Read Time:7 Second
Hiroki Kurosawa discovered that curl incorrectly handled certain OCSP
responses. This could result in bad certificates not being checked
properly, contrary to expectations.
Category Archives: Advisories
USN-7011-1: ClamAV vulnerabilities
Read Time:19 Second
It was discovered that ClamAV incorrectly handled certain PDF files. A
remote attacker could possibly use this issue to cause ClamAV to crash,
resulting in a denial of service. (CVE-2024-20505)
It was discovered that ClamAV incorrectly handled logfile privileges. A
local attacker could use this issue to cause ClamAV to overwrite arbitrary
files, possibly leading to privilege escalation. (CVE-2024-20506)
USN-6560-3: OpenSSH vulnerability
Read Time:15 Second
USN-6560-2 fixed a vulnerability in OpenSSH. This update provides
the corresponding update for Ubuntu 16.04 LTS.
Original advisory details:
It was discovered that OpenSSH incorrectly handled user names or host
names with shell metacharacters. An attacker could possibly use this
issue to perform OS command injection.
iwd-2.22-1.fc41
Read Time:10 Second
FEDORA-2024-5d6c951b0b
Packages in this update:
iwd-2.22-1.fc41
Update description:
iwd 2.22:
Fix issue with handling the Affinities property.
Fix issue with handling ConnectedAccessPoint signal when roaming.
Raisecom Gateway Command Injection (CVE-2024-7120)
Read Time:39 Second
What is the Attack?FortiGuard Labs observes attack attempts targeting certain models of Raisecom Gateway that are vulnerable to CVE-2024-7120. This attack can be initiated remotely and may lead to OS command injection. Exploit for this vulnerability has also been disclosed to the public.What is the recommended Mitigation?Currently we are unaware of any vendor-supplied patch or updates available for this issue. According to the NVD, Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 3.90 are affected by the vulnerability (CVE-2024-7120). What FortiGuard Coverage is available?Fortinet customers remain protected through the IPS (Intrusion Prevention System) Service to detect and block any attack attempts targeting the vulnerability. Intrusion Prevention | FortiGuard LabsThe FortiGuard Incident Response team can be engaged to help with any suspected compromise.
Ivanti Cloud Services Appliance (CSA) OS Command Injection Vulnerability (CVE-2024-8190)
Read Time:1 Minute, 0 Second
What is the Vulnerability?An OS command injection vulnerability in Ivanti Cloud Services Appliance (CSA) version 4.6 allows an authenticated attacker to remotely execute code. The attacker must have admin level privileges to exploit the vulnerability tagged as CVE-2024-8190 and successful exploitation could lead to unauthorized access to the device running the CSA. The Cybersecurity and Infrastructure Security Agency (CISA) has added this vulnerability to its Known Exploited Vulnerabilities (KEV) list on September 13, 2024.What is the recommended Mitigation?At this time, Ivanti has confirmed limited exploitation and urges its customers to upgrade to CSA version 5.0 for continued support. Ivanti no longer supports CSA 4.6 which has reached end-of-life. https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Cloud-Service-Appliance-CSA-CVE-2024-8190 What FortiGuard Coverage is available?FortiGuard Labs recommends users to apply the patches released by the vendor to secure their systems and follow their system hardening guidelines.The FortiGuard Incident Response team can be engaged to help with any suspected compromise.FortiGuard Labs team is further investigating to provide protections and will update this Threat Signal Report with more information once it becomes available.
jupyterlab-4.2.5-1.fc40 python-jupyterlab-server-2.27.3-2.fc40 python-notebook-7.2.2-1.fc40
Read Time:12 Second
FEDORA-2024-a3a82a256d
Packages in this update:
jupyterlab-4.2.5-1.fc40
python-jupyterlab-server-2.27.3-2.fc40
python-notebook-7.2.2-1.fc40
Update description:
Update jupyterlab and python-notebook to fix CVE-2024-43805.
jupyterlab-4.2.5-1.fc41 python-notebook-7.2.2-1.fc41
Read Time:10 Second
FEDORA-2024-4b5f3d51ca
Packages in this update:
jupyterlab-4.2.5-1.fc41
python-notebook-7.2.2-1.fc41
Update description:
Update jupyterlab and python-notebook to fix CVE-2024-43805.
microcode_ctl-2.1-58.3.fc39
Read Time:3 Minute, 35 Second
FEDORA-2024-1d4155bd39
Packages in this update:
microcode_ctl-2.1-58.3.fc39
Update description:
Update to upstream 2.1-45. 20240910
Update of 06-97-02/0x07 (ADL-HX/S 8+8 C0) microcode from revision
0x35 up to 0x36;
Update of 06-97-05/0x07 (ADL-S 6+0 K0) microcode (in
intel-ucode/06-97-02) from revision 0x35 up to 0x36;
Update of 06-bf-02/0x07 (ADL C0) microcode (in intel-ucode/06-97-02)
from revision 0x35 up to 0x36;
Update of 06-bf-05/0x07 (ADL C0) microcode (in intel-ucode/06-97-02)
from revision 0x35 up to 0x36;
Update of 06-97-02/0x07 (ADL-HX/S 8+8 C0) microcode (in
intel-ucode/06-97-05) from revision 0x35 up to 0x36;
Update of 06-97-05/0x07 (ADL-S 6+0 K0) microcode from revision 0x35
up to 0x36;
Update of 06-bf-02/0x07 (ADL C0) microcode (in intel-ucode/06-97-05)
from revision 0x35 up to 0x36;
Update of 06-bf-05/0x07 (ADL C0) microcode (in intel-ucode/06-97-05)
from revision 0x35 up to 0x36;
Update of 06-9a-03/0x80 (ADL-P 6+8/U 9W L0/R0) microcode from revision
0x433 up to 0x434;
Update of 06-9a-04/0x80 (ADL-P 2+8 R0) microcode (in
intel-ucode/06-9a-03) from revision 0x433 up to 0x434;
Update of 06-9a-03/0x80 (ADL-P 6+8/U 9W L0/R0) microcode (in
intel-ucode/06-9a-04) from revision 0x433 up to 0x434;
Update of 06-9a-04/0x80 (ADL-P 2+8 R0) microcode from revision 0x433
up to 0x434;
Update of 06-aa-04/0xe6 (MTL-H/U C0) microcode from revision 0x1e
up to 0x1f;
Update of 06-b7-01/0x32 (RPL-S B0) microcode from revision 0x123 up
to 0x129;
Update of 06-ba-02/0xe0 (RPL-H 6+8/P 6+8 J0) microcode from revision
0x4121 up to 0x4122;
Update of 06-ba-03/0xe0 (RPL-U 2+8 Q0) microcode (in
intel-ucode/06-ba-02) from revision 0x4121 up to 0x4122;
Update of 06-ba-08/0xe0 microcode (in intel-ucode/06-ba-02) from
revision 0x4121 up to 0x4122;
Update of 06-ba-02/0xe0 (RPL-H 6+8/P 6+8 J0) microcode (in
intel-ucode/06-ba-03) from revision 0x4121 up to 0x4122;
Update of 06-ba-03/0xe0 (RPL-U 2+8 Q0) microcode from revision 0x4121
up to 0x4122;
Update of 06-ba-08/0xe0 microcode (in intel-ucode/06-ba-03) from
revision 0x4121 up to 0x4122;
Update of 06-ba-02/0xe0 (RPL-H 6+8/P 6+8 J0) microcode (in
intel-ucode/06-ba-08) from revision 0x4121 up to 0x4122;
Update of 06-ba-03/0xe0 (RPL-U 2+8 Q0) microcode (in
intel-ucode/06-ba-08) from revision 0x4121 up to 0x4122;
Update of 06-ba-08/0xe0 microcode from revision 0x4121 up to 0x4122;
Update of 06-97-02/0x07 (ADL-HX/S 8+8 C0) microcode (in
intel-ucode/06-bf-02) from revision 0x35 up to 0x36;
Update of 06-97-05/0x07 (ADL-S 6+0 K0) microcode (in
intel-ucode/06-bf-02) from revision 0x35 up to 0x36;
Update of 06-bf-02/0x07 (ADL C0) microcode from revision 0x35 up
to 0x36;
Update of 06-bf-05/0x07 (ADL C0) microcode (in intel-ucode/06-bf-02)
from revision 0x35 up to 0x36;
Update of 06-97-02/0x07 (ADL-HX/S 8+8 C0) microcode (in
intel-ucode/06-bf-05) from revision 0x35 up to 0x36;
Update of 06-97-05/0x07 (ADL-S 6+0 K0) microcode (in
intel-ucode/06-bf-05) from revision 0x35 up to 0x36;
Update of 06-bf-02/0x07 (ADL C0) microcode (in intel-ucode/06-bf-05)
from revision 0x35 up to 0x36;
Update of 06-bf-05/0x07 (ADL C0) microcode from revision 0x35 up
to 0x36;
Update of 06-be-00/0x19 (ADL-N A0) microcode from revision 0x17 up
to 0x1a (old pf 0x11).
Addresses CVE-2024-23984, CVE-2024-24968
Added the documentation directory to the list of files owned by the package
microcode_ctl-2.1-61.3.fc40
Read Time:3 Minute, 35 Second
FEDORA-2024-e6b5e38ae6
Packages in this update:
microcode_ctl-2.1-61.3.fc40
Update description:
Update to upstream 2.1-45. 20240910
Update of 06-97-02/0x07 (ADL-HX/S 8+8 C0) microcode from revision
0x35 up to 0x36;
Update of 06-97-05/0x07 (ADL-S 6+0 K0) microcode (in
intel-ucode/06-97-02) from revision 0x35 up to 0x36;
Update of 06-bf-02/0x07 (ADL C0) microcode (in intel-ucode/06-97-02)
from revision 0x35 up to 0x36;
Update of 06-bf-05/0x07 (ADL C0) microcode (in intel-ucode/06-97-02)
from revision 0x35 up to 0x36;
Update of 06-97-02/0x07 (ADL-HX/S 8+8 C0) microcode (in
intel-ucode/06-97-05) from revision 0x35 up to 0x36;
Update of 06-97-05/0x07 (ADL-S 6+0 K0) microcode from revision 0x35
up to 0x36;
Update of 06-bf-02/0x07 (ADL C0) microcode (in intel-ucode/06-97-05)
from revision 0x35 up to 0x36;
Update of 06-bf-05/0x07 (ADL C0) microcode (in intel-ucode/06-97-05)
from revision 0x35 up to 0x36;
Update of 06-9a-03/0x80 (ADL-P 6+8/U 9W L0/R0) microcode from revision
0x433 up to 0x434;
Update of 06-9a-04/0x80 (ADL-P 2+8 R0) microcode (in
intel-ucode/06-9a-03) from revision 0x433 up to 0x434;
Update of 06-9a-03/0x80 (ADL-P 6+8/U 9W L0/R0) microcode (in
intel-ucode/06-9a-04) from revision 0x433 up to 0x434;
Update of 06-9a-04/0x80 (ADL-P 2+8 R0) microcode from revision 0x433
up to 0x434;
Update of 06-aa-04/0xe6 (MTL-H/U C0) microcode from revision 0x1e
up to 0x1f;
Update of 06-b7-01/0x32 (RPL-S B0) microcode from revision 0x123 up
to 0x129;
Update of 06-ba-02/0xe0 (RPL-H 6+8/P 6+8 J0) microcode from revision
0x4121 up to 0x4122;
Update of 06-ba-03/0xe0 (RPL-U 2+8 Q0) microcode (in
intel-ucode/06-ba-02) from revision 0x4121 up to 0x4122;
Update of 06-ba-08/0xe0 microcode (in intel-ucode/06-ba-02) from
revision 0x4121 up to 0x4122;
Update of 06-ba-02/0xe0 (RPL-H 6+8/P 6+8 J0) microcode (in
intel-ucode/06-ba-03) from revision 0x4121 up to 0x4122;
Update of 06-ba-03/0xe0 (RPL-U 2+8 Q0) microcode from revision 0x4121
up to 0x4122;
Update of 06-ba-08/0xe0 microcode (in intel-ucode/06-ba-03) from
revision 0x4121 up to 0x4122;
Update of 06-ba-02/0xe0 (RPL-H 6+8/P 6+8 J0) microcode (in
intel-ucode/06-ba-08) from revision 0x4121 up to 0x4122;
Update of 06-ba-03/0xe0 (RPL-U 2+8 Q0) microcode (in
intel-ucode/06-ba-08) from revision 0x4121 up to 0x4122;
Update of 06-ba-08/0xe0 microcode from revision 0x4121 up to 0x4122;
Update of 06-97-02/0x07 (ADL-HX/S 8+8 C0) microcode (in
intel-ucode/06-bf-02) from revision 0x35 up to 0x36;
Update of 06-97-05/0x07 (ADL-S 6+0 K0) microcode (in
intel-ucode/06-bf-02) from revision 0x35 up to 0x36;
Update of 06-bf-02/0x07 (ADL C0) microcode from revision 0x35 up
to 0x36;
Update of 06-bf-05/0x07 (ADL C0) microcode (in intel-ucode/06-bf-02)
from revision 0x35 up to 0x36;
Update of 06-97-02/0x07 (ADL-HX/S 8+8 C0) microcode (in
intel-ucode/06-bf-05) from revision 0x35 up to 0x36;
Update of 06-97-05/0x07 (ADL-S 6+0 K0) microcode (in
intel-ucode/06-bf-05) from revision 0x35 up to 0x36;
Update of 06-bf-02/0x07 (ADL C0) microcode (in intel-ucode/06-bf-05)
from revision 0x35 up to 0x36;
Update of 06-bf-05/0x07 (ADL C0) microcode from revision 0x35 up
to 0x36;
Update of 06-be-00/0x19 (ADL-N A0) microcode from revision 0x17 up
to 0x1a (old pf 0x11).
Addresses CVE-2024-23984, CVE-2024-24968
Added the documentation directory to the list of files owned by the package