FEDORA-EPEL-2024-0ffe88f330
Packages in this update:
python39-jinja2-epel-3.1.3-1.el8.1
Update description:
Security fix for CVE-2024-22195
python39-jinja2-epel-3.1.3-1.el8.1
Security fix for CVE-2024-22195
python-jinja2-3.1.3-1.fc39
Security fix for CVE-2024-22195
python-jinja2-3.1.3-1.fc38
Security fix for CVE-2024-22195
It was discovered that Xerces-C++ was not properly handling memory
management operations when parsing XML data containing external DTDs,
which could trigger a use-after-free error. If a user or automated system
were tricked into processing a specially crafted XML document, an attacker
could possibly use this issue to cause a denial of service or execute
arbitrary code.
USN-6560-1 fixed several vulnerabilities in OpenSSH. This update provides
the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.
Original advisory details:
Fabian Bäumer, Marcus Brinkmann, Jörg Schwenk discovered that the SSH
protocol was vulnerable to a prefix truncation attack. If a remote attacker
was able to intercept SSH communications, extension negotiation messages
could be truncated, possibly leading to certain algorithms and features
being downgraded. This issue is known as the Terrapin attack. This update
adds protocol extensions to mitigate this issue. (CVE-2023-48795)
It was discovered that OpenSSH incorrectly handled user names or host names
with shell metacharacters. An attacker could possibly use this issue to
perform OS command injection. This only affected Ubuntu 18.04 LTS. (CVE-2023-51385)
Vishal Mishra and Anita Gaud discovered that .NET did not properly
validate X.509 certificates with malformed signatures. An attacker
could possibly use this issue to bypass an application’s typical
authentication logic.
(CVE-2024-0057)
Morgan Brown discovered that .NET did not properly handle requests from
unauthenticated clients. An attacker could possibly use this issue to
cause a denial of service.
(CVE-2024-21319)
Here is an overview of the CIS Benchmarks that the Center for Internet Security updated or released for January 2024.
Fidelity National Financial revealed that the ransomware attack last year potentially impacted 1.3 million customers data in an updated SEC filing
Mandiant has shared its findings following X account hijacking, firm blames misconfigured 2FA and X’s policy change
Add pharmacies to the list of industries that are giving private data to the police without a warrant.