FEDORA-2023-41f41fbb69

Packages in this update:

unrealircd-6.1.4-1.fc38

Update description:

UnrealIRCd 6.1.4

This release fixes a crash issue with websockets in UnrealIRCd 6.1.0 – 6.1.3.

The full advisory with all details is available at: https://forums.unrealircd.org/viewtopic.php?t=9340

Fixes

Crash that can be triggered by users when Websockets are in use (a listen block with listen::options::websocket). This was assigned CVE-2023-50784.
In 6.1.3, Websockets were not working with Chrome and possibly other browsers.

Read More

FEDORA-EPEL-2023-33f7b7a10c

Packages in this update:

unrealircd-6.1.4-1.el7

Update description:

UnrealIRCd 6.1.4

This release fixes a crash issue with websockets in UnrealIRCd 6.1.0 – 6.1.3.

The full advisory with all details is available at: https://forums.unrealircd.org/viewtopic.php?t=9340

Fixes

Crash that can be triggered by users when Websockets are in use (a listen block with listen::options::websocket). This was assigned CVE-2023-50784.
In 6.1.3, Websockets were not working with Chrome and possibly other browsers.

Read More

FEDORA-EPEL-2023-6a67ef6626

Packages in this update:

unrealircd-6.1.4-1.el9

Update description:

UnrealIRCd 6.1.4

This release fixes a crash issue with websockets in UnrealIRCd 6.1.0 – 6.1.3.

The full advisory with all details is available at: https://forums.unrealircd.org/viewtopic.php?t=9340

Fixes

Crash that can be triggered by users when Websockets are in use (a listen block with listen::options::websocket). This was assigned CVE-2023-50784.
In 6.1.3, Websockets were not working with Chrome and possibly other browsers.

Read More

FEDORA-EPEL-2023-4cbae7b5bd

Packages in this update:

unrealircd-6.1.4-1.el8

Update description:

UnrealIRCd 6.1.4

This release fixes a crash issue with websockets in UnrealIRCd 6.1.0 – 6.1.3.

The full advisory with all details is available at: https://forums.unrealircd.org/viewtopic.php?t=9340

Fixes

Crash that can be triggered by users when Websockets are in use (a listen block with listen::options::websocket). This was assigned CVE-2023-50784.
In 6.1.3, Websockets were not working with Chrome and possibly other browsers.

Read More

Multiple vulnerabilities were discovered in FreeImage, a support library
for graphics image formats, which could result in the execution of
arbitrary code if malformed image files are processed.

https://security-tracker.debian.org/tracker/DSA-5579-1

Read More

The initial fix for CVE-2023-6377 as applied in DSA 5576-1 did not fully
fix the vulnerability. Updated packages correcting this issue including
the upstream merged commit are now available.

https://security-tracker.debian.org/tracker/DSA-5576-2

Read More

FEDORA-2023-0984b63b23

Packages in this update:

mingw-gstreamer1-1.22.7-1.fc38
mingw-gstreamer1-plugins-bad-free-1.22.7-1.fc38
mingw-gstreamer1-plugins-base-1.22.7-1.fc38
mingw-gstreamer1-plugins-good-1.22.7-1.fc38

Update description:

Update to 1.22.7, fixes CVE-2023-37327, CVE-2023-37328, CVE-2023-37329.

Read More

FEDORA-2023-692921aeb2

Packages in this update:

libheif-1.17.5-1.fc40

Update description:

Automatic update for libheif-1.17.5-1.fc40.

Changelog

* Fri Dec 15 2023 Dominik Mierzejewski <dominik@greysector.net> – 1.17.5-2
– Update to 1.17.5 (rhbz#2244583)
– Backport fixes for: CVE-2023-49460 (rhbz#2253575, rhbz#2253576)
CVE-2023-49462 (rhbz#2253567, rhbz#2253568)
CVE-2023-49463 (rhbz#2253565, rhbz#2253566)
CVE-2023-49464 (rhbz#2253562, rhbz#2253563)
– Simplify conditionals for rav1e and svt-av1 encoders
– Enable JPEG2000 and dav1d decoders/encoders

Read More

What is the Attack?
Multiple cyberthreat actors seen exploiting the authentication bypass flaw in JetBrains TeamCity that could lead to remote code execution. If compromised, access to a TeamCity server would provide malicious actors with access to the software developer’s source code, signing certificates, and the ability to manipulate software compilation and deployment processes. The malicious actors could further use to conduct supply chain operations.

What is the Vendor Solution?

JetBrains released patch on September 18, 2023 to fix the affected TeamCity software on version 2023.05.4, which can be found here: https://www.jetbrains.com/teamcity/download/other.html.

What FortiGuard Coverage is available?

FortiGuard Labs has an IPS signature “JetBrains.TeamCity.CVE-2023-42793.Authentication.Bypass” (with default action is set to “block”) in place and has released Antivirus signatures for the known and related malware to the campaigns targeting the vulnerability (CVE-2023-42793).

Read More