Posted by Rodolfo Tavares via Fulldisclosure on Jan 15

=====[ Tempest Security Intelligence – ADV-10/2024
]==========================

Bruno IDE Desktop prior to 1.29.0

Author: Rodolfo Tavares

Tempest Security Intelligence – Recife, Pernambuco – Brazil

=====[ Table of Contents ]==================================================

Overview
Detailed Description
Timeline of Disclosure
Thanks & Acknowledgements
References

=====[ Vulnerability Information…

Read More

Posted by Thomas Weber | CyberDanube via Fulldisclosure on Jan 15

CyberDanube Security Research 20250107-0
——————————————————————————-
title| Multiple Vulnerabilities in ABB AC500v3
product| ABB AC500v3
vulnerable version| <=3.7.0.569
fixed version| 3.8.0
CVE number| CVE-2024-12429, CVE-2024-12430
impact| High
homepage| https://global.abb
found| 2024-09-03…

Read More

Posted by Asterisk Development Team via Fulldisclosure on Jan 15

The Asterisk Development Team would like to announce security release
Certified Asterisk 20.7-cert4.

The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/certified-20.7-cert4
and
https://downloads.asterisk.org/pub/telephony/certified-asterisk

Repository: https://github.com/asterisk/asterisk
Tag: certified-20.7-cert4

## Change Log for Release asterisk-certified-20.7-cert4

###…

Read More

Posted by Asterisk Development Team via Fulldisclosure on Jan 15

The Asterisk Development Team would like to announce security release
Certified Asterisk 18.9-cert13.

The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/certified-18.9-cert13
and
https://downloads.asterisk.org/pub/telephony/certified-asterisk

Repository: https://github.com/asterisk/asterisk
Tag: certified-18.9-cert13

## Change Log for Release asterisk-certified-18.9-cert13

###…

Read More

Posted by Asterisk Development Team via Fulldisclosure on Jan 15

The Asterisk Development Team would like to announce security release
Asterisk 22.1.1.

The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/22.1.1
and
https://downloads.asterisk.org/pub/telephony/asterisk

Repository: https://github.com/asterisk/asterisk
Tag: 22.1.1

## Change Log for Release asterisk-22.1.1

### Links:

– [Full ChangeLog](…

Read More

Posted by Asterisk Development Team via Fulldisclosure on Jan 15

The Asterisk Development Team would like to announce security release
Asterisk 18.26.1.

The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/18.26.1
and
https://downloads.asterisk.org/pub/telephony/asterisk

Repository: https://github.com/asterisk/asterisk
Tag: 18.26.1

## Change Log for Release asterisk-18.26.1

### Links:

– [Full ChangeLog](…

Read More

Posted by Asterisk Development Team on Jan 15

The Asterisk Development Team would like to announce security release
Asterisk 21.6.1.

The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/21.6.1
and
https://downloads.asterisk.org/pub/telephony/asterisk

Repository: https://github.com/asterisk/asterisk
Tag: 21.6.1

## Change Log for Release asterisk-21.6.1

### Links:

– [Full ChangeLog](…

Read More

Posted by Asterisk Development Team on Jan 15

The Asterisk Development Team would like to announce security release
Asterisk 20.11.1.

The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/20.11.1
and
https://downloads.asterisk.org/pub/telephony/asterisk

Repository: https://github.com/asterisk/asterisk
Tag: 20.11.1

## Change Log for Release asterisk-20.11.1

### Links:

– [Full ChangeLog](…

Read More

What are the Vulnerabilities?Six security vulnerabilities have been disclosed in the popular Rsync tool, an open-source file synchronization and data transferring tool utilized for its ability to perform incremental transfers, reducing data transfer times and bandwidth usage. Several popular backup software such as Rclone, DeltaCopy, and ChronoSync use Rsync for file synchronization. The vulnerabilities are present within versions 3.3.0 and below and includes heap-buffer overflow, information disclosure, file leak, external directory file-write, and symbolic-link race condition. CVE-2024-12084- Heap-buffer overflow in Rsync due to improper checksum length handling CVE-2024-12085- Information leak via uninitialized stack contents CVE-2024-12086- Rsync server leaks arbitrary client files CVE-2024-12087- Path traversal vulnerability in Rsync CVE-2024-12088- Safe-links option bypass that leads to path traversal CVE-2024-12747- Race condition in Rsync when handling symbolic linksCERT/CC also mentioned that an attacker could combine CVE-2024-12084 and CVE-2024-12085 to achieve arbitrary code execution on a client that has a Rsync server running. Read more at VU#952657What is the recommended Mitigation?Users are advised to apply the latest patches available at GitHub – RsyncProjectWhat FortiGuard Coverage is available?FortiGuard recommends users to apply the fix provided by the vendor and follow any mitigation as mentioned on VU#952657FortiGuard protection is being reviewed, and this Threat Signal will be updated accordingly as it becomes available.The FortiGuard Incident Response team can be engaged to help with any suspected compromise.

Read More

FEDORA-EPEL-2025-90c1787ffb

Packages in this update:

vaultwarden-1.32.7-2.el9

Update description:

Update to 1.32.7

Fix CVE-2024-56335
Fix CVE-2024-55226
Fix CVE-2024-55225
Fix CVE-2024-55224

Read More