Read Time:8 Second
It was discovered that less incorrectly handled certain file names.
An attacker could possibly use this issue to cause a crash or execute
arbitrary commands.
Category Archives: Advisories
golang-github-tdewolff-argp-0-0.1.20240227git719bbce.fc38 golang-github-tdewolff-minify-2.20.18-1.fc38 golang-github-tdewolff-parse-2.7.12-1.fc38
Read Time:14 Second
FEDORA-2024-0d4d9925a2
Packages in this update:
golang-github-tdewolff-argp-0-0.1.20240227git719bbce.fc38
golang-github-tdewolff-minify-2.20.18-1.fc38
golang-github-tdewolff-parse-2.7.12-1.fc38
Update description:
Update to latest version
Security fix for CVE-2023-39325
golang-github-tdewolff-argp-0-0.1.20240227git719bbce.fc39 golang-github-tdewolff-minify-2.20.18-1.fc39 golang-github-tdewolff-parse-2.7.12-1.fc39
Read Time:14 Second
FEDORA-2024-c3e32c5635
Packages in this update:
golang-github-tdewolff-argp-0-0.1.20240227git719bbce.fc39
golang-github-tdewolff-minify-2.20.18-1.fc39
golang-github-tdewolff-parse-2.7.12-1.fc39
Update description:
Update to latest version
Security fix for CVE-2023-39325
USN-6663-1: OpenSSL update
Read Time:9 Second
As a security improvement, this update prevents OpenSSL
from returning an error when detecting wrong padding
in PKCS#1 v1.5 RSA, to prevent its use in possible
Bleichenbacher timing attacks.
USN-6305-2: PHP vulnerabilities
Read Time:26 Second
USN-6305-1 fixed several vulnerabilities in PHP. This update provides
the corresponding update for Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS.
Original advisory details:
It was discovered that PHP incorrectly handled certain XML files.
An attacker could possibly use this issue to expose sensitive information.
(CVE-2023-3823)
It was discovered that PHP incorrectly handled certain PHAR files.
An attacker could possibly use this issue to cause a crash,
expose sensitive information or execute arbitrary code.
(CVE-2023-3824)
cpp-jwt-1.4-7.fc38
Read Time:6 Second
FEDORA-2024-d76e37ba62
Packages in this update:
cpp-jwt-1.4-7.fc38
Update description:
Fix side channel vulnerability
cpp-jwt-1.4-7.el8
Read Time:6 Second
FEDORA-EPEL-2024-16cf23e0e6
Packages in this update:
cpp-jwt-1.4-7.el8
Update description:
Fix side channel vulnerability
cpp-jwt-1.4-7.fc39
Read Time:6 Second
FEDORA-2024-56fbd2cbfa
Packages in this update:
cpp-jwt-1.4-7.fc39
Update description:
Fix side channel vulnerability
cpp-jwt-1.4-7.el9
Read Time:6 Second
FEDORA-EPEL-2024-1cefeeb8f5
Packages in this update:
cpp-jwt-1.4-7.el9
Update description:
Fix side channel vulnerability
USN-6660-1: OpenJDK 11 vulnerabilities
Read Time:1 Minute, 5 Second
Yi Yang discovered that the Hotspot component of OpenJDK 11 incorrectly
handled array accesses in the C1 compiler. An attacker could possibly
use this issue to cause a denial of service, execute arbitrary code or
bypass Java sandbox restrictions. (CVE-2024-20918)
It was discovered that the Hotspot component of OpenJDK 11 did not
properly verify bytecode in certain situations. An attacker could
possibly use this issue to bypass Java sandbox restrictions.
(CVE-2024-20919)
It was discovered that the Hotspot component of OpenJDK 11 had an
optimization flaw when generating range check loop predicates. An attacker
could possibly use this issue to cause a denial of service, execute
arbitrary code or bypass Java sandbox restrictions. (CVE-2024-20921)
Valentin Eudeline discovered that OpenJDK 11 incorrectly handled certain
options in the Nashorn JavaScript subcomponent. An attacker could
possibly use this issue to execute arbitrary code. (CVE-2024-20926)
It was discovered that OpenJDK 11 could produce debug logs that contained
private keys used for digital signatures. An attacker could possibly use
this issue to obtain sensitive information. (CVE-2024-20945)
Hubert Kario discovered that the TLS implementation in OpenJDK 11 had a
timing side-channel and incorrectly handled RSA padding. A remote attacker
could possibly use this issue to recover sensitive information.
(CVE-2024-20952)