USN-6675-1: ImageProcessing vulnerability

Read Time:13 Second

It was discovered that ImageProcessing incorrectly handled series of operations
that are coming from unsanitised inputs. If a user or an automated system were
tricked into opening a specially crafted input file, a remote attacker could
possibly use this issue to execute arbitrary code.

Read More

python-fastapi-0.99.0-7.fc38 python-multipart-0.0.7-1.fc38

Read Time:20 Second

FEDORA-2024-09c7f715c9

Packages in this update:

python-fastapi-0.99.0-7.fc38
python-multipart-0.0.7-1.fc38

Update description:

python-multipart 0.0.7 (2024-02-03)

Refactor header option parser to use the standard library instead of a custom RegEx #75.

Fixes a denial of service vulnerability, GHSA-qf9m-vfgh-m389, initially reported in FastAPI but applicable to other libraries and applications.

Read More

python-fastapi-0.103.0-10.fc39 python-multipart-0.0.7-1.fc39

Read Time:20 Second

FEDORA-2024-2e802cdb4b

Packages in this update:

python-fastapi-0.103.0-10.fc39
python-multipart-0.0.7-1.fc39

Update description:

python-multipart 0.0.7 (2024-02-03)

Refactor header option parser to use the standard library instead of a custom RegEx #75.

Fixes a denial of service vulnerability, GHSA-qf9m-vfgh-m389, initially reported in FastAPI but applicable to other libraries and applications.

Read More

The Insecurity of Video Doorbells

Read Time:19 Second

Consumer Reports has analyzed a bunch of popular Internet-connected video doorbells. Their security is terrible.

First, these doorbells expose your home IP address and WiFi network name to the internet without encryption, potentially opening your home network to online criminals.

[…]

Anyone who can physically access one of the doorbells can take over the device—no tools or fancy hacking skills needed.

Read More