Posted by Aki Tuomi via Fulldisclosure on Aug 17

Affected product: Dovecot IMAP Server
Internal reference: DOV-6601
Vulnerability type: CWE-770 (Allocation of Resources Without Limits or Throttling)
Vulnerable version: 2.2, 2.3
Vulnerable component: lib-mail
Report confidence: Confirmed
Solution status: Fixed in 2.3.21.1
Researcher credits: Vendor internal discovery
Vendor notification: 2024-01-31
CVE reference: CVE-2024-23185
CVSS: 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)…

Read More

Posted by Aki Tuomi via Fulldisclosure on Aug 17

Affected product: Dovecot IMAP Server
Internal reference: DOV-6464
Vulnerability type: CWE-770 (Allocation of Resources Without Limits or Throttling)
Vulnerable version: 2.2, 2.3
Vulnerable component: lib-mail
Report confidence: Confirmed
Solution status: Fixed in 2.3.21.1
Researcher credits: Vendor internal discovery
Vendor notification: 2024-01-30
CVE reference: CVE-2024-23184
CVSS: 5.0 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N)…

Read More

Support for the “strict kex” SSH extension has been backported to
AsyncSSH (a Python implementation of the SSHv2 protocol) as hardening
against the Terrapin attack.

https://security-tracker.debian.org/tracker/DSA-5750-1

Read More

FEDORA-EPEL-2024-fc8e1f0a44

Packages in this update:

python-webob-1.8.8-2.el8

Update description:

Update to upstream. Fix open redirect issue in 1.8-branch rhbz#2305065

Update to upstream. Fix open redirect issue in 1.8-branch rhbz#2305065

Read More

FEDORA-EPEL-2024-4a0acd6ee7

Packages in this update:

python-webob-1.8.8-2.el9

Update description:

Update to upstream. Fix open redirect issue in 1.8-branch rhbz#2305065

Update to upstream. Fix open redirect issue in 1.8-branch rhbz#2305065

Read More

FEDORA-2024-40ff0d8644

Packages in this update:

python-webob-1.8.8-2.fc39

Update description:

Update to upstream. Fix open redirect issue in 1.8-branch rhbz#2305065

Update to upstream. Fix open redirect issue in 1.8-branch rhbz#2305065

Read More

FEDORA-2024-a6817a2e80

Packages in this update:

python-webob-1.8.8-2.fc40

Update description:

Update to upstream. Fix open redirect issue in 1.8-branch rhbz#2305065

Update to upstream. Fix open redirect issue in 1.8-branch rhbz#2305065

Read More

FEDORA-2024-f10a0a02d6

Packages in this update:

age-1.2.0-1.fc41

Update description:

Automatic update for age-1.2.0-1.fc41.

Changelog

* Sat Aug 17 2024 Mikel Olasagasti Uranga <mikel@olasagasti.info> – 1.2.0-1
– Update to 1.2.0 – Closes rhbz#2292862 rhbz#2255071

Read More

FEDORA-2024-8d2cf6bfc3

Packages in this update:

age-1.2.0-1.fc42

Update description:

Automatic update for age-1.2.0-1.fc42.

Changelog

* Sat Aug 17 2024 Mikel Olasagasti Uranga <mikel@olasagasti.info> – 1.2.0-1
– Update to 1.2.0 – Closes rhbz#2292862 rhbz#2255071

Read More

FEDORA-2024-ba78b27eb8

Packages in this update:

webkitgtk-2.44.3-2.fc39

Update description:

Fix web process cache suspend/resume when sandbox is enabled.
Fix accelerated images disappearing after scrolling.
Fix video flickering with DMA-BUF sink.
Fix pointer lock on X11.
Fix movement delta on mouse events in GTK3.
Undeprecate console message API and make it available in 2022 API.
Fix several crashes and rendering issues.

Read More