Read Time:1 Second
Post Content
Category Archives: Advisories
GLSA 202409-09: Exo: Arbitrary Code Execution
GLSA 202409-08: OpenVPN: Multiple Vulnerabilities
GLSA 202409-18: liblouis: Multiple Vulnerabilities
GLSA 202409-17: VLC: Multiple Vulnerabilities
GLSA 202409-16: Slurm: Multiple Vulnerabilities
GLSA 202409-19: Emacs, org-mode: Command Execution Vulnerability
DSA-5774-1 ruby-saml – security update
Read Time:15 Second
It was discovered that ruby-saml, a SAML library implementing the client
side of a SAML authorization, does not properly verify the signature of
the SAML Response, which could result in bypass of authentication in an
application using the ruby-saml library.
USN-6968-2: PostgreSQL vulnerability
Read Time:18 Second
USN-6968-1 fixed CVE-2024-7348 in PostgreSQL-12, PostgreSQL-14, and
PostgreSQL-16
This update provides the corresponding updates for PostgreSQL-9.5 in
Ubuntu 16.04 LTS.
Original advisory details:
Noah Misch discovered that PostgreSQL incorrectly handled certain
SQL objects. An attacker could possibly use this issue to execute
arbitrary SQL functions as the superuser.
USN-7015-2: Python vulnerabilities
Read Time:42 Second
USN-7015-1 fixed several vulnerabilities in Python. This update provides
one of the corresponding updates for python2.7 for Ubuntu 16.04 LTS,
Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS, and a second for
python3.5 for Ubuntu 16.04 LTS.
Original advisory details:
It was discovered that Python allowed excessive backtracking while
parsing certain tarfile headers. A remote attacker could possibly use
this issue to cause Python to consume resources, leading to a denial
of service. This issue only affected python3.5 for
Ubuntu 16.04 LTS (CVE-2024-6232)
It was discovered that the Python http.cookies module incorrectly
handled parsing cookies that contained backslashes for quoted
characters. A remote attacker could possibly use this issue to cause
Python to consume resources, leading to a denial of service.
(CVE-2024-7592)