Two years after a critical vulnerability was found in utility Log4j, 38% of apps still use buggy versions
Daily Archives: December 11, 2023
USN-6543-1: GNU Tar vulnerability
It was discovered that tar incorrectly handled extended attributes in PAX
archives. An attacker could use this issue to cause tar to crash, resulting in a
denial of service.
DSA-5575-1 webkit2gtk – security update
The following vulnerabilities have been discovered in the WebKitGTK
web engine:
CVE-2023-42916
Clement Lecigne discovered that processing web content may
disclose sensitive information. Apple is aware of a report that
this issue may have been actively exploited.
CVE-2023-42917
Clement Lecigne discovered that processing web content may lead to
arbitrary code execution. Apple is aware of a report that this
issue may have been actively exploited.
DSA-5574-1 libreoffice – security update
Reginaldo Silva discovered two security vulnerabilities in LibreOffice,
which could result in the execution of arbitrary scripts or Gstreamer
plugins when opening a malformed file.