Daily Archives: August 29, 2023

Advisories

USN-6313-1: FAAD2 vulnerabilities

Read Time:30 Second

It was discovered that FAAD2 incorrectly handled certain inputs. If a user or
an automated system were tricked into opening a specially crafted input file,
a remote attacker could possibly use this issue to execute arbitrary code.
(CVE-2021-32272, CVE-2021-32273, CVE-2021-32274, CVE-2021-32277,
CVE-2021-32278, CVE-2023-38857, CVE-2023-38858)

It was discovered that FAAD2 incorrectly handled certain inputs. If a user or
an automated system were tricked into opening a specially crafted input file,
a remote attacker could possibly use this issue to cause a denial of service.
(CVE-2021-32276)

Read More

Advisories

python3-flask-1.1.4-1.el7

Read Time:12 Second

FEDORA-EPEL-2023-2b99803700

Packages in this update:

python3-flask-1.1.4-1.el7

Update description:

Update to version 1.1.4
Rename python36-flask to python3-flask
Backport patch for CVE-2023-30861
Run test suite in %check

Read More

Advisories

Mozilla Firefox only stores up to 1024 HSTS entries

Read Time:24 Second

Posted by Konstantin on Aug 29

# VULNERABILITY
Mozilla Firefox only stores up to 1024 HSTS entries.
When the limit is reached, Firefox discards entries based on their age
and recent visits to the domain in question.

# IMPACT
The HSTS header ensures that once a page has been visited, the browser
will attempt to connect to it using HTTPS.
The limit means that Firefox effectively does not store any further HSTS
headers, as new ones permanently override each other.
Sites…

Read More

Advisories

python3-werkzeug-1.0.1-2.el7

Read Time:12 Second

FEDORA-EPEL-2023-f73923f479

Packages in this update:

python3-werkzeug-1.0.1-2.el7

Update description:

Rename python36-werkzeug to python3-werkzeug
Backport patch for CVE-2023-25577
Backport patch for CVE-2023-23934
Run test suite in %check

Read More