Yair Zak discovered that Docker could unexpectedly forward DNS requests
from internal networks in an unexpected manner. An attacker could possibly
use this issue to exfiltrate data by encoding information in DNS queries
to controlled nameservers. This issue was only addressed in
Ubuntu 24.04 LTS. (CVE-2024-29018)
Cory Snider discovered that Docker did not properly handle authorization
plugin request processing. An attacker could possibly use this issue to
bypass authorization controls by forwarding API requests without their
full body, leading to unauthorized actions. (CVE-2024-41110)
More Stories
incus-6.8-1.fc41
FEDORA-2024-0912cd3ad9 Packages in this update: incus-6.8-1.fc41 Update description: Update to 6.8 to get various features and fixes Read More
USN-7177-1: YARA vulnerability
It was discovered that YARA did not properly sanitize its configuration settings. An attacker could potentially exploit this issue to...
USN-7169-2: Linux kernel (GCP) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This...
age-1.2.1-1.fc41
FEDORA-2024-4f08c1a90a Packages in this update: age-1.2.1-1.fc41 Update description: Update to 1.2.1 to fix https://github.com/FiloSottile/age/security/advisories/GHSA-32gq-x56h-299c security issue. Read More
USN-7172-1: libvpx vulnerability
It was discovered that libvpx did not properly handle certain malformed media files. If an application using libvpx opened a...
USN-7176-1: GStreamer Good Plugins vulnerabilities
Antonio Morales discovered that GStreamer Good Plugins incorrectly handled certain malformed media files. An attacker could use these issues to...