Read Time:9 Second
FEDORA-2024-82a696ca59
Packages in this update:
python3.12-3.12.8-1.fc40
python3-docs-3.12.8-1.fc40
Update description:
Update to 3.12.8
Daily Archives: December 4, 2024
python3.13-3.13.1-1.fc42
Read Time:17 Second
FEDORA-2024-3f975b9c0e
Packages in this update:
python3.13-3.13.1-1.fc42
Update description:
Automatic update for python3.13-3.13.1-1.fc42.
Changelog
* Tue Dec 3 2024 Charalampos Stratakis <cstratak@redhat.com> – 3.13.1-1
– Update to 3.13.1
– Security fix for CVE-2024-9287
– Fixes: rhbz#2321657
python3.12-3.12.8-1.fc41
Read Time:6 Second
FEDORA-2024-c403d16dce
Packages in this update:
python3.12-3.12.8-1.fc41
Update description:
Update to 3.12.8
python3.12-3.12.8-1.fc42
Read Time:17 Second
FEDORA-2024-5653a86c5a
Packages in this update:
python3.12-3.12.8-1.fc42
Update description:
Automatic update for python3.12-3.12.8-1.fc42.
Changelog
* Tue Dec 3 2024 Charalampos Stratakis <cstratak@redhat.com> – 3.12.8-1
– Update to 3.12.8
– Security fix for CVE-2024-9287
– Fixes: rhbz#2321656
USN-7137-1: recutils vulnerabilities
Read Time:38 Second
It was discovered that recutils incorrectly handled memory when parsing
comments with the recparser utility. An attacker could possibly use this
issue to cause a denial of service or run arbitrary commands.
(CVE-2021-46019, CVE-2021-46021, CVE-2021-46022)
It was discovered that recutils incorrectly handled memory when parsing CSV
files. An attacker could possibly use this issue to cause a denial of
service or run arbitrary commands. (CVE-2019-11637, CVE-2019-11638,
CVE-2019-11639, CVE-2019-11640)
It was discovered that recutils incorrectly handled memory when parsing
maliciously crafted recfiles. An attacker could possibly use this issue to
cause a denial of service. (CVE-2019-6455, CVE-2019-6456, CVE-2019-6457,
CVE-2019-6458, CVE-2019-6459, CVE-2019-6460)
USN-7136-2: Django vulnerability
Read Time:30 Second
USN-7136-1 fixed a vulnerability in Django. This update provides
the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.
Original advisory details:
jiangniao discovered that Django incorrectly handled the API to strip
tags. A remote attacker could possibly use this issue to cause Django to
consume resources, leading to a denial of service. (CVE-2024-53907)
Seokchan Yoon discovered that Django incorrectly handled HasKey lookups
when using Oracle. A remote attacker could possibly use this issue to
inject arbitrary SQL code. This issue only affected Ubuntu 24.04 LTS and
Ubuntu 24.10. (CVE-2024-53908)
AI chatbot startup WotNot leaks 346,000 files, including passports and medical records
Read Time:12 Second
Wotnot, An Indian AI startup that helps businesses build custom chatbots, has leaked almost 350,000 sensitive files after the data was left unsecured on the web.
Read more in my article on the Hot for Security blog.
USN-7136-1: Django vulnerabilities
Read Time:22 Second
jiangniao discovered that Django incorrectly handled the API to strip tags.
A remote attacker could possibly use this issue to cause Django to
consume resources, leading to a denial of service. (CVE-2024-53907)
Seokchan Yoon discovered that Django incorrectly handled HasKey lookups
when using Oracle. A remote attacker could possibly use this issue to
inject arbitrary SQL code. This issue only affected Ubuntu 24.04 LTS and
Ubuntu 24.10. (CVE-2024-53908)
Ransomware Costs Manufacturing Sector $17bn in Downtime
Read Time:5 Second
Ransomware attacks cost manufacturing $17bn in downtime since 2018, with $1.9m daily losses, according to Comparitech
FTC Safeguards US Consumers from Location Data Misuse
Read Time:6 Second
In a settlement announced on Tuesday, the FTC banned Gravy Analytics and Mobilewalla from selling sensitive location data