Read Time:8 Second
FEDORA-2023-30e81e5293
Packages in this update:
c-ares-1.19.0-1.fc36
Update description:
Update to 1.19.0. Fixes CVE-2022-4904.
Yearly Archives: 2023
flatpak-runtime-f37-3720230216035716.1 flatpak-sdk-f37-3720230216035716.1
Read Time:19 Second
FEDORA-FLATPAK-2023-41da5c11ed
Packages in this update:
flatpak-runtime-f37-3720230216035716.1
flatpak-sdk-f37-3720230216035716.1
Update description:
Updated flatpak runtime and SDK, including latest Fedora 37 security and bug-fix errata.
Specifically, one of the updated packages is nss 3.88.1 that is required by latest thunderbird 102.8.0 flatpak: https://bodhi.fedoraproject.org/updates/FEDORA-FLATPAK-2023-39d93f840d
Samsung Launches Message Guard to Protect Users From Cyber-Threats
Read Time:5 Second
The feature provides a sandbox layer isolating some image files from the rest of the device
CVE-2015-10081
Read Time:23 Second
A vulnerability was found in arnoldle submitByMailPlugin 1.0b2.9 and classified as problematic. This issue affects some unknown processing of the file edit_list.php. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. Upgrading to version 1.0b2.9a is able to address this issue. The name of the patch is a739f680a1623d22f52ff1371e86ca472e63756f. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-221495.
clamav-0.103.8-3.el7
Read Time:57 Second
FEDORA-EPEL-2023-466d8ae059
Packages in this update:
clamav-0.103.8-3.el7
Update description:
Fix daily.cvd file
Split out documentation into separate -doc sub-package
(#2128276) Please port your pcre dependency to pcre2
Explicit dependency on systemd since systemd-devel no longer has this dependency on F37+
(#2136977) not requires data(clamav) on clamav-libs
(#2023371) Add documentation to preserve user permissions of DatabaseOwner
ClamAV 0.103.8 is a critical patch release with the following fixes:
CVE-2023-20032https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20032: Fixed a possible remote code execution vulnerability in the HFS+ file parser. The issue affects versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier. Thank you to Simon Scannell for reporting this issue.
CVE-2023-20052https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20052: Fixed a possible remote information leak vulnerability in the DMG file parser. The issue affects versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier. Thank you to Simon Scannell for reporting this issue.
clamav-0.103.8-3.fc36
Read Time:57 Second
FEDORA-2023-3ba365d538
Packages in this update:
clamav-0.103.8-3.fc36
Update description:
Fix daily.cvd file
Split out documentation into separate -doc sub-package
(#2128276) Please port your pcre dependency to pcre2
Explicit dependency on systemd since systemd-devel no longer has this dependency on F37+
(#2136977) not requires data(clamav) on clamav-libs
(#2023371) Add documentation to preserve user permissions of DatabaseOwner
ClamAV 0.103.8 is a critical patch release with the following fixes:
CVE-2023-20032https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20032: Fixed a possible remote code execution vulnerability in the HFS+ file parser. The issue affects versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier. Thank you to Simon Scannell for reporting this issue.
CVE-2023-20052https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20052: Fixed a possible remote information leak vulnerability in the DMG file parser. The issue affects versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier. Thank you to Simon Scannell for reporting this issue.
GoDaddy Announces Source Code Stolen and Malware Installed in Breach
Read Time:3 Second
An unauthorized party caused the intermittent redirection of customer websites
plasma-workspace-5.27.0-4.fc37
Read Time:9 Second
FEDORA-2023-3b1fdbdfa1
Packages in this update:
plasma-workspace-5.27.0-4.fc37
Update description:
Add patch to disable global shortcuts at login for the SDDM Plasma Wayland configuration (#2171332)
Frebniis Malware Exploits Microsoft IIS Feature
Read Time:4 Second
The malware was used by a previously unknown threat actor against targets in Taiwan
CVE-2021-33621: A Critical Security Vulnerability in Ruby’s CGI
Read Time:1 Minute, 24 Second
A critical security vulnerability, known as CVE-2021-33621, has been discovered in Ruby’s Common Gateway Interface (CGI) that could potentially put millions of users at risk. In this article, we’ll explore what CVE-2021-33621 is, what it affects, its CVSS score, and how you can protect yourself from it.
What is CVE-2021-33621?
CVE-2021-33621 is a security vulnerability in Ruby’s CGI that allows HTTP header injection and response splitting. This vulnerability could potentially be exploited by attackers to perform cross-site scripting (XSS) attacks, steal sensitive data, or execute arbitrary code on a user’s system.
What does CVE-2021-33621 affect?
According to the Ruby vendor’s website, the vulnerability affects applications that use the CGI module and are running the following versions:
- cgi gem 0.3.3 or earlier
- cgi gem 0.2.1 or earlier
- cgi gem 0.1.1, 0.1.0.1, or 0.1.0
CVSS Score: The CVSS score for CVE-2021-33621 is 9.8, indicating that it is a critical vulnerability that requires immediate attention.
References: You can find more information about CVE-2021-33621 on the MITRE website (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33621) and the software vendor’s website.
How can you protect yourself from CVE-2021-33621?
To protect yourself from this vulnerability, it is recommended that you review your code to ensure that untrusted input is not being passed to any CGI functions. It is also recommended that you upgrade to a patched version of Ruby as soon as possible. You can find more information about the vulnerability and the patches on the MITRE website and the Ruby vendor’s website.