An issue was discovered in ONOS 2.5.1. In IntentManager, the install-requested intent (which causes an exception) remains in pendingMap (in memory) forever. Deletion is possible neither by a user nor by the intermittent Intent Cleanup process.
Category Archives: Advisories
CVE-2021-38364
An issue was discovered in ONOS 2.5.1. There is an incorrect comparison of flow rules installed by intents. A remote attacker can install or remove a new intent, and consequently modify or delete the existing flow rules related to other intents.
CVE-2022-24035
An issue was discovered in ONOS 2.5.1. The purge-requested intent remains on the list, but it does not respond to changes in topology (e.g., link failure). In combination with other applications, it could lead to a failure of network management.
CVE-2022-24109
An issue was discovered in ONOS 2.5.1. To attack an intent installed by a normal user, a remote attacker can install a duplicate intent with a different key, and then remove the duplicate one. This will remove the flow rules of the intent, even though the intent still exists in the controller.
USN-6034-1: Dnsmasq vulnerability
It was discovered that Dnsmasq was sending large DNS messages
over UDP, possibly causing transmission failures due to IP
fragmentation. This update lowers the default maximum size of
DNS messages to improve transmission reliability over UDP.
python-setuptools-62.6.0-3.fc37
FEDORA-2023-60e2b22be0
Packages in this update:
python-setuptools-62.6.0-3.fc37
Update description:
Security fix for CVE-2022-40897
php-nyholm-psr7-1.7.0-1.fc38
FEDORA-2023-b0811dc6e4
Packages in this update:
php-nyholm-psr7-1.7.0-1.fc38
Update description:
Version 1.7.0
Bump to PHP 7.2 minimum
Allow psr/http-message v2
Use copy-on-write for streams created from strings
Version 1.6.1
Security fix: CVE-2023-29197
CVE-2014-125099
A vulnerability has been found in I Recommend This Plugin up to 3.7.2 on WordPress and classified as critical. Affected by this vulnerability is an unknown functionality of the file dot-irecommendthis.php. The manipulation leads to sql injection. The attack can be launched remotely. Upgrading to version 3.7.3 is able to address this issue. The name of the patch is 058b3ef5c7577bf557557904a53ecc8599b13649. It is recommended to upgrade the affected component. The identifier VDB-226309 was assigned to this vulnerability.
libsignal-protocol-c-2.3.3-7.fc36
FEDORA-2023-8b0938312e
Packages in this update:
libsignal-protocol-c-2.3.3-7.fc36
Update description:
Backport a fix for CVE-2022-48468 for protobuf-c, which is bundled in libsignal-protocol-c.
https://github.com/protobuf-c/protobuf-c/commit/ec3d900001a13ccdaa8aef996b34c61159c76217
https://github.com/protobuf-c/protobuf-c/issues/499
https://github.com/protobuf-c/protobuf-c/pull/513
https://github.com/protobuf-c/protobuf-c/releases/tag/v1.4.1
libsignal-protocol-c-2.3.3-8.fc37
FEDORA-2023-6cfe134db6
Packages in this update:
libsignal-protocol-c-2.3.3-8.fc37
Update description:
Backport a fix for CVE-2022-48468 for protobuf-c, which is bundled in libsignal-protocol-c.
https://github.com/protobuf-c/protobuf-c/commit/ec3d900001a13ccdaa8aef996b34c61159c76217
https://github.com/protobuf-c/protobuf-c/issues/499
https://github.com/protobuf-c/protobuf-c/pull/513
https://github.com/protobuf-c/protobuf-c/releases/tag/v1.4.1