USN-6661-1: OpenJDK 17 vulnerabilities

February 27, 2024

Read Time:1 Minute, 6 Second

Yi Yang discovered that the Hotspot component of OpenJDK 17 incorrectly
handled array accesses in the C1 compiler. An attacker could possibly
use this issue to cause a denial of service, execute arbitrary code or
bypass Java sandbox restrictions. (CVE-2024-20918)

It was discovered that the Hotspot component of OpenJDK 17 did not
properly verify bytecode in certain situations. An attacker could
possibly use this issue to bypass Java sandbox restrictions.
(CVE-2024-20919)

It was discovered that the Hotspot component of OpenJDK 17 had an
optimization flaw when generating range check loop predicates. An attacker
could possibly use this issue to cause a denial of service, execute
arbitrary code or bypass Java sandbox restrictions. (CVE-2024-20921)

Yakov Shafranovich discovered that OpenJDK 17 incorrectly handled ZIP
archives that have file and directory entries with the same name. An
attacker could possibly use this issue to bypass Java sandbox
restrictions. (CVE-2024-20932)

It was discovered that OpenJDK 17 could produce debug logs that contained
private keys used for digital signatures. An attacker could possibly use
this issue to obtain sensitive information. (CVE-2024-20945)

Hubert Kario discovered that the TLS implementation in OpenJDK 17 had a
timing side-channel and incorrectly handled RSA padding. A remote attacker
could possibly use this issue to recover sensitive information.
(CVE-2024-20952)

Advisories

suricata-6.0.16-1.fc38

February 27, 2024

Read Time:10 Second

FEDORA-2024-7b063bce0a

Packages in this update:

suricata-6.0.16-1.fc38

Update description:

This update fixes: CVE-2024-23835, CVE-2024-23836, CVE-2024-23837, CVE-2024-23839, CVE-2024-24568.

Advisories

suricata-6.0.16-1.fc39

February 27, 2024

Read Time:10 Second

FEDORA-2024-bd4eed8466

Packages in this update:

suricata-6.0.16-1.fc39

Update description:

This update fixes: CVE-2024-23835, CVE-2024-23836, CVE-2024-23837, CVE-2024-23839, CVE-2024-24568.

Advisories

suricata-6.0.16-1.el8

February 27, 2024

Read Time:10 Second

FEDORA-EPEL-2024-5d281b1780

Packages in this update:

suricata-6.0.16-1.el8

Update description:

This update fixes: CVE-2024-23835, CVE-2024-23836, CVE-2024-23837, CVE-2024-23839, CVE-2024-24568.

Advisories

suricata-6.0.16-1.el9

February 27, 2024

Read Time:10 Second

FEDORA-EPEL-2024-ad53379349

Packages in this update:

suricata-6.0.16-1.el9

Update description:

This update fixes: CVE-2024-23835, CVE-2024-23836, CVE-2024-23837, CVE-2024-23839, CVE-2024-24568.

Advisories

DSA-5633-1 knot-resolver – security update

February 27, 2024

Read Time:11 Second

It was discovered that malformed DNSSEC records within a DNS zone could
result in denial of service against Knot Resolver, a caching, DNSSEC-
validating DNS resolver.

https://security-tracker.debian.org/tracker/DSA-5633-1

Advisories

USN-6659-1: libde265 vulnerabilities

February 26, 2024

Read Time:49 Second

It was discovered that libde265 could be made to write out of bounds. If a
user or automated system were tricked into opening a specially crafted
file, an attacker could possibly use this issue to cause a denial of
service or execute arbitrary code. (CVE-2022-43244, CVE-2022-43249,
CVE-2022-43250, CVE-2022-47665, CVE-2023-25221)

It was discovered that libde265 could be made to read out of bounds. If a
user or automated system were tricked into opening a specially crafted
file, an attacker could possibly use this issue to cause a denial of
service. (CVE-2022-43245)

It was discovered that libde265 could be made to dereference invalid
memory. If a user or automated system were tricked into opening a specially
crafted file, an attacker could possibly use this issue to cause a denial
of service. (CVE-2023-24751, CVE-2023-24752, CVE-2023-24754,
CVE-2023-24755, CVE-2023-24756, CVE-2023-24757, CVE-2023-24758)

News

Booking.com refund request? It might be an Agent Tesla malware attack

February 26, 2024

Read Time:13 Second

Always be wary of opening unsolicited attachments – they might harbour malware.

That’s a message that is being strongly underlined once again, following the discovery of a cybercrime campaign that is sending out poisoned PDF files – pretending they are associated with hotel reservations.

News

White House Urges Tech Industry to Eliminate Memory Safety Vulnerabilities

February 26, 2024

Read Time:8 Second

A new White House report has urged software and hardware developers to adopt memory safe programming languages, and eliminate one of the most pervasive classes of bugs

News

CISA Issues Alert on APT29’s Cloud Infiltration Tactics

February 26, 2024

Read Time:7 Second

Known as Midnight Blizzard, the Dukes or Cozy Bear, the group has been identified as a Russian entity likely operating under the SVR

Cyber Security News

Monthly Archives: February 2024

USN-6661-1: OpenJDK 17 vulnerabilities

suricata-6.0.16-1.fc38

FEDORA-2024-7b063bce0a

Packages in this update:

Update description:

suricata-6.0.16-1.fc39

FEDORA-2024-bd4eed8466

Packages in this update:

Update description:

suricata-6.0.16-1.el8

FEDORA-EPEL-2024-5d281b1780

Packages in this update:

Update description:

suricata-6.0.16-1.el9

FEDORA-EPEL-2024-ad53379349

Packages in this update:

Update description:

DSA-5633-1 knot-resolver – security update

USN-6659-1: libde265 vulnerabilities

Booking.com refund request? It might be an Agent Tesla malware attack

White House Urges Tech Industry to Eliminate Memory Safety Vulnerabilities

CISA Issues Alert on APT29’s Cloud Infiltration Tactics

News, Advisories and much more