The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. If non-default HTTP connector settings were used such that the maxParameterCount could be reached using query string parameters and a request was submitted that supplied exactly maxParameterCount parameters
Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if the case used for this header does not exactly match. (CVE-2023-32762) QTextLayout buffer overflow in SVG file rendering. (CVE-2023-32763)
Possible command injection in the Backend Error Handler (CVE-2023-24805) References: - https://bugs.mageia.org/show_bug.cgi?id=31939 - https://www.openwall.com/lists/oss-security/2023/05/17/5
An issue found in TCPreplay tcprewrite v.4.4.3 allows a remote attacker to cause a denial of service via the tcpedit_dlt_cleanup function at plugins/dlt_plugins.c. (CVE-2023-27783) An issue found in TCPReplay v.4.4.3 allows a remote attacker to cause a
CREATE SCHEMA ... schema_element defeats protective search_path changes. (CVE-2023-2454) Row security policies disregard user ID changes after inlining. (CVE-2023-2455)
Updates python3-reportlab includes a security fix and other minor bug fixes. See references for details. References: - https://bugs.mageia.org/show_bug.cgi?id=31927
It is possible for function spider_db_mbase::print_warnings to dereference a null pointer. (CVE-2022-47015) References: - https://bugs.mageia.org/show_bug.cgi?id=31920
Potential NULL dereference during rekeying with algorithm guessing. (CVE-2023-1667) Authorization bypass in pki_verify_data_signature. (CVE-2023-2283 References:
ReDoS (Regular Expression Denial of Service) (CVE-2023-30608) References: - https://bugs.mageia.org/show_bug.cgi?id=31913 - https://ubuntu.com/security/notices/USN-6064-1
An integer overflow vulnerability was discovered in Freetype in tt_hvadvance_adjust() function in src/truetype/ttgxvar.c. (CVE-2023-2004) References: - https://bugs.mageia.org/show_bug.cgi?id=31887
cmark incorrectly handled certain inputs. Fixes quadratic complexity in handle_close_bracket "![[]()" which may lead to a denial of service (CVE-2023-22486). Noting that this also fixes a quadratic parsing issue with repeated
Dmidecode allows -dump-bin to overwrite a local file. This has security relevance because, for example, execution of Dmidecode via Sudo is plausible. (CVE-2023-30630) References:
Patchelf v0.9 was discovered to contain an out-of-bounds read via the function modifyRPath at src/patchelf.cc. (CVE-2022-44940) References: - https://bugs.mageia.org/show_bug.cgi?id=31880
A buffer overflow vulnerability exists in the handling of wildcard backend hosts of SNIProxy. A specially crafted HTTP or TLS packet can lead to arbitrary code execution. An attacker could send a malicious packet to trigger this vulnerability. (CVE-2023-25076)
HTML document may be able to render iframes with sensitive user information (CVE-2022-0108) maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-32885) use-after-free vulnerability exists in WebCore::RenderLayer. This issue
Denial of service caused by handling a malicious text-form variant. (CVE-2023-24593) Denial of service caused by malicious serialised variant. (CVE-2023-25180) References:
HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall (CVE-2022-48279) Incorrect handling of '\0' bytes in file uploads in ModSecurity may allow for Web Application Firewall bypasses and buffer over-reads on the Web Application Firewall when executing rules that read the FILES_TMP_CONTENT
Various security, performance, accuracy and stability issues. See referenced package announcements for details. References: - https://bugs.mageia.org/show_bug.cgi?id=30375
This kernel-linus update is based on upstream 5.15.110 and fixes atleast the following security issues: A slab-out-of-bound read problem was found in brcmf_get_assoc_ies in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c.
Browser prompts could have been obscured by popups. (CVE-2023-32205) Crash in RLBox Expat driver. (CVE-2023-32206) Potential permissions request bypass via clickjacking. (CVE-2023-32207) Content process crash due to invalid wasm code. (CVE-2023-32211) Potential spoof due to obscured address bar. (CVE-2023-32212)
Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.
Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.
