Two vulnerabilities have been discovered in the IMAP implementation of
the Dovecot mail server: Excessive numbers of address headers or very
large headers can result in high CPU usage, leading to denial of
service.
DSA-5753-1 aom – security update
An integer overflow was discovered in aom, the AV1 Video Codec Library,
which could potentially result in the execution of arbitrary code if a
malformed media file is processed.
DSA-5754-1 cinder – security update
Martin Kaesberger discovered a vulnerability which affects multiple
OpenStack components (Nova, Glance and Cinder): Malformed QCOW2 disk
images may result in the disclosure of arbitrary files.
DSA-5755-1 glance – security update
Martin Kaesberger discovered a vulnerability which affects multiple
OpenStack components (Nova, Glance and Cinder): Malformed QCOW2 disk
images may result in the disclosure of arbitrary files.
DSA-5756-1 nova – security update
Martin Kaesberger discovered a vulnerability which affects multiple
OpenStack components (Nova, Glance and Cinder): Malformed QCOW2 disk
images may result in the disclosure of arbitrary files.
USN-6944-2: curl vulnerability
USN-6944-1 fixed CVE-2024-7264 for Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and
Ubuntu 24.04 LTS. This update provides the corresponding fix for
Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS.
Original advisory details:
Dov Murik discovered that curl incorrectly handled parsing ASN.1
Generalized Time fields. A remote attacker could use this issue to cause
curl to crash, resulting in a denial of service, or possibly obtain
sensitive memory contents.
Novel Phishing Method Used in Android/iOS Financial Fraud Campaigns
ESET detected a new phishing technique using progressive web applications (PWAs) as part of a large-scale mobile financial scam
New DNS-Based Backdoor Threat Discovered at Taiwanese University
The Msupedge backdoor communicates with a command-and-control server by using DNS traffic
Iranian Group TA453 Launches Phishing Attacks with BlackSmith
TA453, also known as Charming Kitten, launched a targeted phishing attack using PowerShell malware BlackSmith
USN-6970-1: exfatprogs vulnerability
It was discovered that exfatprogs incorrectly handled certain memory
operations. If a user or automated system were tricked into handling
specially crafted exfat partitions, a remote attacker could use this issue
to cause exfatprogs to crash, resulting in a denial of service, or possibly
execute arbitrary code.