USN-6888-1 fixed several vulnerabilities in Django. This update provides
the corresponding update for Ubuntu 18.04 LTS.

Original advisory details:

Elias Myllymäki discovered that Django incorrectly handled certain inputs
with a large number of brackets. A remote attacker could possibly use this
issue to cause Django to consume resources or stop responding, resulting in
a denial of service. (CVE-2024-38875)

It was discovered that Django incorrectly handled authenticating users with
unusable passwords. A remote attacker could possibly use this issue to
perform a timing attack and enumerate users. (CVE-2024-39329)

Josh Schneier discovered that Django incorrectly handled file path
validation when the storage class is being derived. A remote attacker could
possibly use this issue to save files into arbitrary directories.
(CVE-2024-39330)

It was discovered that Django incorrectly handled certain long strings that
included a specific set of characters. A remote attacker could possibly use
this issue to cause Django to consume resources or stop responding,
resulting in a denial of service. (CVE-2024-39614)

Read More

FEDORA-2024-e7ef063416

Packages in this update:

qt5-qtbase-5.15.14-3.fc40

Update description:

Fix for CVE-2024-39936.

Read More

FEDORA-EPEL-2024-c1264f2cbc

Packages in this update:

botan2-2.19.5-1.el9

Update description:

Rebase to v2.19.5

Read More

FEDORA-2024-6d84a608f1

Packages in this update:

botan2-2.19.5-1.fc39

Update description:

Rebase to v2.19.5

Read More

FEDORA-2024-7f42bafbdb

Packages in this update:

botan2-2.19.5-1.fc40

Update description:

Rebase to v2.19.5

Read More

Posted by Rodolfo Tavares via Fulldisclosure on Jul 10

=====[ Tempest Security Intelligence – ADV-6/2024
]==========================

LumisXP v15.0.x to v16.1.x

Author: Rodolfo Tavares

Tempest Security Intelligence – Recife, Pernambuco – Brazil

=====[ Table of Contents]==================================================
* Overview
* Detailed description
* Timeline of disclosure
* Thanks & Acknowledgements
* References

=====[ Vulnerability…

Read More

Posted by Rodolfo Tavares via Fulldisclosure on Jul 10

=====[ Tempest Security Intelligence – ADV-6/2024
]==========================

LumisXP v15.0.x to v16.1.x

Author: Rodolfo Tavares

Tempest Security Intelligence – Recife, Pernambuco – Brazil

=====[ Table of Contents]==================================================
* Overview
* Detailed description
* Timeline of disclosure
* Thanks & Acknowledgements
* References

=====[ Vulnerability…

Read More

Posted by Rodolfo Tavares via Fulldisclosure on Jul 10

=====[ Tempest Security Intelligence – ADV-6/2024
]==========================

LumisXP v15.0.x to v16.1.x

Author: Rodolfo Tavares

Tempest Security Intelligence – Recife, Pernambuco – Brazil

=====[ Table of Contents]==================================================
* Overview
* Detailed description
* Timeline of disclosure
* Thanks & Acknowledgements
* References

=====[ Vulnerability…

Read More

Posted by Rodolfo Tavares via Fulldisclosure on Jul 10

=====[ Tempest Security Intelligence – ADV-6/2024
]==========================

LumisXP v15.0.x to v16.1.x

Author: Rodolfo Tavares

Tempest Security Intelligence – Recife, Pernambuco – Brazil

=====[ Table of Contents]==================================================

Overview
Detailed description
Timeline of disclosure
Thanks & Acknowledgements
References
=====[ Vulnerability
Information]=============================================

Class:…

Read More

Multiple vulnerabilities have been discovered in the Apache HTTP server,
which may result in authentication bypass, execution of scripts in
directories not directly reachable by any URL, server-side request
forgery or denial of service.

https://security-tracker.debian.org/tracker/DSA-5729-1

Read More