-automation.com…
APPLE-SA-2023-02-13-3 Safari 16.3.1
Read Time:25 Second
Posted by Apple Product Security via Fulldisclosure on Feb 14
APPLE-SA-2023-02-13-3 Safari 16.3.1
Safari 16.3.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213638.
WebKit
Available for: macOS Big Sur and macOS Monterey
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Apple is aware of a report that this issue
may have been actively exploited.
Description: A type confusion issue was addressed…
APPLE-SA-2023-02-13-2 macOS Ventura 13.2.1
Read Time:26 Second
Posted by Apple Product Security via Fulldisclosure on Feb 14
APPLE-SA-2023-02-13-2 macOS Ventura 13.2.1
macOS Ventura 13.2.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213633.
Kernel
Available for: macOS Ventura
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2023-23514: Xinru Chi of Pangu Lab, Ned Williamson of…