Read Time:2 Second
Security agency suggests mitigations and technical solutions
Daily Archives: July 27, 2023
Supply Chain Attack Hits NHS Ambulance Trusts
SEC Wants Cyber-Incident Disclosure Within Four Days
USN-6258-1: LLVM Toolchain vulnerabilities
Read Time:33 Second
It was discovered that LLVM Toolchain did not properly manage memory under
certain circumstances. If a user were tricked into opening a specially
crafted MLIR file, an attacker could possibly use this issue to cause LLVM
Toolchain to crash, resulting in a denial of service. (CVE-2023-29932,
CVE-2023-29934, CVE-2023-29939)
It was discovered that LLVM Toolchain did not properly manage memory under
certain circumstances. If a user were tricked into opening a specially
crafted MLIR file, an attacker could possibly use this issue to cause LLVM
Toolchain to crash, resulting in a denial of service. This issue only
affected llvm-toolchain-15. (CVE-2023-29933)
caddy-2.7.0~beta2-1.fc39
Read Time:48 Second
FEDORA-2023-30431913bc
Packages in this update:
caddy-2.7.0~beta2-1.fc39
Update description:
Automatic update for caddy-2.7.0~beta2-1.fc39.
Changelog
* Thu Jul 27 2023 Carl George <carl@george.computer> – 2.7.0~beta2-1
– Update to version 2.7.0~beta2, resolves rhbz#2225732 rhbz#2124366
– Resolves CVE-2022-41717 rhbz#2164315
– Resolves CVE-2022-41723 rhbz#2178412
– Add man pages
– Use generated shell completion files instead of static ones
– Add fish shell completions
– Switch to systemd sysusers
* Wed Jul 19 2023 Fedora Release Engineering <releng@fedoraproject.org> – 2.5.2-4
– Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Tue Jan 24 2023 Carl George <carl@george.computer> – 2.5.2-3
– Rebuild for CVE-2022-41717 in golang
* Wed Jan 18 2023 Fedora Release Engineering <releng@fedoraproject.org> – 2.5.2-2
– Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
ZDI-23-1007: GStreamer RealMedia File Parsing Integer Overflow Remote Code Execution Vulnerability
Read Time:10 Second
This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.
ZDI-23-1008: GStreamer RealMedia File Parsing Integer Overflow Remote Code Execution Vulnerability
Read Time:10 Second
This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.
ZDI-23-1002: SolarWinds Network Configuration Manager VulnDownloader Directory Traversal Remote Code Execution Vulnerability
Read Time:7 Second
This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Network Configuration Manager. Authentication is required to exploit this vulnerability.
ZDI-23-1003: SolarWinds Orion Platform UpdateActionsProperties Incorrect Comparison Remote Code Execution Vulnerability
Read Time:7 Second
This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Orion Platform. Authentication is required to exploit this vulnerability.
ZDI-23-1004: SolarWinds Orion Platform WriteToFile Incomplete List of Disallowed Inputs Remote Code Execution Vulnerability
Read Time:7 Second
This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Orion Platform. Authentication is required to exploit this vulnerability.