Category Archives: Advisories

python3.9-3.9.19-5.fc42

Read Time:18 Second

FEDORA-2024-26ff70f1ec

Packages in this update:

python3.9-3.9.19-5.fc42

Update description:

Automatic update for python3.9-3.9.19-5.fc42.

Changelog

* Tue Aug 13 2024 Lumír Balhar <lbalhar@redhat.com> – 3.9.19-5
– Security fix for CVE-2024-4032 (rhbz#2293397)
– Security fix for CVE-2024-6923 (rhbz#2303164)

Read More

python-webob-1.8.8-1.fc41

Read Time:25 Second

FEDORA-2024-b4c4fd0879

Packages in this update:

python-webob-1.8.8-1.fc41

Update description:

Automatic update for python-webob-1.8.8-1.fc41.

Changelog

* Thu Aug 15 2024 Ján ONDREJ (SAL) <ondrejj(at)salstar.sk> – 1.8.8-1
– Update to upstream. Fix open redirect issue in 1.8-branch rhbz#2305065
– pypi_source constructed manually according to project/name case inconsistency
– only require legacy-cgi on on systems where it’s present
– remove python3.9 patch (applied upstream)

Read More

python-webob-1.8.8-1.fc42

Read Time:25 Second

FEDORA-2024-3e0d8c04fc

Packages in this update:

python-webob-1.8.8-1.fc42

Update description:

Automatic update for python-webob-1.8.8-1.fc42.

Changelog

* Thu Aug 15 2024 Ján ONDREJ (SAL) <ondrejj(at)salstar.sk> – 1.8.8-1
– Update to upstream. Fix open redirect issue in 1.8-branch rhbz#2305065
– pypi_source constructed manually according to project/name case inconsistency
– only require legacy-cgi on on systems where it’s present
– remove python3.9 patch (applied upstream)

Read More

Microsoft Multiple Actively Exploited Vulnerabilities

Read Time:1 Minute, 10 Second

What are the Vulnerabilities?Threat actors are exploiting multiple zero-day vulnerabilities that were recently disclosed on the Microsoft Security Patch Tuesday- August, 2024. The six actively exploited zero-day vulnerabilities were also added to CISA’s Known Exploited Vulnerabilities catalog (KEV) after the disclosure. [August 2024 Security Updates- Release Notes- Microsoft]• CVE-2024-38189: Microsoft Project Remote Code Execution Vulnerability• CVE-2024-38178: Microsoft Windows Scripting Engine Memory Corruption Vulnerability• CVE-2024-38213: Microsoft Windows SmartScreen Security Feature Bypass Vulnerability• CVE-2024-38193: Microsoft Windows Ancillary Function Driver for WinSock Privilege Escalation Vulnerability• CVE-2024-38106: Microsoft Windows Kernel Privilege Escalation Vulnerability• CVE-2024-38107: Microsoft Windows Power Dependency Coordinator Privilege Escalation VulnerabilityWhat is the recommended Mitigation?Microsoft has released security updates for these actively exploited vulnerabilities along with other publicly disclosed vulnerabilities. Please see Appendix for the Individual Microsoft Security update guide.What FortiGuard Coverage is available?FortiGuard Labs recommends users to apply the patches released by Microsoft immediately to secure their systems.FortiGuard Endpoint Vulnerability Service provides a systematic and automated method of patching applications on an endpoint, eliminating manual processes while reducing the attack surface.Endpoint Vulnerability | FortiGuard LabsFortiGuard IPS Signatures are available for protection against the exploitation of vulnerabilities where applicable. Intrusion Prevention | CVE-2024-38178 Intrusion Prevention | CVE-2024-38193Intrusion Prevention | CVE-2024-38106The FortiGuard Incident Response team can be engaged to help with any suspected compromise.

Read More