USN-6050-2: Git vulnerabilities

Read Time:24 Second

USN-6050-1 fixed several vulnerabilities in Git. This update provides
the corresponding updates for CVE-2023-25652 and CVE-2023-29007 on
Ubuntu 16.04 LTS.

Original advisory details:

It was discovered that Git incorrectly handled certain commands.
An attacker could possibly use this issue to overwrite paths.
(CVE-2023-25652)

André Baptista and Vítor Pinho discovered that Git incorrectly handled
certain configurations. An attacker could possibly use this issue
to achieve arbitrary configuration injection. (CVE-2023-29007)

USN-7199-1: xmltok library vulnerabilities

It was discovered that Expat, contained within the xmltok library, incorrectly handled malformed XML data. If a user or application...

January 13, 2025

ZDI-25-027: (Pwn2Own) Google Chrome VideoFrame Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Google Chrome. User interaction is required to...

January 12, 2025

stb-0-0.50.20241002git31707d1.el8

FEDORA-EPEL-2025-f5725d94b3 Packages in this update: stb-0-0.50.20241002git31707d1.el8 Update description: Add another patch for the root cause of CVE-2021-45340. We already have...

January 11, 2025

DSA-5842-1 openafs – security update

Several vulnerabilities were discovered in OpenAFS, an implementation of the AFS distributed filesystem, which may result in theft of credentials...

January 11, 2025

USN-7169-5: Linux kernel (Real-time) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This...

January 10, 2025

stb-0^20241002git31707d1-4.el9

FEDORA-EPEL-2025-75d8605b8c Packages in this update: stb-0^20241002git31707d1-4.el9 Update description: Add another patch for the root cause of CVE-2021-45340. We already have...

January 10, 2025

Friday Squid Blogging: Cotton-and-Squid-Bone Sponge

Apps That Are Spying on Your Location

Cybercriminals Use Fake CrowdStrike Job Offers to Distribute Cryptominer

Slovakia Hit by Historic Cyber-Attack on Land Registry

Canadian man loses a cryptocurrency fortune to scammers – here’s how you can stop it happening to you

Medusind Breach Exposes Sensitive Patient Data

Fake PoC Exploit Targets Security Researchers with Infostealer

Smashing Security podcast #399: Honey in hot water, and reset your devices

Space Bears ransomware: what you need to know