Read Time:5 Second
The US government is taking TikTok to court for alleged violations of the COPPA regulation
Monthly Archives: August 2024
vim-9.1.660-1.fc39
Read Time:9 Second
FEDORA-2024-5e87ad4678
Packages in this update:
vim-9.1.660-1.fc39
Update description:
The newest upstream commit
Security fixes for CVE-2024-41957, CVE-2024-41965
vim-9.1.660-1.fc40
Read Time:9 Second
FEDORA-2024-fe5420ed3f
Packages in this update:
vim-9.1.660-1.fc40
Update description:
The newest upstream commit
Security fixes for CVE-2024-41965, CVE-2024-41957
APT Group StormBamboo Attacks ISP Customers Via DNS Poisoning
Read Time:5 Second
Volexity claims the StormBamboo group compromised an ISP to push malicious software updates to customers
roundcubemail-1.6.8-1.fc40
Read Time:1 Minute, 0 Second
FEDORA-2024-2e908e829a
Packages in this update:
roundcubemail-1.6.8-1.fc40
Update description:
Version 1.6.8
Managesieve: Protect special scripts in managesieve_kolab_master mode
Fix newmail_notifier notification focus in Chrome (#9467)
Fix fatal error when parsing some TNEF attachments (#9462)
Fix double scrollbar when composing a mail with many plain text lines (#7760)
Fix decoding mail parts with multiple base64-encoded text blocks (#9290)
Fix bug where some messages could get malformed in an import from a MBOX file (#9510)
Fix invalid line break characters in multi-line text in Sieve scripts (#9543)
Fix bug where “with attachment” filter could fail on some fts engines (#9514)
Fix bug where an unhandled exception was caused by an invalid image attachment (#9475)
Fix bug where a long subject title could not be displayed in some cases (#9416)
Fix infinite loop when parsing malformed Sieve script (#9562)
Fix bug where imap_conn_option’s ‘socket’ was ignored (#9566)
Fix XSS vulnerability in post-processing of sanitized HTML content CVE-2024-42009
Fix XSS vulnerability in serving of attachments other than HTML or SVG CVE-2024-42008
Fix information leak (access to remote content) via insufficient CSS filtering CVE-2024-42010
roundcubemail-1.6.8-1.fc39
Read Time:1 Minute, 0 Second
FEDORA-2024-b60eb661a4
Packages in this update:
roundcubemail-1.6.8-1.fc39
Update description:
Version 1.6.8
Managesieve: Protect special scripts in managesieve_kolab_master mode
Fix newmail_notifier notification focus in Chrome (#9467)
Fix fatal error when parsing some TNEF attachments (#9462)
Fix double scrollbar when composing a mail with many plain text lines (#7760)
Fix decoding mail parts with multiple base64-encoded text blocks (#9290)
Fix bug where some messages could get malformed in an import from a MBOX file (#9510)
Fix invalid line break characters in multi-line text in Sieve scripts (#9543)
Fix bug where “with attachment” filter could fail on some fts engines (#9514)
Fix bug where an unhandled exception was caused by an invalid image attachment (#9475)
Fix bug where a long subject title could not be displayed in some cases (#9416)
Fix infinite loop when parsing malformed Sieve script (#9562)
Fix bug where imap_conn_option’s ‘socket’ was ignored (#9566)
Fix XSS vulnerability in post-processing of sanitized HTML content CVE-2024-42009
Fix XSS vulnerability in serving of attachments other than HTML or SVG CVE-2024-42008
Fix information leak (access to remote content) via insufficient CSS filtering CVE-2024-42010
roundcubemail-1.5.8-1.el9
Read Time:22 Second
FEDORA-EPEL-2024-1b8e0ad5c2
Packages in this update:
roundcubemail-1.5.8-1.el9
Update description:
Version 1.5.8
Fix XSS vulnerability in post-processing of sanitized HTML content CVE-2024-42009
Fix XSS vulnerability in serving of attachments other than HTML or SVG CVE-2024-42008
Fix information leak (access to remote content) via insufficient CSS filtering CVE-2024-42010
Fix so install/update scripts do not require PEAR (#9037)
ZDI-24-1077: (0Day) (Pwn2Own) oFono QMI SMS Handling Out-Of-Bounds Read Information Disclosure Vulnerability
Read Time:12 Second
This vulnerability allows local attackers to disclose sensitive information on affected installations of oFono. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 3.3. The following CVEs are assigned: CVE-2024-7537.
ZDI-24-1078: (0Day) (Pwn2Own) oFono CUSD AT Command Stack-based Buffer Overflow Code Execution Vulnerability
Read Time:16 Second
This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-7538.
ZDI-24-1079: (0Day) (Pwn2Own) oFono CUSD Stack-based Buffer Overflow Code Execution Vulnerability
Read Time:16 Second
This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-7539.