Category Archives: Advisories

clamav-1.0.7-1.el9

Read Time:26 Second

FEDORA-EPEL-2024-702a565078

Packages in this update:

clamav-1.0.7-1.el9

Update description:

Update to 1.0.7

CVE-2024-20506: Changed the logging module to disable following symlinks on Linux and Unix systems so as to prevent an attacker with existing access to the ‘clamd’ or ‘freshclam’ services from using a symlink to corrupt system files.
CVE-2024-20505: Fixed a possible out-of-bounds read bug in the PDF file parser that could cause a denial-of-service (DoS) condition.

Read More

clamav-1.0.7-1.fc41

Read Time:25 Second

FEDORA-2024-0d7eb64d90

Packages in this update:

clamav-1.0.7-1.fc41

Update description:

Update to 1.0.7

CVE-2024-20506: Changed the logging module to disable following symlinks on Linux and Unix systems so as to prevent an attacker with existing access to the ‘clamd’ or ‘freshclam’ services from using a symlink to corrupt system files.
CVE-2024-20505: Fixed a possible out-of-bounds read bug in the PDF file parser that could cause a denial-of-service (DoS) condition.

Read More

ZDI-24-1193: Delta Electronics DIAScreen DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

Read Time:17 Second

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DIAScreen. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-7502.

Read More

python-django-4.2.16-1.fc41

Read Time:12 Second

FEDORA-2024-396c94f0a3

Packages in this update:

python-django-4.2.16-1.fc41

Update description:

urlize and urlizetrunc were subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters.

Read More

python-django-4.2.16-1.fc39

Read Time:12 Second

FEDORA-2024-e2bde0853b

Packages in this update:

python-django-4.2.16-1.fc39

Update description:

urlize and urlizetrunc were subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters.

Read More