Category Archives: Advisories

USN-7058-1: .NET vulnerabilities

Read Time:45 Second

Brennan Conroy discovered that the .NET Kestrel web server did not
properly handle closing HTTP/3 streams under certain circumstances. An
attacker could possibly use this issue to achieve remote code execution.
This vulnerability only impacted .NET8. (CVE-2024-38229)

It was discovered that .NET components designed to process malicious input
were susceptible to hash flooding attacks. An attacker could possibly use
this issue to cause a denial of service, resulting in a crash.
(CVE-2024-43483)

It was discovered that the .NET System.IO.Packaging namespace did not
properly process SortedList data structures. An attacker could possibly
use this issue to cause a denial of service, resulting in a crash.
(CVE-2024-43484)

It was discovered that .NET did not properly handle the deserialization of
of certain JSON properties. An attacker could possibly use this issue to
cause a denial of service, resulting in a crash. (CVE-2024-43485)

Read More

USN-7057-2: WEBrick vulnerability

Read Time:17 Second

USN-7057-1 fixed a vulnerability in WEBrick. This update provides the
corresponding updates for Ubuntu 22.04 LTS.

Original advisory details:

It was discovered that WEBrick incorrectly handled having both a Content-
Length header and a Transfer-Encoding header. A remote attacker could
possibly use this issue to perform a HTTP request smuggling attack.

Read More

koji-1.35.1-1.fc42

Read Time:16 Second

FEDORA-2024-e253f0b07c

Packages in this update:

koji-1.35.1-1.fc42

Update description:

Automatic update for koji-1.35.1-1.fc42.

Changelog

* Tue Oct 8 2024 Kevin Fenzi <kevin@scrye.com> – 1.35.1-1
– Update to 1.35.1. Fixes rhbz#2316304
– Fixes CVE-2024-9427

Read More