Category Archives: Advisories

USN-7015-1: Python vulnerabilities

Read Time:53 Second

It was discovered that the Python email module incorrectly parsed email
addresses that contain special characters. A remote attacker could possibly
use this issue to bypass certain protection mechanisms. (CVE-2023-27043)

It was discovered that Python allowed excessive backtracking while parsing
certain tarfile headers. A remote attacker could possibly use this issue to
cause Python to consume resources, leading to a denial of service.
(CVE-2024-6232)

It was discovered that the Python email module incorrectly quoted newlines
for email headers. A remote attacker could possibly use this issue to
perform header injection. (CVE-2024-6923)

It was discovered that the Python http.cookies module incorrectly handled
parsing cookies that contained backslashes for quoted characters. A remote
attacker could possibly use this issue to cause Python to consume
resources, leading to a denial of service. (CVE-2024-7592)

It was discovered that the Python zipfile module incorrectly handled
certain malformed zip files. A remote attacker could possibly use this
issue to cause Python to stop responding, resulting in a denial of service.
(CVE-2024-8088)

Read More

USN-7014-1: nginx vulnerability

Read Time:13 Second

It was discovered that the nginx ngx_http_mp4 module incorrectly handled
certain malformed mp4 files. In environments where the mp4 directive is in
use, a remote attacker could possibly use this issue to cause nginx to
crash, resulting in a denial of service.

Read More

USN-7013-1: Dovecot vulnerabilities

Read Time:21 Second

It was discovered that Dovecot incorrectly handled a large number of
address headers. A remote attacker could possibly use this issue to cause
Dovecot to consume resources, leading to a denial of service.
(CVE-2024-23184)

It was discovered that Dovecot incorrectly handled very large headers. A
remote attacker could possibly use this issue to cause Dovecot to consume
resources, leading to a denial of service. (CVE-2024-23185)

Read More

USN-7011-1: ClamAV vulnerabilities

Read Time:19 Second

It was discovered that ClamAV incorrectly handled certain PDF files. A
remote attacker could possibly use this issue to cause ClamAV to crash,
resulting in a denial of service. (CVE-2024-20505)

It was discovered that ClamAV incorrectly handled logfile privileges. A
local attacker could use this issue to cause ClamAV to overwrite arbitrary
files, possibly leading to privilege escalation. (CVE-2024-20506)

Read More

USN-6560-3: OpenSSH vulnerability

Read Time:15 Second

USN-6560-2 fixed a vulnerability in OpenSSH. This update provides
the corresponding update for Ubuntu 16.04 LTS.

Original advisory details:

It was discovered that OpenSSH incorrectly handled user names or host
names with shell metacharacters. An attacker could possibly use this
issue to perform OS command injection.

Read More

iwd-2.22-1.fc41

Read Time:10 Second

FEDORA-2024-5d6c951b0b

Packages in this update:

iwd-2.22-1.fc41

Update description:

iwd 2.22:

Fix issue with handling the Affinities property.
Fix issue with handling ConnectedAccessPoint signal when roaming.

Read More