DSA-5560-1 strongswan - security update

Read Time:24 Second

Florian Picca reported a bug the charon-tkm daemon in strongSwan an IKE/IPsec
suite.

The TKM-backed version of the charon IKE daemon (charon-tkm) doesn’t
check the length of received Diffie-Hellman public values before copying
them to a fixed-size buffer on the stack, causing a buffer overflow that
could potentially be exploited for remote code execution by sending a
specially crafted and unauthenticated IKE_SA_INIT message.

https://security-tracker.debian.org/tracker/DSA-5560-1

mingw-poppler-24.02.0-4.fc41

FEDORA-2025-e39bfb1baa Packages in this update: mingw-poppler-24.02.0-4.fc41 Update description: Backport fix for CVE-2024-56378. Read More

January 1, 2025

mingw-poppler-24.02.0-4.fc40

FEDORA-2025-ed039a54de Packages in this update: mingw-poppler-24.02.0-4.fc40 Update description: Backport fix for CVE-2024-56378. Read More

January 1, 2025

gimp-2.10.38-12.fc40

FEDORA-2024-ccdbd92d7b Packages in this update: gimp-2.10.38-12.fc40 Update description: This update fixes issues with loading TGA and XCF files. Read More

December 31, 2024

Multiple vulnerabilities in CTFd versions <= 3.7.4

Posted by Blazej Adamczyk on Dec 30 ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ Multiple vulnerabilities in CTFd versions <= 3.7.4 ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 1 General information ═════════════════════......

December 31, 2024

IBMi Navigator / CVE-2024-51464 / HTTP Security Token Bypass

Posted by hyp3rlinx on Dec 30 [+] Credits: John Page (aka hyp3rlinx) [+] Website: hyp3rlinx.altervista.org [+] Source: https://hyp3rlinx.altervista.org/advisories/IBMi_Navigator_HTTP_Security_Token_Bypass-CVE-2024-51464.txt [+] x.com/hyp3rlinx...

December 31, 2024

IBMi Navigator / CVE-2024-51463 / Server Side Request Forgery (SSRF)

Posted by hyp3rlinx on Dec 30 [+] Credits: John Page (aka hyp3rlinx) [+] Website: hyp3rlinx.altervista.org [+] Source: https://hyp3rlinx.altervista.org/advisories/IBMi_Navigator_Server_Side_Request_Forgery_CVE-2024-51463.txt [+] x.com/hyp3rlinx...

December 31, 2024

Gift Card Fraud

U.S. Army Soldier Arrested in AT&T, Verizon Extortions

Salt Typhoon’s Reach Continues to Grow

Majority of UK SMEs Lack Cybersecurity Policy

Happy 15th Anniversary, KrebsOnSecurity!

CISA’s 2024 Review Highlights Major Efforts in Cybersecurity Industry Collaboration

Casino Players Using Hidden Cameras for Cheating

Friday Squid Blogging: Squid on Pizza

Scams Based on Fake Google Emails

DSA-5560-1 strongswan – security update

mingw-poppler-24.02.0-4.fc41

mingw-poppler-24.02.0-4.fc40

gimp-2.10.38-12.fc40

Multiple vulnerabilities in CTFd versions <= 3.7.4

IBMi Navigator / CVE-2024-51464 / HTTP Security Token Bypass

IBMi Navigator / CVE-2024-51463 / Server Side Request Forgery (SSRF)