Daily Archives: October 30, 2023

Advisories

USN-6456-1: Firefox vulnerabilities

Read Time:45 Second

Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code. (CVE-2023-5722,
CVE-2023-5724, CVE-2023-5728, CVE-2023-5729, CVE-2023-5730, CVE-2023-5731)

Kelsey Gilbert discovered that Firefox did not properly manage certain
browser prompts and dialogs due to an insufficient activation-delay. An
attacker could potentially exploit this issue to perform clickjacking.
(CVE-2023-5721)

Daniel Veditz discovered that Firefox did not properly validate a cookie
containing invalid characters. An attacker could potentially exploit this
issue to cause a denial of service. (CVE-2023-5723)

Shaheen Fazim discovered that Firefox did not properly validate the URLs
open by installed WebExtension. An attacker could potentially exploit this
issue to obtain sensitive information. (CVE-2023-5725)

Read More

Advisories

CVE-2021-25736

Read Time:16 Second

Kube-proxy
on Windows can unintentionally forward traffic to local processes
listening on the same port (“spec.ports[*].port�) as a LoadBalancer
Service when the LoadBalancer controller
does not set the “status.loadBalancer.ingress[].ip� field. Clusters
where the LoadBalancer controller sets the
“status.loadBalancer.ingress[].ip� field are unaffected.

Read More

Advisories

DSA-5540-1 jetty9 – security update

Read Time:22 Second

Two remotely exploitable security vulnerabilities were discovered in Jetty 9, a
Java based web server and servlet engine. The HTTP/2 protocol implementation
did not sufficiently verify if HPACK header values exceed their size limit.
Furthermore the HTTP/2 protocol allowed a denial of service (server resource
consumption) because request cancellation can reset many streams quickly. This
problem is also known as Rapid Reset Attack.

https://security-tracker.debian.org/tracker/DSA-5540-1

Read More

Advisories

DSA-5541-1 request-tracker5 – security update

Read Time:31 Second

Multiple vulnerabilities have been discovered in Request Tracker, an
extensible trouble-ticket tracking system.

CVE-2023-41259

Tom Wolters reported that Request Tracker is vulnerable to accepting
unvalidated RT email headers in incoming email and the mail-gateway
REST interface.

CVE-2023-41260

Tom Wolters reported that Request Tracker is vulnerable to
information leakage via response messages returned from requests
sent via the mail-gateway REST interface.

CVE-2023-45024

It was reported that Request Tracker is vulnerable to information
leakage via transaction searches made by authenticated users in the
transaction query builder.

https://security-tracker.debian.org/tracker/DSA-5541-1

Read More

Advisories

DSA-5542-1 request-tracker4 – security update

Read Time:23 Second

Multiple vulnerabilities have been discovered in Request Tracker, an
extensible trouble-ticket tracking system.

CVE-2023-41259

Tom Wolters reported that Request Tracker is vulnerable to accepting
unvalidated RT email headers in incoming email and the mail-gateway
REST interface.

CVE-2023-41260

Tom Wolters reported that Request Tracker is vulnerable to
information leakage via response messages returned from requests
sent via the mail-gateway REST interface.

https://security-tracker.debian.org/tracker/DSA-5542-1

Read More