Category Archives: Advisories

USN-7014-2: nginx vulnerability

Read Time:21 Second

USN-7014-1 fixed a vulnerability in nginx. This update provides the
corresponding updates for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.

Original advisory details:

It was discovered that the nginx ngx_http_mp4 module incorrectly handled
certain malformed mp4 files. In environments where the mp4 directive is in
use, a remote attacker could possibly use this issue to cause nginx to
crash, resulting in a denial of service.

Read More

buildah-1.37.4-1.fc41 podman-5.2.4-1.fc41

Read Time:28 Second

FEDORA-2024-2e8c63e8bf

Packages in this update:

buildah-1.37.4-1.fc41
podman-5.2.4-1.fc41

Update description:

Automatic update for buildah-1.37.4-1.fc41, podman-5.2.4-1.fc41.

Changelog for buildah

* Mon Oct 07 2024 Packit <hello@packit.dev> – 2:1.37.4-1
– Update to 1.37.4 upstream release

Changelog for podman

* Mon Oct 07 2024 Packit <hello@packit.dev> – 5:5.2.4-1
– Update to 5.2.4 upstream release

Fixes CVE-2024-9341 and CVE-2024-9407.

Read More

ZDI-24-1331: Adobe Substance 3D Stager SKP File Parsing Use-After-Free Remote Code Execution Vulnerability

Read Time:17 Second

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Substance 3D Stager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-45138.

Read More