Read Time:10 Second
Multiple security issues were discovered in Redis, a persistent
key-value database, which could result in the execution of arbitrary
code or ACL bypass.
Category Archives: Advisories
DSA-5609-1 slurm-wlm – security update
Read Time:15 Second
Several vulnerabilities were discovered in the Slurm Workload Manager, a
cluster resource management and job scheduling system, which may result
in privilege escalation, denial of service, bypass of message hash
checks or opening files with an incorrect set of extended groups.
Re: Buffer Overflow in graphviz via via a crafted config6a file
Read Time:23 Second
Posted by Matthew Fernandez on Jan 27
More specifically, this issue is an out-of-bounds read.
AFAICT the issue was actually introduced in Graphviz 2.36. It was fixed
in commit a95f977f5d809915ec4b14836d2b5b7f5e74881e (essentially
reverting cf95714837f06f684929b54659523c2c9b1fc19f that introduced the
issue), but there has been no release yet since then. The next release
will be 10.0.0. So affected versions would be [2.36, 10.0.0).
To exploit this issue, you need to modify a…
CVEs based on commit messages
Read Time:24 Second
Posted by Mark Esler on Jan 27
Dear Meng Rujie,
In regards to your recent FD posts, are you requesting CVEs based on the
presence of strings in commit messages such as “null pointer dereference”?
Are you reaching out to each upstream project before assigning a CVE? Do
you believe that every null pointer bug is a vulnerability? What impact
are you hoping to achieve?
Please reconsider how you are requesting CVEs.
CVE assignment based on commit message allows…
Re: null pointer deference in nano via read_the_list()
Read Time:17 Second
Posted by Mark Esler on Jan 27
Hi Meng,
In your recent mass posts to FD, are you reporting vulnerabilities or
bug reports which have words like “segfault” in the title? What benefit
do you see this having? Have you spoken to each upstream project before
requesting a CVE be assigned?
Thank you,
Mark Esler
Re: NULL pointer dereference in freedesktop Mesa via check_xshm()
Read Time:8 Second
Posted by Dan Cross on Jan 27
I find it very difficult to believe that every NULL pointer error in
existence is a security vulnerability.
– Dan C.
Re: Null pointer dereference in Xedit
Read Time:28 Second
Posted by Alan Coopersmith on Jan 27
I will be asking that this CVE be withdrawn on behalf of the X.Org security team.
While it is a low-priority bug, we did not see any security exposure
when this bug was first brought to our attention because there is no
way for an attacker to change the contents of the lisp.lsp file or to
cause a *.lsp file to be loaded for another user.
The bug report states “replace /usr/local/lib/X11/xedit/lisp/lisp.lsp with
the attached version,”…
mingw-python-pygments-2.15.1-1.fc38
Read Time:7 Second
FEDORA-2024-db87ce2a47
Packages in this update:
mingw-python-pygments-2.15.1-1.fc38
Update description:
Update to 2.15.1.
python-pillow-9.5.0-3.fc38
Read Time:9 Second
FEDORA-2024-4ef97ebbfc
Packages in this update:
python-pillow-9.5.0-3.fc38
Update description:
Backport fix for CVE-2023-50447.
Update patch for CVE-2023-44271
kernel-6.6.14-200.fc39
Read Time:9 Second
FEDORA-2024-50ab089b1d
Packages in this update:
kernel-6.6.14-200.fc39
Update description:
The 6.6.14 stable kernel update contains a number of important fixes across the tree.