Read Time:9 Second
FEDORA-2023-1caffb88af
Packages in this update:
trafficserver-9.2.3-1.fc39
Update description:
Update to upstream 9.2.3
Resolves CVE-2023-44487, CVE-2023-41752, CVE-2023-39456
Yearly Archives: 2023
trafficserver-9.2.3-1.fc38
Read Time:9 Second
FEDORA-2023-5ff7bf1dd8
Packages in this update:
trafficserver-9.2.3-1.fc38
Update description:
Update to upstream 9.2.3
Resolves CVE-2023-44487, CVE-2023-41752, CVE-2023-39456
USN-6425-2: Samba regression
Read Time:59 Second
USN-6425-1 fixed vulnerabilities in Samba. Due to a build issue on Ubuntu
20.04 LTS, the update introduced regressions in macro handling and
possibly other functionality.
This update fixes the problem. We apologize for the inconvenience.
Original advisory details:
Sri Nagasubramanian discovered that the Samba acl_xattr VFS module
incorrectly handled read-only files. When Samba is configured to ignore
system ACLs, a remote attacker could possibly use this issue to truncate
read-only files. (CVE-2023-4091)
Andrew Bartlett discovered that Samba incorrectly handled the DirSync
control. A remote attacker with an RODC DC account could possibly use this
issue to obtain all domain secrets. (CVE-2023-4154)
Andrew Bartlett discovered that Samba incorrectly handled the rpcecho
development server. A remote attacker could possibly use this issue to
cause Samba to stop responding, resulting in a denial of service.
(CVE-2023-42669)
Kirin van der Veer discovered that Samba incorrectly handled certain RPC
service listeners. A remote attacker could possibly use this issue to cause
Samba to start multiple incompatible RPC listeners, resulting in a denial
of service. This issue only affected Ubuntu 22.04 LTS, and Ubuntu 23.04.
(CVE-2023-42670)
xen-4.16.5-3.fc37
Read Time:19 Second
FEDORA-2023-881672fdab
Packages in this update:
xen-4.16.5-3.fc37
Update description:
xenstored: A transaction conflict can crash C Xenstored [XSA-440,
CVE-2023-34323]
x86/AMD: missing IOMMU TLB flushing [XSA-442, CVE-2023-34326]
Multiple vulnerabilities in libfsimage disk handling [XSA-443,
CVE-2023-34325]
x86/AMD: Debug Mask handling [XSA-444, CVE-2023-34327,
CVE-2023-34328]
matrix-synapse-1.94.0-2.fc38
Read Time:7 Second
FEDORA-2023-c3c8cc5f8b
Packages in this update:
matrix-synapse-1.94.0-2.fc38
Update description:
Update to v1.94.0 (CVE-2023-45129)
matrix-synapse-1.94.0-2.fc39
Read Time:7 Second
FEDORA-2023-4d4c73a8f0
Packages in this update:
matrix-synapse-1.94.0-2.fc39
Update description:
Update to v1.94.0 (CVE-2023-45129)
Curl Releases Fixes For High-Severity Vulnerability
Read Time:5 Second
The flaw impacts curl and libcurl, causing SOCKS5 proxy handshake to suffer heap buffer overflow
USN-6429-2: curl vulnerability
Read Time:19 Second
USN-6429-1 fixed a vulnerability in curl. This update provides
the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS
and Ubuntu 18.04 LTS.
Original advisory details:
It was discovered that curl incorrectly handled cookies when an application
duplicated certain handles. A local attacker could possibly create a cookie
file and inject arbitrary cookies into subsequent connections.
(CVE-2023-38546)
US Government Issues Open-Source Security Guidance for Critical Infrastructure
Read Time:5 Second
The recommendations are designed to reduce the life-safety implications of cyber incidents in ICS environments
That day you find you’re suddenly in charge of Facebook’s official UK account
Read Time:7 Second
Facebook’s official UK account was compromised on Friday evening by a cricket lover, who was seemingly just as surprised as the rest of us…