Two vulnerabilities were discovered in rails, the Ruby based server-side
MVC web application framework, which could lead to XSS and DOM based
cross-site scripting (CRS).
Yearly Archives: 2023
mod_security-2.9.7-1.fc38
FEDORA-2023-bc61f7a145
Packages in this update:
mod_security-2.9.7-1.fc38
Update description:
new version 2.9.7
switch to PCRE2
mod_security-2.9.7-1.fc36
FEDORA-2023-8aa264d5c5
Packages in this update:
mod_security-2.9.7-1.fc36
Update description:
new version 2.9.7
switch to PCRE2
mod_security-2.9.7-1.fc37
FEDORA-2023-09f0496e60
Packages in this update:
mod_security-2.9.7-1.fc37
Update description:
new version 2.9.7
switch to PCRE2
mingw-freeimage-3.19.0-0.14.svn1889.fc36
FEDORA-2023-2682ede2ed
Packages in this update:
mingw-freeimage-3.19.0-0.14.svn1889.fc36
Update description:
Backport proposed fix for CVE-2021-33367.
freeimage-3.19.0-0.16.svn1889.fc37 mingw-freeimage-3.19.0-0.14.svn1889.fc37
FEDORA-2023-748f1d5710
Packages in this update:
freeimage-3.19.0-0.16.svn1889.fc37
mingw-freeimage-3.19.0-0.14.svn1889.fc37
Update description:
Backport proposed fix for CVE-2021-33367.
freeimage-3.19.0-0.16.svn1889.fc38 mingw-freeimage-3.19.0-0.14.svn1889.fc38
FEDORA-2023-bace76409a
Packages in this update:
freeimage-3.19.0-0.16.svn1889.fc38
mingw-freeimage-3.19.0-0.14.svn1889.fc38
Update description:
Backport proposed fix for CVE-2021-33367.
Fix FTBFS.
Russian cyberspies hit NATO and EU organizations with new malware toolset
The Polish government warns that a cyberespionage group linked to Russia’s intelligence services is targeting diplomatic and foreign ministries from NATO and EU member states in an ongoing campaign that uses previously undocumented malware payloads. The group, known in the security industry as APT29, Cozy Bear, and NOBELIUM, is believed to be part of Russia’s Foreign Intelligence Service (SVR) and is the group behind the 2020 supply chain attack against software company SolarWinds that led to the compromise of thousands of organizations worldwide.
USN-6018-1: Apport vulnerability
Chen Lu, Lei Wang, and YiQi Sun discovered a privilege escalation
vulnerability in apport-cli when viewing crash reports and unprivileged
users are allowed to run sudo less. A local attacker on a specially
configured system could use this to escalate their privilege.
USN-6019-1: Flask-CORS vulnerability
It was discovered that Flask-CORS did not properly escape paths before
evaluating resource rules. An attacker could possibly use this to
expose sensitive information.