Category Archives: Advisories

APPLE-SA-09-16-2024-1 iOS 18 and iPadOS 18

Read Time:26 Second

Posted by Apple Product Security via Fulldisclosure on Sep 16

APPLE-SA-09-16-2024-1 iOS 18 and iPadOS 18

iOS 18 and iPadOS 18 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/121250.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

Accessibility
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch
3rd generation and later, iPad…

Read More

USN-7015-1: Python vulnerabilities

Read Time:53 Second

It was discovered that the Python email module incorrectly parsed email
addresses that contain special characters. A remote attacker could possibly
use this issue to bypass certain protection mechanisms. (CVE-2023-27043)

It was discovered that Python allowed excessive backtracking while parsing
certain tarfile headers. A remote attacker could possibly use this issue to
cause Python to consume resources, leading to a denial of service.
(CVE-2024-6232)

It was discovered that the Python email module incorrectly quoted newlines
for email headers. A remote attacker could possibly use this issue to
perform header injection. (CVE-2024-6923)

It was discovered that the Python http.cookies module incorrectly handled
parsing cookies that contained backslashes for quoted characters. A remote
attacker could possibly use this issue to cause Python to consume
resources, leading to a denial of service. (CVE-2024-7592)

It was discovered that the Python zipfile module incorrectly handled
certain malformed zip files. A remote attacker could possibly use this
issue to cause Python to stop responding, resulting in a denial of service.
(CVE-2024-8088)

Read More

USN-7014-1: nginx vulnerability

Read Time:13 Second

It was discovered that the nginx ngx_http_mp4 module incorrectly handled
certain malformed mp4 files. In environments where the mp4 directive is in
use, a remote attacker could possibly use this issue to cause nginx to
crash, resulting in a denial of service.

Read More

USN-7013-1: Dovecot vulnerabilities

Read Time:21 Second

It was discovered that Dovecot incorrectly handled a large number of
address headers. A remote attacker could possibly use this issue to cause
Dovecot to consume resources, leading to a denial of service.
(CVE-2024-23184)

It was discovered that Dovecot incorrectly handled very large headers. A
remote attacker could possibly use this issue to cause Dovecot to consume
resources, leading to a denial of service. (CVE-2024-23185)

Read More

USN-7011-1: ClamAV vulnerabilities

Read Time:19 Second

It was discovered that ClamAV incorrectly handled certain PDF files. A
remote attacker could possibly use this issue to cause ClamAV to crash,
resulting in a denial of service. (CVE-2024-20505)

It was discovered that ClamAV incorrectly handled logfile privileges. A
local attacker could use this issue to cause ClamAV to overwrite arbitrary
files, possibly leading to privilege escalation. (CVE-2024-20506)

Read More

USN-6560-3: OpenSSH vulnerability

Read Time:15 Second

USN-6560-2 fixed a vulnerability in OpenSSH. This update provides
the corresponding update for Ubuntu 16.04 LTS.

Original advisory details:

It was discovered that OpenSSH incorrectly handled user names or host
names with shell metacharacters. An attacker could possibly use this
issue to perform OS command injection.

Read More