Read Time:10 Second
FEDORA-2024-1249d56928
Packages in this update:
mbedtls-2.28.8-1.fc38
Update description:
Update to 2.28.8
Release notes: https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.8
Category Archives: Advisories
ZDI-24-360: JetBrains TeamCity AgentDistributionSettingsController Cross-Site Scripting Vulnerability
Read Time:17 Second
This vulnerability allows remote attackers to execute arbitrary script on affected installations of JetBrains TeamCity. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 4.6. The following CVEs are assigned: CVE-2024-31138.
ZDI-24-359: Flexera Software FlexNet Publisher Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
Read Time:17 Second
This vulnerability allows local attackers to escalate privileges on affected installations of Flexera Software FlexNet Publisher. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-2658.
ZDI-24-358: GitLab Label Description Uncontrolled Resource Consumption Denial-of-Service Vulnerability
Read Time:13 Second
This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of GitLab. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 4.3. The following CVEs are assigned: CVE-2024-2818.
ZDI-24-357: RARLAB WinRAR Mark-Of-The-Web Bypass Vulnerability
Read Time:18 Second
This vulnerability allows remote attackers to bypass the Mark-Of-The-Web protection mechanism on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the target must perform a specific action on a malicious page. The ZDI has assigned a CVSS rating of 4.3. The following CVEs are assigned: CVE-2024-30370.
assimp-5.0.1-7.el8
Read Time:11 Second
FEDORA-EPEL-2024-d0d107787c
Packages in this update:
assimp-5.0.1-7.el8
Update description:
Security fix for CVE-2023-45661 CVE-2023-45662 CVE-2023-45663 CVE-2023-45664 CVE-2023-45666 CVE-2023-45667
c-ares-1.28.1-1.fc38
Read Time:11 Second
FEDORA-2024-d351e7318e
Packages in this update:
c-ares-1.28.1-1.fc38
Update description:
1.28.1 fixes a significant bug in 1.28.0.
Update to 1.28.0. Also fixes CVE-2024-25629.
c-ares-1.28.1-1.fc40
Read Time:11 Second
FEDORA-2024-9963d77dcb
Packages in this update:
c-ares-1.28.1-1.fc40
Update description:
1.28.1 fixes a significant bug in 1.28.0.
Update to 1.28.0. Also fixes CVE-2024-25629.
c-ares-1.28.1-1.fc39
Read Time:11 Second
FEDORA-2024-835800b552
Packages in this update:
c-ares-1.28.1-1.fc39
Update description:
1.28.1 fixes a significant bug in 1.28.0.
Update to 1.28.0. Also fixes CVE-2024-25629.
DSA-5650-1 util-linux – security update
Read Time:16 Second
Skyler Ferrante discovered that the wall tool from util-linux does not
properly handle escape sequences from command line arguments. A local
attacker can take advantage of this flaw for information disclosure.
With this update wall and write are not anymore installed with setgid
tty.