USN-7340-1: OpenVPN vulnerabilities

Read Time:31 Second

It was discovered that OpenVPN did not perform proper input validation
when generating a TLS key under certain configuration, which could lead to
a buffer overflow. An attacker could possibly use this issue to cause a
denial of service or execute arbitrary code. This issue only affected
Ubuntu 14.04 LTS, Ubuntu 16.04 LTS. (CVE-2017-12166)

Reynir Björnsson discovered that OpenVPN incorrectly handled certain
control channel messages with nonprintable characters. A remote attacker
could possibly use this issue to cause OpenVPN to consume resources, or
fill up log files with garbage, leading to a denial of service.
(CVE-2024-5594)

Smashing Security podcast #414: Zoom.. just one click and your data goes boom!

DOGE Worker’s Code Supports NLRB Whistleblower

Regulating AI Behavior with a Hypervisor

Verizon’s DBIR Reveals 34% Jump in Vulnerability Exploitation

FBI Reveals “Staggering” $16.6bn Lost to Cybercrime in 2024

Vulnerability Exploitation and Credential Theft Now Top Initial Access Vectors

US Data Breach Victim Count Surges 26% Annually

M&S Grapples with Cyber Incident Affecting In-Store Services

Dutch Warn of “Whole of Society” Russian Cyber-Threat

USN-7340-1: OpenVPN vulnerabilities

Business Logic Flaw: Price Manipulation – AlegroCartv1.2.9

Stored XSS in “Message” Functionality – AlegroCartv1.2.9

XSS via SVG Image Upload – AlegroCartv1.2.9

BBOT 2.1.0 – Local Privilege Escalation via Malicious Module Execution

USN-7454-1: libarchive vulnerabilities

USN-7453-1: Linux kernel (Real-time) vulnerabilities