end_pattern (called from internal_fnmatch) in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of service (application crash), as demonstrated by use of the fnmatch library function with the **(!() pattern. NOTE: this is not the same as CVE-2015-8984; also, some Linux distributions have fixed CVE-2015-8984 but have not fixed this additional fnmatch issue.
golang-github-schollz-croc-9.6.4-2.fc38
golang-github-schollz-mnemonicode-1.0.1-6.20230519git63fa713.fc38
croc 9.6.4
golang-github-schollz-croc-9.6.4-1.fc39
Automatic update for golang-github-schollz-croc-9.6.4-1.fc39.
* Fri May 19 2023 Mikel Olasagasti Uranga <mikel@olasagasti.info> – 9.6.4-1
– Update to 9.6.4 – Closes rhbz#2208585 rhbz#2171537 rhbz#2163218
* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> – 9.5.2-4
– Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> – 9.5.2-3
– Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Tue Jul 19 2022 Maxwell G <gotmax@e.email> – 9.5.2-2
– Rebuild for
CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang
apache-ivy-2.5.1-3.fc38
Changelog
* Sun Jun 25 2023 Didik Supriadi <didiksupriadi41@fedoraproject.org> – 2.5.1-3
– Build with ivy instead of maven
Several vulnerabilities were discovered in BIND, a DNS server
implementation.
Multiple vulnerabilities have been discovered in VMware vCenter Server and Cloud Foundation, the most severe of which could allow for arbitrary code execution. VMware vCenter Server is the centralized management utility for VMware. VMware Cloud Foundation is a multi-cloud platform that provides a full-stack hyperconverged infrastructure (HCI) that is made for modernizing data centers and deploying modern container-based applications. Successful exploitation of these vulnerabilities could allow for arbitrary code execution in the context of the administrator account. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Giggling Squid is a Thai chain in the UK.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Read my blog posting guidelines here.
mariadb-10.5-3820230614090319.75741a8b
MariaDB 10.5.20 & Galera 26.4.14
mariadb-10.5-3720230614090319.9e842022
MariaDB 10.5.20 & Galera 26.4.14
An easy-to-use exploit was publicly released this week for a patched vulnerability that affects the widely used Cisco AnyConnect Secure Mobility Client and Cisco Secure Client applications for Windows. Attackers could leverage the exploit to elevate their privileges on a victim’s system and take full control of it.
Cisco Secure Client for Windows, previously known as Cisco AnyConnect Secure Mobility Client before version 5.0, is an application that integrates with multiple Cisco endpoint security and management platforms and technologies including its AnyConnect VPN and zero-trust network access (ZTNA) platform, which is popular with enterprises.
