USN-5672-1 fixed a vulnerability in GMP. This update provides
the corresponsing update for Ubuntu 14.04 ESM.
Original advisory details:
It was discovered that GMP did not properly manage memory
on 32-bit platforms when processing a specially crafted
input. An attacker could possibly use this issue to cause
applications using GMP to crash, resulting in a denial of
service.
libmemcached-awesome-1.1.4-1.fc38
Version 1.1.4 – released 2022-03-06
Fix gh #107:
macOS: deprecated sasl API (improve detection of libsasl2).
Fix gh #131:
Consider renaming tools (add CLIENT_PREFIX build option; default: mem)
Fix gh #132:
Add build of static library (add BUILD_SHARED_LIBS build option; default: ON).
Fix gh #134:
Update client option documentation.
Fix gh #136:
libmemcachedutil is underlinked (link against libmemcached).
Fix gh php-memcached#531:
get returns random values when lower than default OPT_POLL_TIMEOUT is set.
libmemcached-awesome-1.1.4-1.fc36
Version 1.1.4 – released 2022-03-06
Fix gh #107:
macOS: deprecated sasl API (improve detection of libsasl2).
Fix gh #131:
Consider renaming tools (add CLIENT_PREFIX build option; default: mem)
Fix gh #132:
Add build of static library (add BUILD_SHARED_LIBS build option; default: ON).
Fix gh #134:
Update client option documentation.
Fix gh #136:
libmemcachedutil is underlinked (link against libmemcached).
Fix gh php-memcached#531:
get returns random values when lower than default OPT_POLL_TIMEOUT is set.
libmemcached-awesome-1.1.4-1.fc37
Version 1.1.4 – released 2022-03-06
Fix gh #107:
macOS: deprecated sasl API (improve detection of libsasl2).
Fix gh #131:
Consider renaming tools (add CLIENT_PREFIX build option; default: mem)
Fix gh #132:
Add build of static library (add BUILD_SHARED_LIBS build option; default: ON).
Fix gh #134:
Update client option documentation.
Fix gh #136:
libmemcachedutil is underlinked (link against libmemcached).
Fix gh php-memcached#531:
get returns random values when lower than default OPT_POLL_TIMEOUT is set.
It was discovered that FriBidi incorrectly handled the processing of input
strings, resulting in memory corruption. An attacker could possibly use this
issue to cause FriBidi to crash, resulting in a denial of service, or
potentially execute arbitrary code. (CVE-2022-25308)
It was discovered that FriBidi incorrectly validated input data to its CapRTL
unicode encoder, resulting in memory corruption. An attacker could possibly
use this issue to cause FriBidi to crash, resulting in a denial of service, or
potentially execute arbitrary code. (CVE-2022-25309)
It was discovered that FriBidi incorrectly handled empty input when removing
marks from unicode strings. An attacker could possibly use this to cause
FriBidi to crash, resulting in a denial of service, or potentially execute
arbitrary code. (CVE-2022-25310)
USN-5767-1 fixed vulnerabilities in PythonX. This update fixes the problem
for Ubuntu 18.04 LTS.
Original advisory details:
Nicky Mouha discovered that Python incorrectly handled certain SHA-3 internals.
An attacker could possibly use this issue to cause a crash or execute arbitrary code.
(CVE-2022-37454)
For more than two decades, the Open Worldwide Application Security Project (OWASP) has provided free and open resources for improving the security of software. Led by the non-profit OWASP Foundation, OWASP has brought together community-led open-source software projects, hundreds of local chapters worldwide, tens of thousands of members, and educational and training conferences for developers and technologists to secure the web.
HHowever, an open letter signed by dozens of OWASP members, contributors, and supporters questioned OWASP’s viability for the modern internet, the way software is now built, and today’s security industry, casting a damning light on its ability to keep pace and evolve to support the needs of the community and its projects.
Koen van Hove discovered that the rsync client incorrectly validated
filenames returned by servers. If a user or automated system were tricked
into connecting to a malicious server, a remote attacker could use this
issue to write arbitrary files, and possibly excalate privileges.
Last week the Biden Administration released a new National Cybersecurity Strategy (summary >here. There is lots of good commentary out there. It’s basically a smart strategy, but the hard parts are always the implementation details. It’s one thing to say that we need to secure our cloud infrastructure, and another to detail what the means technically, who pays for it, and who verifies that it’s been done.
One of the provisions getting the most attention is a move to shift liability to software vendors, something I’ve been advocating for since at least 2003.
Shashdot thread.
Graham Cluley Security News is sponsored this week by the folks at Sysdig. Thanks to the great team there for their support! This move to the cloud has made it easier to scale up applications when they need to grow. However, there is a corollary to this: Budgeting! Chances are, you’re probably overspending. Estimating how … Continue reading “Study reveals companies are wasting millions on unused Kubernetes resources”
