Category Archives: Advisories

micropython-1.23.0-1.fc42

Read Time:19 Second

FEDORA-2024-81b8dc2197

Packages in this update:

micropython-1.23.0-1.fc42

Update description:

Automatic update for micropython-1.23.0-1.fc42.

Changelog

* Thu Oct 17 2024 Charalampos Stratakis <cstratak@redhat.com> – 1.23.0-1
– Update to 1.23.0
– Security fixes for CVE-2024-8946, CVE-2024-8947, CVE-2024-8948
Resolves: rhbz#2312926, rhbz#2312923, rhbz#2312921

Read More

USN-7080-1: Unbound vulnerability

Read Time:12 Second

Toshifumi Sakaguchi discovered that Unbound incorrectly handled name
compression for large RRsets, which could lead to excessive CPU usage.
An attacker could potentially use this issue to cause a denial of service
by sending specially crafted DNS responses.

Read More

NetworkManager-libreswan-1.2.24-1.fc39

Read Time:15 Second

FEDORA-2024-d20b38c63f

Packages in this update:

NetworkManager-libreswan-1.2.24-1.fc39

Update description:

This is an update to 1.2.24 release of NetworkManager-libreswan, the IPSec VPN plugin for NetworkManager. It fixes a local privilege escalation bug due to improper escaping of Libreswan configuration. (CVE-2024-9050)

Read More

NetworkManager-libreswan-1.2.24-1.fc40

Read Time:15 Second

FEDORA-2024-e88cc97dba

Packages in this update:

NetworkManager-libreswan-1.2.24-1.fc40

Update description:

This is an update to 1.2.24 release of NetworkManager-libreswan, the IPSec VPN plugin for NetworkManager. It fixes a local privilege escalation bug due to improper escaping of Libreswan configuration. (CVE-2024-9050)

Read More

NetworkManager-libreswan-1.2.24-1.fc41

Read Time:15 Second

FEDORA-2024-2e8944621e

Packages in this update:

NetworkManager-libreswan-1.2.24-1.fc41

Update description:

This is an update to 1.2.24 release of NetworkManager-libreswan, the IPSec VPN plugin for NetworkManager.
It fixes a local privilege escalation bug due to improper escaping of Libreswan configuration. (CVE-2024-9050)

Read More

USN-7079-1: WebKitGTK vulnerabilities

Read Time:15 Second

Several security issues were discovered in the WebKitGTK Web and JavaScript
engines. If a user were tricked into viewing a malicious website, a remote
attacker could exploit a variety of issues related to web browser security,
including cross-site scripting attacks, denial of service attacks, and
arbitrary code execution.

Read More

Metabase Information Disclosure Vulnerability (CVE-2021-41277)

Read Time:56 Second

What is the attack?FortiGuard Labs observes widespread attack attempts targeting a three-year-old Metabase vulnerability (CVE-2021-41277) detected by more than 30,000 sensors. Successful exploitation could lead to information disclosure including expose server files and environment variables to unauthorized users. The vulnerability occurs due to the use of user-supplied input without proper validation.Metabase is an open-source data analytics platform. According to their website it is used by over 60,000 companies including, Capital One, OpenAI, and more. FortiGuard Recon Threat Intelligence team tracked this vulnerability being targeted by a hacktivist group called GhostSec back in May 2024.What is the recommended Mitigation?This issue is fixed in a new maintenance release (0.40.5 and 1.40.5), and any subsequent release after that (including x.41+). GitHubWhat FortiGuard Coverage is available?FortiGuard recommends users to apply the patch and follow any mitigation steps provided by the vendor if not done already.FortiGuard IPS protection is available to detect and block any attack attempts.The FortiGuard Incident Response team can be engaged to help with any suspected compromise.

Read More