Daily Archives: February 14, 2024

Advisories

Wyrestorm Apollo VX20 / Incorrect Access Control – DoS / CVE-2024-25736

Read Time:21 Second

Posted by hyp3rlinx on Feb 13

[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/WYRESTORM_APOLLO_VX20_INCORRECT_ACCESS_CONTROL_DOS_CVE-2024-25736.txt
[+] twitter.com/hyp3rlinx
[+] ISR: ApparitionSec

[Vendor]
www.wyrestorm.com

[Product]
APOLLO VX20 < 1.3.58

[Vulnerability Type]
Incorrect Access Control (DOS)

[Affected Product Code Base]
APOLLO VX20 < 1.3.58, fixed in v1.3.58

[Affected…

Read More

Advisories

IBM i Access Client Solutions / Remote Credential Theft / CVE-2024-22318

Read Time:20 Second

Posted by hyp3rlinx on Feb 13

[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/IBMI_ACCESS_CLIENT_REMOTE_CREDENTIAL_THEFT_CVE-2024-22318.txt
[+] twitter.com/hyp3rlinx
[+] ISR: ApparitionSec

[Vendor]
www.ibm.com

[Product]
IBM i Access Client Solutions

[Versions]
All

[Remediation/Fixes]
None

[Vulnerability Type]
Remote Credential Theft

[CVE Reference]
CVE-2024-22318

[Security Issue]
IBM i…

Read More

Advisories

USN-6629-1: UltraJSON vulnerabilities

Read Time:28 Second

It was discovered that UltraJSON incorrectly handled certain input with
a large amount of indentation. An attacker could possibly use this issue
to crash the program, resulting in a denial of service. (CVE-2021-45958)

Jake Miller discovered that UltraJSON incorrectly decoded certain
characters. An attacker could possibly use this issue to cause key
confusion and overwrite values in dictionaries. (CVE-2022-31116)

It was discovered that UltraJSON incorrectly handled an error when
reallocating a buffer for string decoding. An attacker could possibly
use this issue to corrupt memory. (CVE-2022-31117)

Read More

Advisories

rust-ansitok-0.2.0-4.el9 rust-bat-0.24.0-2.el9 rust-cargo-c-0.9.27-4.el9 rust-eza-0.17.3-2.el9 rust-git-delta-0.16.5-9.el9 rust-git2-0.18.2-1.el9 rust-libgit2-sys-0.16.2-1.el9 rust-pore-0.1.10-3.el9 rust-shadow-rs-0.8.1-8.el9 rust-strip-ansi-escapes-0.2.0-2.el9 rust-vergen-5.1.17-8.el9 rust-vt100-0.15.2-2.el9 rust-vte-0.13.0-1.el9

Read Time:54 Second

FEDORA-EPEL-2024-2de74966ef

Packages in this update:

rust-ansitok-0.2.0-4.el9
rust-bat-0.24.0-2.el9
rust-cargo-c-0.9.27-4.el9
rust-eza-0.17.3-2.el9
rust-git2-0.18.2-1.el9
rust-git-delta-0.16.5-9.el9
rust-libgit2-sys-0.16.2-1.el9
rust-pore-0.1.10-3.el9
rust-shadow-rs-0.8.1-8.el9
rust-strip-ansi-escapes-0.2.0-2.el9
rust-vergen-5.1.17-8.el9
rust-vt100-0.15.2-2.el9
rust-vte-0.13.0-1.el9

Update description:

Update the git2 crate to version 0.18.2.
Update the libgit2-sys crate to version 0.16.2.

Version 0.16.2 of the libgit2-sys crate includes an update of the bundled copy of libgit2 to version 1.7.2 to address CVE-2024-24575 and CVE-2024-24577.

Since the libgit2 bindings cause applications that use them to statically link libgit2, this update also includes rebuilds of all affected applications.

Read More

Advisories

rust-asyncgit-0.24.3-3.fc38 rust-bat-0.24.0-3.fc38 rust-cargo-c-0.9.28-4.fc38 rust-eza-0.17.3-2.fc38 rust-git-absorb-0.6.11-3.fc38 rust-git-delta-0.16.5-9.fc38 rust-git2-0.18.2-1.fc38 rust-gitui-0.24.3-4.fc38 rust-libgit2-sys-0.16.2-1.fc38 rust-lsd-1.0.0-3.fc38 rust-pore-0.1.10-3.fc38 rust-pretty-git-prompt-0.2.1-20.fc38 rust-shadow-rs-0.8.1-8.fc38 rust-silver-2.0.1-7.fc38 rust-tokei-12.1.2-8.fc38 rust-vergen-5.1.17-8.fc38

Read Time:1 Minute, 0 Second

FEDORA-2024-993d3a78dd

Packages in this update:

rust-asyncgit-0.24.3-3.fc38
rust-bat-0.24.0-3.fc38
rust-cargo-c-0.9.28-4.fc38
rust-eza-0.17.3-2.fc38
rust-git2-0.18.2-1.fc38
rust-git-absorb-0.6.11-3.fc38
rust-git-delta-0.16.5-9.fc38
rust-gitui-0.24.3-4.fc38
rust-libgit2-sys-0.16.2-1.fc38
rust-lsd-1.0.0-3.fc38
rust-pore-0.1.10-3.fc38
rust-pretty-git-prompt-0.2.1-20.fc38
rust-shadow-rs-0.8.1-8.fc38
rust-silver-2.0.1-7.fc38
rust-tokei-12.1.2-8.fc38
rust-vergen-5.1.17-8.fc38

Update description:

Update the git2 crate to version 0.18.2.
Update the libgit2-sys crate to version 0.16.2.

Version 0.16.2 of the libgit2-sys crate includes an update of the bundled copy of libgit2 to version 1.7.2 to address CVE-2024-24575 and CVE-2024-24577.

Since the libgit2 bindings cause applications that use them to statically link libgit2, this update also includes rebuilds of all affected applications.

Read More

Advisories

rust-asyncgit-0.24.3-3.fc39 rust-bat-0.24.0-3.fc39 rust-cargo-c-0.9.28-4.fc39 rust-eza-0.17.3-2.fc39 rust-git-absorb-0.6.11-3.fc39 rust-git-delta-0.16.5-9.fc39 rust-git2-0.18.2-1.fc39 rust-gitui-0.24.3-4.fc39 rust-libgit2-sys-0.16.2-1.fc39 rust-lsd-1.0.0-3.fc39 rust-pore-0.1.10-3.fc39 rust-pretty-git-prompt-0.2.1-20.fc39 rust-shadow-rs-0.8.1-8.fc39 rust-silver-2.0.1-7.fc39 rust-tokei-12.1.2-8.fc39 rust-vergen-5.1.17-8.fc39

Read Time:1 Minute, 0 Second

FEDORA-2024-8ba389815f

Packages in this update:

rust-asyncgit-0.24.3-3.fc39
rust-bat-0.24.0-3.fc39
rust-cargo-c-0.9.28-4.fc39
rust-eza-0.17.3-2.fc39
rust-git2-0.18.2-1.fc39
rust-git-absorb-0.6.11-3.fc39
rust-git-delta-0.16.5-9.fc39
rust-gitui-0.24.3-4.fc39
rust-libgit2-sys-0.16.2-1.fc39
rust-lsd-1.0.0-3.fc39
rust-pore-0.1.10-3.fc39
rust-pretty-git-prompt-0.2.1-20.fc39
rust-shadow-rs-0.8.1-8.fc39
rust-silver-2.0.1-7.fc39
rust-tokei-12.1.2-8.fc39
rust-vergen-5.1.17-8.fc39

Update description:

Update the git2 crate to version 0.18.2.
Update the libgit2-sys crate to version 0.16.2.

Version 0.16.2 of the libgit2-sys crate includes an update of the bundled copy of libgit2 to version 1.7.2 to address CVE-2024-24575 and CVE-2024-24577.

Since the libgit2 bindings cause applications that use them to statically link libgit2, this update also includes rebuilds of all affected applications.

Read More

Advisories

rust-asyncgit-0.24.3-3.fc40 rust-bat-0.24.0-3.fc40 rust-cargo-c-0.9.28-4.fc40 rust-eza-0.17.3-2.fc40 rust-git-absorb-0.6.11-3.fc40 rust-git-delta-0.16.5-9.fc40 rust-git2-0.18.2-1.fc40 rust-gitui-0.24.3-4.fc40 rust-libgit2-sys-0.16.2-1.fc40 rust-lsd-1.0.0-3.fc40 rust-pore-0.1.10-3.fc40 rust-pretty-git-prompt-0.2.1-20.fc40 rust-shadow-rs-0.8.1-8.fc40 rust-silver-2.0.1-7.fc40 rust-tokei-12.1.2-8.fc40 rust-vergen-5.1.17-8.fc40

Read Time:1 Minute, 0 Second

FEDORA-2024-53685bdcb6

Packages in this update:

rust-asyncgit-0.24.3-3.fc40
rust-bat-0.24.0-3.fc40
rust-cargo-c-0.9.28-4.fc40
rust-eza-0.17.3-2.fc40
rust-git2-0.18.2-1.fc40
rust-git-absorb-0.6.11-3.fc40
rust-git-delta-0.16.5-9.fc40
rust-gitui-0.24.3-4.fc40
rust-libgit2-sys-0.16.2-1.fc40
rust-lsd-1.0.0-3.fc40
rust-pore-0.1.10-3.fc40
rust-pretty-git-prompt-0.2.1-20.fc40
rust-shadow-rs-0.8.1-8.fc40
rust-silver-2.0.1-7.fc40
rust-tokei-12.1.2-8.fc40
rust-vergen-5.1.17-8.fc40

Update description:

Update the git2 crate to version 0.18.2.
Update the libgit2-sys crate to version 0.16.2.

Version 0.16.2 of the libgit2-sys crate includes an update of the bundled copy of libgit2 to version 1.7.2 to address CVE-2024-24575 and CVE-2024-24577.

Since the libgit2 bindings cause applications that use them to statically link libgit2, this update also includes rebuilds of all affected applications.

Read More

Advisories

rust-asyncgit-0.24.3-3.fc41 rust-bat-0.24.0-3.fc41 rust-cargo-c-0.9.28-4.fc41 rust-eza-0.17.3-2.fc41 rust-git-absorb-0.6.11-3.fc41 rust-git-delta-0.16.5-9.fc41 rust-git2-0.18.2-1.fc41 rust-gitui-0.24.3-4.fc41 rust-libgit2-sys-0.16.2-1.fc41 rust-lsd-1.0.0-3.fc41 rust-pore-0.1.10-3.fc41 rust-pretty-git-prompt-0.2.1-20.fc41 rust-shadow-rs-0.8.1-8.fc41 rust-silver-2.0.1-7.fc41 rust-tokei-12.1.2-8.fc41 rust-vergen-5.1.17-8.fc41

Read Time:1 Minute, 0 Second

FEDORA-2024-401f10a92f

Packages in this update:

rust-asyncgit-0.24.3-3.fc41
rust-bat-0.24.0-3.fc41
rust-cargo-c-0.9.28-4.fc41
rust-eza-0.17.3-2.fc41
rust-git2-0.18.2-1.fc41
rust-git-absorb-0.6.11-3.fc41
rust-git-delta-0.16.5-9.fc41
rust-gitui-0.24.3-4.fc41
rust-libgit2-sys-0.16.2-1.fc41
rust-lsd-1.0.0-3.fc41
rust-pore-0.1.10-3.fc41
rust-pretty-git-prompt-0.2.1-20.fc41
rust-shadow-rs-0.8.1-8.fc41
rust-silver-2.0.1-7.fc41
rust-tokei-12.1.2-8.fc41
rust-vergen-5.1.17-8.fc41

Update description:

Update the git2 crate to version 0.18.2.
Update the libgit2-sys crate to version 0.16.2.

Version 0.16.2 of the libgit2-sys crate includes an update of the bundled copy of libgit2 to version 1.7.2 to address CVE-2024-24575 and CVE-2024-24577.

Since the libgit2 bindings cause applications that use them to statically link libgit2, this update also includes rebuilds of all affected applications.

Read More