Read Time:8 Second
FEDORA-EPEL-2024-0ffe88f330
Packages in this update:
python39-jinja2-epel-3.1.3-1.el8.1
Update description:
Security fix for CVE-2024-22195
Daily Archives: January 11, 2024
python-jinja2-3.1.3-1.fc39
Read Time:7 Second
FEDORA-2024-6026572e7d
Packages in this update:
python-jinja2-3.1.3-1.fc39
Update description:
Security fix for CVE-2024-22195
python-jinja2-3.1.3-1.fc38
Read Time:7 Second
FEDORA-2024-604e4c3509
Packages in this update:
python-jinja2-3.1.3-1.fc38
Update description:
Security fix for CVE-2024-22195
USN-6579-1: Xerces-C++ vulnerability
Read Time:18 Second
It was discovered that Xerces-C++ was not properly handling memory
management operations when parsing XML data containing external DTDs,
which could trigger a use-after-free error. If a user or automated system
were tricked into processing a specially crafted XML document, an attacker
could possibly use this issue to cause a denial of service or execute
arbitrary code.
USN-6560-2: OpenSSH vulnerabilities
Read Time:38 Second
USN-6560-1 fixed several vulnerabilities in OpenSSH. This update provides
the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.
Original advisory details:
Fabian Bäumer, Marcus Brinkmann, Jörg Schwenk discovered that the SSH
protocol was vulnerable to a prefix truncation attack. If a remote attacker
was able to intercept SSH communications, extension negotiation messages
could be truncated, possibly leading to certain algorithms and features
being downgraded. This issue is known as the Terrapin attack. This update
adds protocol extensions to mitigate this issue. (CVE-2023-48795)
It was discovered that OpenSSH incorrectly handled user names or host names
with shell metacharacters. An attacker could possibly use this issue to
perform OS command injection. This only affected Ubuntu 18.04 LTS. (CVE-2023-51385)
USN-6578-1: .NET vulnerabilities
Read Time:19 Second
Vishal Mishra and Anita Gaud discovered that .NET did not properly
validate X.509 certificates with malformed signatures. An attacker
could possibly use this issue to bypass an application’s typical
authentication logic.
(CVE-2024-0057)
Morgan Brown discovered that .NET did not properly handle requests from
unauthenticated clients. An attacker could possibly use this issue to
cause a denial of service.
(CVE-2024-21319)
CIS Benchmarks January 2024 Update
Read Time:6 Second
Here is an overview of the CIS Benchmarks that the Center for Internet Security updated or released for January 2024.
1.3 Million FNF Customers’ Data Potentially Exposed in Ransomware Attack
Read Time:7 Second
Fidelity National Financial revealed that the ransomware attack last year potentially impacted 1.3 million customers data in an updated SEC filing
Mandiant’s X Account Was Hacked in Brute-Force Password Attack
Read Time:5 Second
Mandiant has shared its findings following X account hijacking, firm blames misconfigured 2FA and X’s policy change
Pharmacies Giving Patient Records to Police without Warrants
Read Time:6 Second
Add pharmacies to the list of industries that are giving private data to the police without a warrant.