Category Archives: Advisories

python-webob-1.8.8-1.fc41

Read Time:25 Second

FEDORA-2024-b4c4fd0879

Packages in this update:

python-webob-1.8.8-1.fc41

Update description:

Automatic update for python-webob-1.8.8-1.fc41.

Changelog

* Thu Aug 15 2024 Ján ONDREJ (SAL) <ondrejj(at)salstar.sk> – 1.8.8-1
– Update to upstream. Fix open redirect issue in 1.8-branch rhbz#2305065
– pypi_source constructed manually according to project/name case inconsistency
– only require legacy-cgi on on systems where it’s present
– remove python3.9 patch (applied upstream)

Read More

python-webob-1.8.8-1.fc42

Read Time:25 Second

FEDORA-2024-3e0d8c04fc

Packages in this update:

python-webob-1.8.8-1.fc42

Update description:

Automatic update for python-webob-1.8.8-1.fc42.

Changelog

* Thu Aug 15 2024 Ján ONDREJ (SAL) <ondrejj(at)salstar.sk> – 1.8.8-1
– Update to upstream. Fix open redirect issue in 1.8-branch rhbz#2305065
– pypi_source constructed manually according to project/name case inconsistency
– only require legacy-cgi on on systems where it’s present
– remove python3.9 patch (applied upstream)

Read More

Microsoft Multiple Actively Exploited Vulnerabilities

Read Time:1 Minute, 10 Second

What are the Vulnerabilities?Threat actors are exploiting multiple zero-day vulnerabilities that were recently disclosed on the Microsoft Security Patch Tuesday- August, 2024. The six actively exploited zero-day vulnerabilities were also added to CISA’s Known Exploited Vulnerabilities catalog (KEV) after the disclosure. [August 2024 Security Updates- Release Notes- Microsoft]• CVE-2024-38189: Microsoft Project Remote Code Execution Vulnerability• CVE-2024-38178: Microsoft Windows Scripting Engine Memory Corruption Vulnerability• CVE-2024-38213: Microsoft Windows SmartScreen Security Feature Bypass Vulnerability• CVE-2024-38193: Microsoft Windows Ancillary Function Driver for WinSock Privilege Escalation Vulnerability• CVE-2024-38106: Microsoft Windows Kernel Privilege Escalation Vulnerability• CVE-2024-38107: Microsoft Windows Power Dependency Coordinator Privilege Escalation VulnerabilityWhat is the recommended Mitigation?Microsoft has released security updates for these actively exploited vulnerabilities along with other publicly disclosed vulnerabilities. Please see Appendix for the Individual Microsoft Security update guide.What FortiGuard Coverage is available?FortiGuard Labs recommends users to apply the patches released by Microsoft immediately to secure their systems.FortiGuard Endpoint Vulnerability Service provides a systematic and automated method of patching applications on an endpoint, eliminating manual processes while reducing the attack surface.Endpoint Vulnerability | FortiGuard LabsFortiGuard IPS Signatures are available for protection against the exploitation of vulnerabilities where applicable. Intrusion Prevention | CVE-2024-38178 Intrusion Prevention | CVE-2024-38193Intrusion Prevention | CVE-2024-38106The FortiGuard Incident Response team can be engaged to help with any suspected compromise.

Read More

USN-6961-1: BusyBox vulnerabilities

Read Time:29 Second

It was discovered that BusyBox did not properly validate user input when
performing certain arithmetic operations. If a user or automated system
were tricked into processing a specially crafted file, an attacker could
possibly use this issue to cause a denial of service, or execute arbitrary
code. (CVE-2022-48174)

It was discovered that BusyBox incorrectly managed memory when evaluating
certain awk expressions. An attacker could possibly use this issue to cause
a denial of service, or execute arbitrary code. This issue only affected
Ubuntu 24.04 LTS. (CVE-2023-42363, CVE-2023-42364, CVE-2023-42365)

Read More