Read Time:1 Second
Post Content
Yearly Archives: 2024
DSA-5599-1 phpseclib – security update
Read Time:26 Second
Fabian Baeumer, Marcus Brinkmann and Joerg Schwenk discovered that the
SSH protocol is prone to a prefix truncation attack, known as the
“Terrapin attack”. This attack allows a MITM attacker to effect a
limited break of the integrity of the early encrypted SSH transport
protocol by sending extra messages prior to the commencement of
encryption, and deleting an equal number of consecutive messages
immediately after encryption starts.
Details can be found at https://terrapin-attack.com/
DSA-5600-1 php-phpseclib – security update
Read Time:26 Second
Fabian Baeumer, Marcus Brinkmann and Joerg Schwenk discovered that the
SSH protocol is prone to a prefix truncation attack, known as the
“Terrapin attack”. This attack allows a MITM attacker to effect a
limited break of the integrity of the early encrypted SSH transport
protocol by sending extra messages prior to the commencement of
encryption, and deleting an equal number of consecutive messages
immediately after encryption starts.
Details can be found at https://terrapin-attack.com/
DSA-5601-1 php-phpseclib3 – security update
Read Time:26 Second
Fabian Baeumer, Marcus Brinkmann and Joerg Schwenk discovered that the
SSH protocol is prone to a prefix truncation attack, known as the
“Terrapin attack”. This attack allows a MITM attacker to effect a
limited break of the integrity of the early encrypted SSH transport
protocol by sending extra messages prior to the commencement of
encryption, and deleting an equal number of consecutive messages
immediately after encryption starts.
Details can be found at https://terrapin-attack.com/
python39-jinja2-epel-3.1.3-1.el8.1
Read Time:8 Second
FEDORA-EPEL-2024-0ffe88f330
Packages in this update:
python39-jinja2-epel-3.1.3-1.el8.1
Update description:
Security fix for CVE-2024-22195
python-jinja2-3.1.3-1.fc39
Read Time:7 Second
FEDORA-2024-6026572e7d
Packages in this update:
python-jinja2-3.1.3-1.fc39
Update description:
Security fix for CVE-2024-22195
python-jinja2-3.1.3-1.fc38
Read Time:7 Second
FEDORA-2024-604e4c3509
Packages in this update:
python-jinja2-3.1.3-1.fc38
Update description:
Security fix for CVE-2024-22195
USN-6579-1: Xerces-C++ vulnerability
Read Time:18 Second
It was discovered that Xerces-C++ was not properly handling memory
management operations when parsing XML data containing external DTDs,
which could trigger a use-after-free error. If a user or automated system
were tricked into processing a specially crafted XML document, an attacker
could possibly use this issue to cause a denial of service or execute
arbitrary code.
USN-6560-2: OpenSSH vulnerabilities
Read Time:38 Second
USN-6560-1 fixed several vulnerabilities in OpenSSH. This update provides
the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.
Original advisory details:
Fabian Bäumer, Marcus Brinkmann, Jörg Schwenk discovered that the SSH
protocol was vulnerable to a prefix truncation attack. If a remote attacker
was able to intercept SSH communications, extension negotiation messages
could be truncated, possibly leading to certain algorithms and features
being downgraded. This issue is known as the Terrapin attack. This update
adds protocol extensions to mitigate this issue. (CVE-2023-48795)
It was discovered that OpenSSH incorrectly handled user names or host names
with shell metacharacters. An attacker could possibly use this issue to
perform OS command injection. This only affected Ubuntu 18.04 LTS. (CVE-2023-51385)
USN-6578-1: .NET vulnerabilities
Read Time:19 Second
Vishal Mishra and Anita Gaud discovered that .NET did not properly
validate X.509 certificates with malformed signatures. An attacker
could possibly use this issue to bypass an application’s typical
authentication logic.
(CVE-2024-0057)
Morgan Brown discovered that .NET did not properly handle requests from
unauthenticated clients. An attacker could possibly use this issue to
cause a denial of service.
(CVE-2024-21319)