Posted by Aki Tuomi via Fulldisclosure on Aug 17
Affected product: Dovecot IMAP Server
Internal reference: DOV-6464
Vulnerability type: CWE-770 (Allocation of Resources Without Limits or Throttling)
Vulnerable version: 2.2, 2.3
Vulnerable component: lib-mail
Report confidence: Confirmed
Solution status: Fixed in 2.3.21.1
Researcher credits: Vendor internal discovery
Vendor notification: 2024-01-30
CVE reference: CVE-2024-23184
CVSS: 5.0 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N)…
Support for the “strict kex” SSH extension has been backported to
AsyncSSH (a Python implementation of the SSHv2 protocol) as hardening
against the Terrapin attack.
https://security-tracker.debian.org/tracker/DSA-5750-1
FEDORA-EPEL-2024-fc8e1f0a44
Packages in this update:
python-webob-1.8.8-2.el8
Update description:
Update to upstream. Fix open redirect issue in 1.8-branch rhbz#2305065
Update to upstream. Fix open redirect issue in 1.8-branch rhbz#2305065
FEDORA-EPEL-2024-4a0acd6ee7
Packages in this update:
python-webob-1.8.8-2.el9
Update description:
Update to upstream. Fix open redirect issue in 1.8-branch rhbz#2305065
Update to upstream. Fix open redirect issue in 1.8-branch rhbz#2305065
FEDORA-2024-40ff0d8644
Packages in this update:
python-webob-1.8.8-2.fc39
Update description:
Update to upstream. Fix open redirect issue in 1.8-branch rhbz#2305065
Update to upstream. Fix open redirect issue in 1.8-branch rhbz#2305065
FEDORA-2024-a6817a2e80
Packages in this update:
python-webob-1.8.8-2.fc40
Update description:
Update to upstream. Fix open redirect issue in 1.8-branch rhbz#2305065
Update to upstream. Fix open redirect issue in 1.8-branch rhbz#2305065
FEDORA-2024-f10a0a02d6
Packages in this update:
age-1.2.0-1.fc41
Update description:
Automatic update for age-1.2.0-1.fc41.
Changelog
* Sat Aug 17 2024 Mikel Olasagasti Uranga <mikel@olasagasti.info > – 1.2.0-1
– Update to 1.2.0 – Closes rhbz#2292862 rhbz#2255071
FEDORA-2024-8d2cf6bfc3
Packages in this update:
age-1.2.0-1.fc42
Update description:
Automatic update for age-1.2.0-1.fc42.
Changelog
* Sat Aug 17 2024 Mikel Olasagasti Uranga <mikel@olasagasti.info > – 1.2.0-1
– Update to 1.2.0 – Closes rhbz#2292862 rhbz#2255071
FEDORA-2024-ba78b27eb8
Packages in this update:
webkitgtk-2.44.3-2.fc39
Update description:
Fix web process cache suspend/resume when sandbox is enabled.
Fix accelerated images disappearing after scrolling.
Fix video flickering with DMA-BUF sink.
Fix pointer lock on X11.
Fix movement delta on mouse events in GTK3.
Undeprecate console message API and make it available in 2022 API.
Fix several crashes and rendering issues.
FEDORA-2024-8ba5080dfa
Packages in this update:
nginx-1.26.2-1.fc39
nginx-mod-fancyindex-0.5.2-5.fc39
nginx-mod-modsecurity-1.0.3-13.fc39
nginx-mod-naxsi-1.6-6.fc39
nginx-mod-vts-0.2.2-9.fc39
Update description:
Security: processing of a specially crafted mp4 file by the
ngx_http_mp4_module might cause a worker process crash
(CVE-2024-7347).
Thanks to Nils Bars.
Posts navigation
News, Advisories and much more