Read Time:55 Second

FEDORA-EPEL-2023-2455ae47ae

Packages in this update:

godot-3.1.2-2.el7

Update description:

Backports some fixes to reported security vulnerabilities in Godot’s TGA loader, and the tinyexr dependency.

CVE-2021-26825 – An integer overflow issue exists in Godot Engine up to v3.2 that can be triggered when loading specially crafted.TGA image files. The vulnerability exists in ImageLoaderTGA::load_image() function at line: const size_t buffer_size = (tga_header.image_width * tga_header.image_height) * pixel_size; The bug leads to Dynamic stack buffer overflow. Depending on the context of the application, attack vector can be local or remote, and can lead to code execution and/or system crash.

CVE-2021-26826 – A stack overflow issue exists in Godot Engine up to v3.2 and is caused by improper boundary checks when loading .TGA image files. Depending on the context of the application, attack vector can be local or remote, and can lead to code execution and/or system crash.

CVE-2022-38529 – tinyexr commit 0647fb3 was discovered to contain a heap-buffer overflow via the component rleUncompress.

Friday Squid Blogging: Squid Game Season Two Teaser

Clever Social Engineering Attack Using Captchas

US Cyberspace Solarium Commission Outlines Ten New Cyber Policy Priorities

Cybersecurity Skills Gap Leaves Cloud Environments Vulnerable

Going for Gold: HSBC Approves Quantum-Safe Technology for Tokenized Bullions

This Windows PowerShell Phish Has Scary Potential

Infostealers Cause Surge in Ransomware Attacks, Just One in Three Recover Data

FBI Shuts Down Chinese Botnet

Western Agencies Warn Risk from Chinese-Controlled Botnet

godot-3.1.2-2.el7

FEDORA-EPEL-2023-2455ae47ae

Packages in this update:

Update description:

USN-6992-2: Firefox regressions

GLSA 202409-07: Rust: Multiple Vulnerabilities

GLSA 202409-06: file: Stack Buffer Overread

GLSA 202409-05: PJSIP: Heap Buffer Overflow

GLSA 202409-04: calibre: Multiple Vulnerabilities

GLSA 202409-03: GPL Ghostscript: Multiple Vulnerabilities