405 matches found
Important: Red Hat Security Advisory: osbuild-composer security update
An update for osbuild-composer is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
Important: Red Hat Security Advisory: osbuild-composer security update
An update for osbuild-composer is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
ALSA-2024:7262 Important: osbuild-composer security update
A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for local usage, it can also upload images directly to cloud. It is compatible with composer-cli and cockpit-composer clients. Security Fixes:...
Important: osbuild-composer security update
A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for local usage, it can also upload images directly to cloud. It is compatible with composer-cli and cockpit-composer clients. Security Fixes:...
proc-macro-error is unmaintained
proc-macro-error's maintainer seems to be unreachable, with no commits for 2 years, no releases pushed for 4 years, and no activity on the GitLab repo or response to email. proc-macro-error also depends on syn 1.x, which may be bringing duplicate dependencies into dependant build trees. Possible...
The vulnerability of the Git-based software platform for collaborative code development on GitLab, related to uncontrolled resource consumption, allows a hacker to trigger a service failure.
The vulnerability of the Git-based software platform for collaborative code development on GitLab is related to an uncontrolled resource consumption caused by the use of regular expressions in handling invalid commits. Exploiting this vulnerability can allow a malicious actor to cause service...
UBUNTU-CVE-2024-3114
An issue was discovered in GitLab CE/EE affecting all versions starting from 11.10 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2, with the processing logic for parsing invalid commits can lead to a regular expression DoS attack on the server...
GitLab 11.10 < 17.0.6 / 17.1 < 17.1.4 / 17.2 < 17.2.2 (CVE-2024-3114)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue was discovered in GitLab CE/EE affecting all versions starting from 11.10 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2, with the processing logic for parsing invalid commit...
There is no real fix to the security issues recently found in GitHub and other similar software
A recently discovered security issue in GitHub and other, similar, control system products seem to fit into the classic "its a feature, not a bug" category. Security researchers last week published their findings into some research of how deleted forks in GitHub work, potentially leaving the door...
BIT-GITLAB-2024-0231 Improper Control of Resource Identifiers ('Resource Injection') in GitLab
A resource misdirection vulnerability in GitLab CE/EE versions 12.0 prior to 17.0.5, 17.1 prior to 17.1.3, and 17.2 prior to 17.2.1 allows an attacker to craft a repository import in such a way as to misdirect commits...
UBUNTU-CVE-2024-0231
A resource misdirection vulnerability in GitLab CE/EE versions 12.0 prior to 17.0.5, 17.1 prior to 17.1.3, and 17.2 prior to 17.2.1 allows an attacker to craft a repository import in such a way as to misdirect commits...
CVE-2024-0231 Improper Control of Resource Identifiers ('Resource Injection') in GitLab
A resource misdirection vulnerability in GitLab CE/EE versions 12.0 prior to 17.0.5, 17.1 prior to 17.1.3, and 17.2 prior to 17.2.1 allows an attacker to craft a repository import in such a way as to misdirect commits...
CVE-2022-48817
CVE-2022-48817 is a Linux kernel issue affecting the ar9331 MDIO switch under the DSA subsystem. The root cause is that mdiobus registration was done under devres and could be freed by devm_mdiobus_free() via device core shutdown, leading to a panic if the bus was still registered. The advisory e...
CVE-2024-40927
In the Linux kernel, the following vulnerability has been resolved: xhci: Handle TD clearing for multiple streams case When multiple streams are in use, multiple TDs might be in flight when an endpoint is stopped. We need to issue a Set TR Dequeue Pointer for each, to ensure everything is reset...
SUSE CVE-2024-35932
In the Linux kernel, the following vulnerability has been resolved: drm/vc4: don't check if plane-state-fb == state-fb Currently, when using non-blocking commits, we can see the following kernel warning: 110.908514 ------------ cut here ------------ 110.908529 refcountt: underflow; use-after-free...
DEBIAN-CVE-2024-35932
In the Linux kernel, the following vulnerability has been resolved: drm/vc4: don't check if plane-state-fb == state-fb Currently, when using non-blocking commits, we can see the following kernel warning: 110.908514 ------------ cut here ------------ 110.908529 refcountt: underflow; use-after-free...
AZL-67691 CVE-2024-35932 affecting package kernel 5.15.200.1-1
In the Linux kernel, the following vulnerability has been resolved: drm/vc4: don't check if plane-state-fb == state-fb Currently, when using non-blocking commits, we can see the following kernel warning: 110.908514 ------------ cut here ------------ 110.908529 refcountt: underflow; use-after-free...
CVE-2024-35932
In the Linux kernel, the following vulnerability has been resolved: drm/vc4: don't check if plane-state-fb == state-fb Currently, when using non-blocking commits, we can see the following kernel warning: 110.908514 ------------ cut here ------------ 110.908529 refcountt: underflow; use-after-free...
UBUNTU-CVE-2024-35932
In the Linux kernel, the following vulnerability has been resolved: drm/vc4: don't check if plane-state-fb == state-fb Currently, when using non-blocking commits, we can see the following kernel warning: 110.908514 ------------ cut here ------------ 110.908529 refcountt: underflow; use-after-free...
CVE-2024-35932 drm/vc4: don't check if plane->state->fb == state->fb
In the Linux kernel, the following vulnerability has been resolved: drm/vc4: don't check if plane-state-fb == state-fb Currently, when using non-blocking commits, we can see the following kernel warning: 110.908514 ------------ cut here ------------ 110.908529 refcountt: underflow; use-after-free...