end_pattern (called from internal_fnmatch) in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of service (application crash), as demonstrated by use of the fnmatch library function with the **(!() pattern. NOTE: this is not the same as CVE-2015-8984; also, some Linux distributions have fixed CVE-2015-8984 but have not fixed this additional fnmatch issue.
Monthly Archives: June 2023
golang-github-schollz-croc-9.6.4-2.fc38 golang-github-schollz-mnemonicode-1.0.1-6.20230519git63fa713.fc38
FEDORA-2023-ac4651c9b2
Packages in this update:
golang-github-schollz-croc-9.6.4-2.fc38
golang-github-schollz-mnemonicode-1.0.1-6.20230519git63fa713.fc38
Update description:
croc 9.6.4
golang-github-schollz-croc-9.6.4-1.fc39
FEDORA-2023-4c1050f439
Packages in this update:
golang-github-schollz-croc-9.6.4-1.fc39
Update description:
Automatic update for golang-github-schollz-croc-9.6.4-1.fc39.
Changelog
* Fri May 19 2023 Mikel Olasagasti Uranga <mikel@olasagasti.info> – 9.6.4-1
– Update to 9.6.4 – Closes rhbz#2208585 rhbz#2171537 rhbz#2163218
* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> – 9.5.2-4
– Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> – 9.5.2-3
– Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Tue Jul 19 2022 Maxwell G <gotmax@e.email> – 9.5.2-2
– Rebuild for
CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang
apache-ivy-2.5.1-3.fc38
FEDORA-2023-35f775fd6e
Packages in this update:
apache-ivy-2.5.1-3.fc38
Update description:
Changelog
* Sun Jun 25 2023 Didik Supriadi <didiksupriadi41@fedoraproject.org> – 2.5.1-3
– Build with ivy instead of maven
DSA-5439 bind9 – security update
Several vulnerabilities were discovered in BIND, a DNS server
implementation.
Multiple Vulnerabilities in VMware Products Could Allow for Arbitrary Code Execution
Multiple vulnerabilities have been discovered in VMware vCenter Server and Cloud Foundation, the most severe of which could allow for arbitrary code execution. VMware vCenter Server is the centralized management utility for VMware. VMware Cloud Foundation is a multi-cloud platform that provides a full-stack hyperconverged infrastructure (HCI) that is made for modernizing data centers and deploying modern container-based applications. Successful exploitation of these vulnerabilities could allow for arbitrary code execution in the context of the administrator account. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Friday Squid Blogging: Giggling Squid
Giggling Squid is a Thai chain in the UK.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Read my blog posting guidelines here.
mariadb-10.5-3820230614090319.75741a8b
FEDORA-MODULAR-2023-71437dedee
Packages in this update:
mariadb-10.5-3820230614090319.75741a8b
Update description:
MariaDB 10.5.20 & Galera 26.4.14
mariadb-10.5-3720230614090319.9e842022
FEDORA-MODULAR-2023-b9453b52e0
Packages in this update:
mariadb-10.5-3720230614090319.9e842022
Update description:
MariaDB 10.5.20 & Galera 26.4.14
Public exploit is now available for Cisco AnyConnect VPN client
An easy-to-use exploit was publicly released this week for a patched vulnerability that affects the widely used Cisco AnyConnect Secure Mobility Client and Cisco Secure Client applications for Windows. Attackers could leverage the exploit to elevate their privileges on a victim’s system and take full control of it.
Cisco Secure Client for Windows, previously known as Cisco AnyConnect Secure Mobility Client before version 5.0, is an application that integrates with multiple Cisco endpoint security and management platforms and technologies including its AnyConnect VPN and zero-trust network access (ZTNA) platform, which is popular with enterprises.