Guillaume Espanel, Pierre Libeau, Arnaud Morin and Damien Rannou
discovered that missing input sanitising in the handling of VMDK images
in OpenStack Compute (codenamed Nova) may result in information
disclosure.
Category Archives: Advisories
DSA-5336 glance – security update
Guillaume Espanel, Pierre Libeau, Arnaud Morin and Damien Rannou
discovered that missing input sanitising in the handling of VMDK images
in Glance, the OpenStack image registry and delivery service, may result
in information disclosure.
DSA-5335 openjdk-17 – security update
Several vulnerabilities have been discovered in the OpenJDK Java runtime,
which may result in denial of service or spoofing.
CVE-2016-15023
A vulnerability, which was classified as problematic, was found in SiteFusion Application Server up to 6.6.6. This affects an unknown part of the file getextension.php of the component Extension Handler. The manipulation leads to path traversal. Upgrading to version 6.6.7 is able to address this issue. The name of the patch is 49fff155c303d6cd06ce8f97bba56c9084bf08ac. It is recommended to upgrade the affected component. The identifier VDB-219765 was assigned to this vulnerability.
USN-5836-1: Vim vulnerabilities
It was discovered that Vim was not properly performing memory management
operations. An attacker could possibly use this issue to cause a denial
of service or execute arbitrary code. (CVE-2022-47024, CVE-2023-0049,
CVE-2023-0054, CVE-2023-0288, CVE-2023-0433)
CVE-2020-20402
Westbrookadmin portfolioCMS v1.05 allows attackers to bypass password validation and access sensitive information via session fixation.
pesign-116-1.fc37
FEDORA-2023-e77628f240
Packages in this update:
pesign-116-1.fc37
Update description:
New upstream release (116)
Fix CVE-2022-3560
This is a privilege escalation in the pesign-authorize script, which is now deprecated. There is no impact unless you are using pesign as a daemon in a signing server.
pesign-115-4.fc36
FEDORA-2023-5399953e3b
Packages in this update:
pesign-115-4.fc36
Update description:
Fix CVE-2022-3560
This is a privilege escalation in the pesign-authorize script, which is now deprecated. There is no impact unless you are using pesign as a daemon in a signing server.
USN-5835-3: Nova vulnerability
Guillaume Espanel, Pierre Libeau, Arnaud Morin, and Damien Rannou
discovered that Nova incorrectly handled VMDK image processing. An
authenticated attacker could possibly supply a specially crafted VMDK flat
image and obtain arbitrary files from the server containing sensitive
information.
USN-5834-1: Apache HTTP Server vulnerabilities
It was discovered that the Apache HTTP Server mod_dav module did not
properly handle specially crafted request headers. A remote attacker
could possibly use this issue to cause the process to crash, leading
to a denial of service. (CVE-2006-20001)
It was discovered that the Apache HTTP Server mod_proxy_ajp module did not
properly handle certain invalid Transfer-Encoding headers. A remote attacker
could possibly use this issue to perform an HTTP Request Smuggling attack.
(CVE-2022-36760)