Daily Archives: April 5, 2025

Advisories

rust-below-0.9.0-1.el8

Read Time:26 Second

FEDORA-EPEL-2025-ae12e02519

Packages in this update:

rust-below-0.9.0-1.el8

Update description:

A privilege escalation vulnerability existed in the Below service prior to v0.9.0 due to the creation of a world-writable directory at /var/log/below. This could have allowed local unprivileged users to escalate to root privileges through symlink attacks that manipulate files such as /etc/shadow.

https://www.cve.org/CVERecord?id=CVE-2025-27591
https://github.com/facebookincubator/below/security/advisories/GHSA-9mc5-7qhg-fp3w

Read More

Advisories

DSA-5893-1 tomcat10 – security update

Read Time:23 Second

A security vulnerability was found in Tomcat 10, a Java based web server and
servlet engine. A malicious user was able to view security sensitive files
and/or inject content into those files when writes were enabled for the default
servlet (disabled by default) and support for partial PUT was enabled
(default). Under certain circumstances, depending on the application in use,
remote code execution may have been possible.

https://security-tracker.debian.org/tracker/DSA-5893-1

Read More

Advisories

DSA-5894-1 jetty9 – security update

Read Time:22 Second

Jetty 9 is a Java based web server and servlet engine. Several security
vulnerabilities have been discovered which may allow remote attackers to cause
a denial of service by repeatedly sending crafted requests which can trigger
OutofMemory errors and exhaust the server’s memory.

CVE-2024-6762: In addition PushSessionCacheFilter and PushCacheFilter have been
deprecated. These classes should no longer be used in a production environment.

https://security-tracker.debian.org/tracker/DSA-5894-1

Read More