CVE-2021-25736

October 30, 2023

Read Time:16 Second

Kube-proxy
on Windows can unintentionally forward traffic to local processes
listening on the same port (â€œspec.ports[*].portâ€�) as a LoadBalancer
Service when the LoadBalancer controller
does not set the â€œstatus.loadBalancer.ingress[].ipâ€� field. Clusters
where the LoadBalancer controller sets the
â€œstatus.loadBalancer.ingress[].ipâ€� field are unaffected.

Advisories

mlpack-4.2.1-4.fc39

October 30, 2023

Read Time:7 Second

FEDORA-2023-c2bf1825d8

Packages in this update:

mlpack-4.2.1-4.fc39

Update description:

Ensure stb_image contains the latest CVE patches

Advisories

DSA-5539-1 node-browserify-sign – security update

October 30, 2023

Read Time:16 Second

It was reported that incorrect bound checks in the dsaVerify function
in node-browserify-sign, a Node.js library which adds crypto signing
for browsers, allows an attacker to perform signature forgery attacks
by constructing signatures that can be successfully verified by any
public key.

https://security-tracker.debian.org/tracker/DSA-5539-1

Advisories

DSA-5540-1 jetty9 – security update

October 30, 2023

Read Time:22 Second

Two remotely exploitable security vulnerabilities were discovered in Jetty 9, a
Java based web server and servlet engine. The HTTP/2 protocol implementation
did not sufficiently verify if HPACK header values exceed their size limit.
Furthermore the HTTP/2 protocol allowed a denial of service (server resource
consumption) because request cancellation can reset many streams quickly. This
problem is also known as Rapid Reset Attack.

https://security-tracker.debian.org/tracker/DSA-5540-1

Advisories

DSA-5541-1 request-tracker5 – security update

October 30, 2023

Read Time:31 Second

Multiple vulnerabilities have been discovered in Request Tracker, an
extensible trouble-ticket tracking system.

CVE-2023-41259

Tom Wolters reported that Request Tracker is vulnerable to accepting
unvalidated RT email headers in incoming email and the mail-gateway
REST interface.

CVE-2023-41260

Tom Wolters reported that Request Tracker is vulnerable to
information leakage via response messages returned from requests
sent via the mail-gateway REST interface.

CVE-2023-45024

It was reported that Request Tracker is vulnerable to information
leakage via transaction searches made by authenticated users in the
transaction query builder.

https://security-tracker.debian.org/tracker/DSA-5541-1

Advisories

DSA-5542-1 request-tracker4 – security update

October 30, 2023

Read Time:23 Second

Multiple vulnerabilities have been discovered in Request Tracker, an
extensible trouble-ticket tracking system.

CVE-2023-41259

Tom Wolters reported that Request Tracker is vulnerable to accepting
unvalidated RT email headers in incoming email and the mail-gateway
REST interface.

CVE-2023-41260

Tom Wolters reported that Request Tracker is vulnerable to
information leakage via response messages returned from requests
sent via the mail-gateway REST interface.

https://security-tracker.debian.org/tracker/DSA-5542-1

Advisories

DSA-5539 node-browserify-sign – security update

October 30, 2023

Read Time:14 Second

Advisories

DSA-5540 jetty9 – security update

October 30, 2023

Read Time:20 Second

Two remotely exploitable security vulnerabilities were discovered in Jetty 9,
a Java based web server and servlet engine. The HTTP/2 protocol implementation
did not sufficiently verify if HPACK header values exceed their size limit.
Furthermore the HTTP/2 protocol allowed a denial of service (server resource
consumption) because request cancellation can reset many streams quickly. This
problem is also known as Rapid Reset Attack.