Posted by Apple Product Security via Fulldisclosure on Mar 27
APPLE-SA-03-25-2024-4 iOS 17.4.1 and iPadOS 17.4.1
iOS 17.4.1 and iPadOS 17.4.1 addresses the following issues.
Information about the security content is also available at https://support.apple.com/kb/HT214097.
Apple maintains a Security Updates page at https://support.apple.com/HT201222 which lists recent
software updates with security advisories.
CoreMedia
Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation
and later, iPad…
Posted by Apple Product Security via Fulldisclosure on Mar 27
APPLE-SA-03-25-2024-5 iOS 16.7.7 and iPadOS 16.7.7
iOS 16.7.7 and iPadOS 16.7.7 addresses the following issues.
Information about the security content is also available at https://support.apple.com/kb/HT214098.
Apple maintains a Security Updates page at https://support.apple.com/HT201222 which lists recent
software updates with security advisories.
The util-linux wall command does not filter escape sequences from
command line arguments. The vulnerable code was introduced in
commit cdd3cc7fa4 (2013). Every version since has been
vulnerable.
1. CVE-2020-8006 Pre-Auth Stack Based Buffer Overflow
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H (10)
The server in Circontrol Raption through 5.11.2 has a pre-authentication
stack-based buffer overflow that can be exploited to gain run-time control
of the device as root.
When the server parses the HTTP headers and finds the Basic-Authentication
tag it will call a base64 decode function. This function…
Posted by Artur Janicki via Fulldisclosure on Mar 27
[APOLOGIES FOR CROSS-POSTING]
CALL FOR PAPERS
13th International Workshop on Cyber Crime (IWCC 2024 – https://www.ares-conference.eu/iwcc/)
to be held in conjunction with the 19th International Conference on
Availability, Reliability and Security (ARES 2024 – http://www.ares-conference.eu)
July 30 – August 02, 2024, Vienna, Austria
IMPORTANT DATES
Submission Deadline May 12, 2024
Author Notification May 29, 2024
Proceedings Version…
Skyler Ferrante discovered that the util-linux wall command did not filter
escape sequences from command line arguments. A local attacker could
possibly use this issue to obtain sensitive information.
USN-6718-1 fixed a vulnerability in curl. This update provides
the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.
Original advisory details:
It was discovered that curl incorrectly handled memory when limiting the
amount of headers when HTTP/2 server push is allowed. A remote attacker
could possibly use this issue to cause curl to consume resources, leading
to a denial of service. (CVE-2024-2398)
Security fixes for CVE-2021-42260, CVE-2023-34194 and its duplicate CVE-2023-40462.
Fix incorrect text element encoding (upstream isssue #51).
Enable tests.