FEDORA-2023-0861a23801
Packages in this update:
suricata-6.0.15-1.fc38
Update description:
This is a security release, fixing a number of important issues.
suricata-6.0.15-1.fc38
This is a security release, fixing a number of important issues.
suricata-6.0.15-1.fc37
This is a security release, fixing a number of important issues.
An issue was discovered on certain ABUS TVIP cameras. The CGI scripts allow remote attackers to execute code via system() as root. There are several injection points in various scripts.
Buffer Overflow vulnerability in certain ABUS TVIP cameras allows attackers to gain control of the program via crafted string sent to sprintf() function.
Due to incorrect access control, unauthenticated remote attackers can view the /video.mjpg video stream of certain ABUS TVIP cameras.
Hardcoded manufacturer credentials and an OS command injection vulnerability in the /cgi-bin/mft/ directory on ABUS TVIP TVIP20050 LM.1.6.18, TVIP10051 LM.1.6.18, TVIP11050 MG.1.6.03.05, TVIP20550 LM.1.6.18, TVIP10050 LM.1.6.18, TVIP11550 MG.1.6.03, TVIP21050 MG.1.6.03, and TVIP51550 MG.1.6.03 cameras allow remote attackers to execute code as root.
An issue was discovered on certain ABUS TVIP devices. Due to a path traversal in /opt/cgi/admin/filewrite, an attacker can write to files, and thus execute code arbitrarily with root privileges.
It was discovered that Exim incorrectly handled validation of user-supplied
data, which could lead to memory corruption. A remote attacker could
possibly use this issue to execute arbitrary code. (CVE-2023-42117)
It was discovered that Exim incorrectly handled validation of user-supplied
data, which could lead to an out-of-bounds read. An attacker could possibly
use this issue to expose sensitive information. (CVE-2023-42119)
netconsd-0.4-1.fc38
Update to 0.4
A Vietnamese cybercrime gang is being blamed for a malware campaign that has seen bogus adverts posted on LinkedIn, pretending to be related to jobs at computer memory and gaming accessories firm Corsair.
Read more in my article on the Tripwire State of Security blog.