Hugo van Kemenade discovered that Pillow was not properly performing
bounds checks when processing an ICC file, which could lead to a buffer
overflow. If a user or automated system were tricked into processing a
specially crafted ICC file, an attacker could possibly use this issue
to cause a denial of service or execute arbitrary code.
Daily Archives: April 22, 2024
NCSC Announces PwC’s Richard Horne as New CEO
The UK’s National Cyber Security Centre will see Richard Horne take over as its new boss in the autumn
sssd-2.9.4-7.fc41
FEDORA-2024-4e850a0f86
Packages in this update:
sssd-2.9.4-7.fc41
Update description:
Automatic update for sssd-2.9.4-7.fc41.
Changelog
* Fri Apr 19 2024 Pavel Březina <pbrezina@redhat.com> – 2.9.4-7
– Fix CVE-2023-3758 (rhbz#2275905)
MITRE Reveals Ivanti Breach By Nation State Actor
Non-profit MITRE says a sophisticated state group breached its network via two chained Ivanti zero-days
sssd-2.9.4-7.fc40
FEDORA-2024-3798818c82
Packages in this update:
sssd-2.9.4-7.fc40
Update description:
Fix CVE-2023-3758 https://bugzilla.redhat.com/show_bug.cgi?id=2275905
sssd-2.9.4-2.fc39
FEDORA-2024-78240de990
Packages in this update:
sssd-2.9.4-2.fc39
Update description:
Fix CVE-2023-3758 https://bugzilla.redhat.com/show_bug.cgi?id=2275905
sssd-2.9.4-2.fc38
FEDORA-2024-44602bead8
Packages in this update:
sssd-2.9.4-2.fc38
Update description:
Fix CVE-2023-3758 https://bugzilla.redhat.com/show_bug.cgi?id=2275905
ZDI-24-369: Google cAdvisor REST API Improper Access Control Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Google cAdvisor. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 5.3.
nextcloud-28.0.3-1.fc38
FEDORA-2024-c27e97ca79
Packages in this update:
nextcloud-28.0.3-1.fc38
Update description:
update to 28.0.3
fix CVE-2024-22403
DSA-5672-1 openjdk-17 – security update
Several vulnerabilities have been discovered in the OpenJDK Java runtime,
which may result in denial of service or information disclosure.