USN-5825-2: PAM regressions

Read Time:18 Second

USN-5825-1 fixed vulnerabilities in PAM. Unfortunately that update was
incomplete and could introduce a regression. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

It was discovered that PAM did not correctly restrict login from an IP
address that is not resolvable via DNS. An attacker could possibly use this
issue to bypass authentication.

WP Engine Reprieve

I’ve heard from WP Engine customers that they are frustrated that WP Engine hasn’t been able to make updates, plugin...

September 27, 2024

aws-2020-12.1.fc39

FEDORA-2024-d940f25a53 Packages in this update: aws-2020-12.1.fc39 Update description: CVE-2024-41708: Ada Web Server did not use a cryptographically secure pseudorandom number...

September 27, 2024

aws-2020-16.1.fc40

FEDORA-2024-63f98f8c60 Packages in this update: aws-2020-16.1.fc40 Update description: CVE-2024-41708: Ada Web Server did not use a cryptographically secure pseudorandom number...

September 27, 2024

Ivanti Virtual Traffic Manager (vTM ) Authentication Bypass Vulnerability (CVE-2024-7593)

What is the Vulnerability?Ivanti Virtual Traffic Manager (vTM), a software application used to manage and optimize the delivery of applications...

September 27, 2024

ZDI-24-1310: Lenovo Service Bridge Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Lenovo Service Bridge. User interaction is required...

September 27, 2024

DSA-5777-1 booth – security update

It was discovered that the Booth cluster ticket manager failed to correctly validate some authentication hashes. https://security-tracker.debian.org/tracker/DSA-5777-1 Read More

September 27, 2024

Squid Fishing in Japan

Deepfake Ukrainian diplomat targeted US senator on Zoom call

Governments Urge Improved Security and Resilience for Undersea Cables

Ireland’s DPC Hits Meta with €91 Million Penalty for GDPR Violation

US Sanctions Crypto Exchanges for Facilitating Russian Cybercrime

NIST Recommends Some Common-Sense Password Rules

Man Arrested Over UK Railway Station Wi-Fi Hack

Russian Hackers Target Ukrainian Servicemen via Messaging Apps

Data Breach at MC2 Data Leaves 100 Million at Risk of Fraud

WP Engine Reprieve

aws-2020-12.1.fc39

aws-2020-16.1.fc40

Ivanti Virtual Traffic Manager (vTM ) Authentication Bypass Vulnerability (CVE-2024-7593)

ZDI-24-1310: Lenovo Service Bridge Command Injection Remote Code Execution Vulnerability

DSA-5777-1 booth – security update