Several vulnerabilities were discovered in nscd, the Name Service Cache
Daemon in the GNU C library which may lead to denial of service or the
execution of arbitrary code.
Category Archives: Advisories
DSA-5677-1 ruby3.1 – security update
Several vulnerabilities have been discovered in the interpreter for
the Ruby language, which may result in information disclosure, denial
of service or the execution of arbitrary code.
GitLab Password Reset Vulnerability (CVE-2023-7028)
What is the vulnerability?A critical vulnerability has been discovered in GitLab, a DevOps platform for managing software development lifecycle. A successful exploitation of the vulnerability may allow an attacker to take control of the GitLab administrator account without user interaction. CVE-2023-7028 has been given a maximum CVSS score of 10. CISA added the vulnerability on May 1st to its Known Exploited Vulnerabilities (KEV) Catalog.What is the recommended Mitigation?GitLab users are advised to update their instances to a patched version and enable two factor authentication (2FA) which will deny malicious actors access to compromised accounts.What FortiGuard Coverage is available?FortiGuard Labs has an existing Web Application Security signature “GitLab.Password.Reset.Account.Takeover” released on Jan 16 to detect and block any attack attempts targeting the Authentication Bypass Vulnerability in GitLab (CVE-2023-7028) and has Endpoint Vulnerability signature ID “5551” to detect vulnerable versions of installed GitLab software.
stb-0-0.45.20240213gitae721c5.el7
FEDORA-EPEL-2024-c66806f4ad
Packages in this update:
stb-0-0.45.20240213gitae721c5.el7
Update description:
Security fix for CVE-2023-45681 / CVE-2023-47212
stb-0-0.45.20240213gitae721c5.el8
FEDORA-EPEL-2024-6327fb701b
Packages in this update:
stb-0-0.45.20240213gitae721c5.el8
Update description:
Security fix for CVE-2023-45681 / CVE-2023-47212
stb-0^20240213gitae721c5-5.el9
FEDORA-EPEL-2024-39387970e2
Packages in this update:
stb-0^20240213gitae721c5-5.el9
Update description:
Security fix for CVE-2023-45681 / CVE-2023-47212
USN-6757-2: PHP vulnerabilities
USN-6757-1 fixed vulnerabilities in PHP. Unfortunately these fixes were incomplete for
Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 23.10. This update fixes the problem.
Original advisory details:
It was discovered that PHP incorrectly handled PHP_CLI_SERVER_WORKERS variable.
An attacker could possibly use this issue to cause a crash or execute
arbitrary code. This issue only affected Ubuntu 20.04 LTS, and
Ubuntu 22.04 LTS. (CVE-2022-4900)
It was discovered that PHP incorrectly handled certain cookies.
An attacker could possibly use this issue to cookie by pass.
(CVE-2024-2756)
It was discovered that PHP incorrectly handled some passwords.
An attacker could possibly use this issue to cause an account takeover
attack. (CVE-2024-3096)
stb-0^20240213gitae721c5-5.fc38
FEDORA-2024-5e5d8c2581
Packages in this update:
stb-0^20240213gitae721c5-5.fc38
Update description:
Security fix for CVE-2023-45681 / CVE-2023-47212
stb-0^20240213gitae721c5-6.fc39
FEDORA-2024-4c8d4cda0d
Packages in this update:
stb-0^20240213gitae721c5-6.fc39
Update description:
Security fix for CVE-2023-45681 / CVE-2023-47212
stb-0^20240213gitae721c5-6.fc40
FEDORA-2024-8f4d69d2ec
Packages in this update:
stb-0^20240213gitae721c5-6.fc40
Update description:
Security fix for CVE-2023-45681 / CVE-2023-47212