Read Time:6 Second
Naom Moshe discovered that Flask-Security incorrectly validated URLs. An attacker could use this issue to redirect users to arbitrary URLs.
Category Archives: Advisories
USN-6794-1: FRR vulnerabilities
Read Time:11 Second
It was discovered that FRR incorrectly handled certain malformed BGP and
OSPF packets. A remote attacker could use this issue to cause FRR to crash,
resulting in a denial of service, or possibly execute arbitrary code.
tomcat-9.0.89-1.fc39
Read Time:17 Second
FEDORA-2024-2bf73514cd
Packages in this update:
tomcat-9.0.89-1.fc39
Update description:
This update includes a rebase from 9.0.83 to 9.0.89.
#2269611 CVE-2024-24549 tomcat: CVE-2024-24549: Apache Tomcat: HTTP/2 header handling DoS
#2269612 CVE-2024-23672 tomcat: Apache Tomcat: WebSocket DoS with incomplete closing handshake
USN-6793-1: Git vulnerabilities
Read Time:46 Second
It was discovered that Git incorrectly handled certain submodules.
An attacker could possibly use this issue to execute arbitrary code.
This issue was fixed in Ubuntu 22.04 LTS, Ubuntu 23.10 and Ubuntu 24.04 LTS.
(CVE-2024-32002)
It was discovered that Git incorrectly handled certain cloned repositories.
An attacker could possibly use this issue to execute arbitrary code.
(CVE-2024-32004)
It was discovered that Git incorrectly handled local clones with hardlinked
files/directories. An attacker could possibly use this issue to place a
specialized repository on their target’s local system. (CVE-2024-32020)
It was discovered that Git incorrectly handled certain symlinks. An attacker
could possibly use this issue to impact availability and integrity
creating hardlinked arbitrary files into users repository’s objects/directory.
(CVE-2024-32021)
It was discovered that Git incorrectly handled certain cloned repositories.
An attacker could possibly use this issue to execute arbitrary code.
(CVE-2024-32465)
USN-6787-1: Jinja2 vulnerability
Read Time:12 Second
It was discovered that Jinja2 incorrectly handled certain HTML attributes
that were accepted by the xmlattr filter. An attacker could use this issue
to inject arbitrary HTML attribute keys and values to potentially execute
a cross-site scripting (XSS) attack.
USN-6791-1: Unbound vulnerability
Read Time:10 Second
It was discovered that Unbound could take part in a denial of service
amplification attack known as DNSBomb. This update introduces certain
resource limits to make the impact from Unbound significantly lower.
USN-6790-1: amavisd-new vulnerability
Read Time:10 Second
It was discovered that amavisd-new incorrectly handled certain MIME email
messages with multiple boundary parameters. A remote attacker could
possibly use this issue to bypass checks for banned files or malware.
USN-6789-1: LibreOffice vulnerability
Read Time:10 Second
Amel Bouziane-Leblond discovered that LibreOffice incorrectly handled
graphic on-click bindings. If a user were tricked into clicking a graphic
in a specially crafted document, a remote attacker could possibly run
arbitrary script.
USN-6788-1: WebKitGTK vulnerabilities
Read Time:15 Second
Several security issues were discovered in the WebKitGTK Web and JavaScript
engines. If a user were tricked into viewing a malicious website, a remote
attacker could exploit a variety of issues related to web browser security,
including cross-site scripting attacks, denial of service attacks, and
arbitrary code execution.
thunderbird-115.11.0-1.fc40
Read Time:19 Second
FEDORA-2024-7ade906120
Packages in this update:
thunderbird-115.11.0-1.fc40
Update description:
Update to 115.11.0
https://www.mozilla.org/en-US/security/advisories/mfsa2024-23/
https://www.thunderbird.net/en-US/thunderbird/115.11.0/releasenotes/
https://www.thunderbird.net/en-US/thunderbird/115.10.0/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2024-20/