Ubuntu Security Notice 7015-6 - USN-7015-5 fixed vulnerabilities in python2.7. The update introduced several minor regressions. This update fixes the problem. It was discovered that the Python email module incorrectly parsed email addresses that contain special characters. A remote attacker could possibly use this issue to bypass certain protection mechanisms. It was discovered that Python allowed excessive backtracking while parsing certain tarfile headers. A remote attacker could possibly use this issue to cause Python to consume resources, leading to a denial of service. It was discovered that the Python email module incorrectly quoted newlines for email headers. A remote attacker could possibly use this issue to perform header injection. It was discovered that the Python http.cookies module incorrectly handled parsing cookies that contained backslashes for quoted characters. A remote attacker could possibly use this issue to cause Python to consume resources, leading to a denial of service. It was discovered that the Python zipfile module incorrectly handled certain malformed zip files. A remote attacker could possibly use this issue to cause Python to stop responding, resulting in a denial of service.
667ae966414c566b7ba032fe92060c7e3cfb42504b259cece2ff73a5eb36f7f3Nosebeard Labs has identified a critical vulnerability in the Apple system wide web content filter that allows a full bypass of content restrictions. This vulnerability, which occurs specifically when Screen Time content filtering settings are enabled, permits users or attackers to access restricted websites in Safari without detection. The timeline in this advisory is probably the most interesting thing to note. It shows a Fortune 10 ignoring a concern for years until a news article gets written, and that is truly disappointing. Do better Tim.
dac23cf7b975a01eefba7d69a286e43f5f4af5b56cf17d643a27e418ee7e60edRed Hat Security Advisory 2024-9576-03 - An update for libsoup is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Issues addressed include a HTTP request smuggling vulnerability.
23958c45faf18d097345e690bbd77323923f3d7ef42f4c6aa4c761749813cf87Red Hat Security Advisory 2024-9570-03 - An update for libsoup is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a HTTP request smuggling vulnerability.
c008f4c460101efbfd23172fa0bc55e1768e488f3af8e747150dd5134e118c14Ubuntu Security Notice 7015-5 - USN-7015-1 fixed several vulnerabilities in Python. This update provides the corresponding update for CVE-2024-6232 and CVE-2024-6923 for python2.7 in Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. It was discovered that the Python email module incorrectly parsed email addresses that contain special characters. A remote attacker could possibly use this issue to bypass certain protection mechanisms. It was discovered that Python allowed excessive backtracking while parsing certain tarfile headers. A remote attacker could possibly use this issue to cause Python to consume resources, leading to a denial of service. It was discovered that the Python email module incorrectly quoted newlines for email headers. A remote attacker could possibly use this issue to perform header injection. It was discovered that the Python http.cookies module incorrectly handled parsing cookies that contained backslashes for quoted characters. A remote attacker could possibly use this issue to cause Python to consume resources, leading to a denial of service. It was discovered that the Python zipfile module incorrectly handled certain malformed zip files. A remote attacker could possibly use this issue to cause Python to stop responding, resulting in a denial of service.
08f60811c86141139bb27d0271c6dc8fb3d71d45f06454f487eabe3442ba3aa1Ubuntu Security Notice 7104-1 - It was discovered that curl could overwrite the HSTS expiry of the parent domain with the subdomain's HSTS entry. This could lead to curl switching back to insecure HTTP earlier than otherwise intended, resulting in information exposure.
0f628650750691a59648b4a0228da093ce429c68aa5c949edc1146e5a110c9b2Ubuntu Security Notice 7113-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
dd5f06682ca93a1fe2093e0af57570ec9766114fd67a9256775ecb3b152853a5Red Hat Security Advisory 2024-9654-03 - An update for libsoup is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Issues addressed include a HTTP request smuggling vulnerability.
14a8714878a1421638c275067af274c146cde9a20961b22b0ac264e25c73719eUbuntu Security Notice 7111-1 - Philippe Antoine discovered that Go incorrectly handled crafted HTTP/2 streams. An attacker could possibly use this issue to cause a denial of service. Marten Seemann discovered that Go did not properly manage memory under certain circumstances. An attacker could possibly use this issue to cause a panic resulting in a denial of service. Ameya Darshan and Jakob Ackermann discovered that Go did not properly validate the amount of memory and disk files ReadForm can consume. An attacker could possibly use this issue to cause a panic resulting in a denial of service.
8309e2cc82bec72641de9766c00b5b04be56b3f96d79c53bdc77264e677a87a9TX Text Control .NET Server For ASP.NET has an issue where it was possible to change the configured system path for reading and writing files in the underlying operating system with privileges of the user running a web application.
87daef249524395b391c7767b295ddf96c40db5d4fbd376c76c034cc5844d043Ubuntu Security Notice 7109-1 - Philippe Antoine discovered that Go incorrectly handled crafted HTTP/2 streams. An attacker could possibly use this issue to cause a denial of service. Marten Seemann discovered that Go did not properly manage memory under certain circumstances. An attacker could possibly use this issue to cause a panic resulting in a denial of service. Ameya Darshan and Jakob Ackermann discovered that Go did not properly validate the amount of memory and disk files ReadForm can consume. An attacker could possibly use this issue to cause a panic resulting in a denial of service.
58c0bd17f1c8113660d80deb0928ae6b2fe30fb7373a788126eaeb55879ba80aRed Hat Security Advisory 2024-9573-03 - An update for libsoup is now available for Red Hat Enterprise Linux 8. Issues addressed include a HTTP request smuggling vulnerability.
a411110e03659ac41bbb02463e2b8c2f48e5af59d5009027810e4a45ead01796Red Hat Security Advisory 2024-9572-03 - An update for libsoup is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Issues addressed include a HTTP request smuggling vulnerability.
9f46c86dcc6ada4d635320c26267780c043507a83e6d6372534e320a3b2f9938Red Hat Security Advisory 2024-9566-03 - An update for libsoup is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include a HTTP request smuggling vulnerability.
1633b88577866c6c09e75bf0d0c57680a523acd883fe580880dcbd9ee578402dRed Hat Security Advisory 2024-9559-03 - An update for libsoup is now available for Red Hat Enterprise Linux 9. Issues addressed include a HTTP request smuggling vulnerability.
5e91b95ec1e29f865f463dce837f8aa4122489bc99dd2b0d277dad092bd3790fRed Hat Security Advisory 2024-9525-03 - An update for libsoup is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Issues addressed include a HTTP request smuggling vulnerability.
ab903037a6b97cb0363e655ad1e47d609650108489b69b881587fdedab97ff76Red Hat Security Advisory 2024-9524-03 - An update for libsoup is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a HTTP request smuggling vulnerability.
61ad8fd12a8476f96bfc3a6414f20fd9fbdcaf9eb70d721b5b89b5c32b3436a7Red Hat Security Advisory 2024-9501-03 - An update for libsoup is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Issues addressed include a HTTP request smuggling vulnerability.
704a72590fb25993a12f3032f36b7df590e0a78f8e66fd0644992050125ecb38Red Hat Security Advisory 2024-9306-03 - An update for httpd is now available for Red Hat Enterprise Linux 9. Issues addressed include a HTTP response splitting vulnerability.
da861725e4de66c134975faab6f764159682f498b51f01bcb20e783c545eb285Debian Linux Security Advisory 5805-1 - It was discovered that the daemon of the GNU Guix functional package manager was susceptible to privilege escalation.
d7113826f5a012f88420ff55af1ebd35c79c1c1fc958896fbdf57676776927d6Debian Linux Security Advisory 5804-1 - The following vulnerabilities have been discovered in the WebKitGTK web engine. An anonymous researcher, Q1IQ (@q1iqF) and P1umer discovered that processing maliciously crafted web content may lead to an unexpected process crash. Narendra Bhati discovered that processing maliciously crafted web content may prevent Content Security Policy from being enforced.
09f18ef696e1eb6325c7311ab9bc19d836da6ca05df20f1f98f6de0e2e800b67Debian Linux Security Advisory 5801-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, cross-site scripting, spoofing or information disclosure.
7663ad350ea4147d8c339e47d4e4c09f18b27dab1f732df508fa0ac88122a418Proof of concept exploit for a command injection vulnerability in CyberPanel. This vulnerability enables unauthenticated attackers to inject and execute arbitrary commands on vulnerable servers by sending crafted OPTIONS HTTP requests to /dns/getresetstatus and /ftp/getresetstatus endpoints, potentially leading to full system compromise. Versions prior to 1c0c6cb appear to be affected.
f67f580b585c400ff03b025158d51ee9a118eeef098fff7d55b85a53e5841da2Ubuntu Security Notice 7084-2 - USN-7084-1 fixed vulnerability in urllib3. This update provides the corresponding update for the urllib3 module bundled into pip. It was discovered that urllib3 didn't strip HTTP Proxy-Authorization header on cross-origin redirects. A remote attacker could possibly use this issue to obtain sensitive information.
312ed9f8bb4ab24eb7a502a24a8630b8be43aedef291065858629e605d73ca8dUbuntu Security Notice 7084-1 - It was discovered that urllib3 didn't strip HTTP Proxy-Authorization header on cross-origin redirects. A remote attacker could possibly use this issue to obtain sensitive information.
29ff94c3d9e8abedc1bc6ca7386296e337966fbed2dbee657de8625b278ef2ef
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed