SUSE-SU-2026:1970-1 Security update for php-composer2

This update for php-composer2 fixes the following issues - CVE-2026-40176: command injection via malicious Perforce repository definition bsc1262254. - CVE-2026-40261: command injection via malicious Perforce source reference/url bsc1262255. Changes for php-composer2: - version update to 2.2.27...

Friday Squid Blogging: Jurassic Fish Chokes on Squid

Here's a fossil of a 150-million year old fish that choked to death on a belemnite rostrum : the hard, internal shell of an extinct, squid-like animal. Original paper. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Blog moderation...

EUVD-2021-22993

Malware in sbrugna...

EUVD-2020-17331

Malware in sbrugna...

EUVD-2017-8622

Malware in sbrugna...

Friday Squid Blogging: The Origin and Propagation of Squid

New research paywalled: Editor 's summary: Cephalopods are one of the most successful marine invertebrates in modern oceans, and they have a 500-million-year-old history. However, we know very little about their evolution because soft-bodied animals rarely fossilize. Ikegami et al. developed an...

Linux Distros Unpatched Vulnerability : CVE-2021-36377

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Fossil before 2.14.2 and 2.15.x before 2.15.2 often skips the hostname check during TLS certificate validation. CVE-2021-36377 Note that Nessus relies on the...

Linux Distros Unpatched Vulnerability : CVE-2020-24614

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Fossil before 2.10.2, 2.11.x before 2.11.2, and 2.12.x before 2.12.1 allows remote authenticated users to execute arbitrary code. An attacker must have check-in...

Linux Distros Unpatched Vulnerability : CVE-2017-17459

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - httptransport.c in Fossil before 2.4, when the SSH sync protocol is used, allows user-assisted remote attackers to execute arbitrary commands via an ssh URL wit...

Linux Distros Unpatched Vulnerability : CVE-2022-34009

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Fossil 2.18 on Windows allows attackers to cause a denial of service daemon crash via an XSS payload in a ticket. This occurs because the ticket data is stored ...

Squid Dominated the Oceans in the Late Cretaceous

New research: One reason the early years of squids has been such a mystery is because squids' lack of hard shells made their fossils hard to come by. Undeterred, the team instead focused on finding ancient squid beaks--hard mouthparts with high fossilization potential that could help the team...

CVE-2022-34009

Fossil 2.18 on Windows allows attackers to cause a denial of service daemon crash via an XSS payload in a ticket. This occurs because the ticket data is stored in a temporary file, and the product does not properly handle the absence of this file after Windows Defender has flagged it as malware...

Debian: Security Advisory (DLA-4158-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 4158-1] fossil security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4158-1 [email protected] https://www.debian.org/lts/security/ Sylvain Beucler May 09, 2025 https://wiki.debian.org/LTS -...

Debian dla-4158 : fossil - security update

The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dla-4158 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4158-1 [email protected] https://www.debian.org/lts/security/...

DLA-4158-1 fossil - HTTP client fix

Bulletin has no description...

Friday Squid Blogging: New Squid Fossil

A 450-million-year-old squid fossil was dug up in upstate New York. Blog moderation policy...

Siemens Omnivise T3000 安全漏洞

The Omnivise T3000 is a distributed control system for fossil fuel and large renewable energy power plants. A code execution vulnerability exists in the Siemens Omnivise T3000 Application Server that could be exploited by a local, authenticated attacker to execute arbitrary code with elevated...

OPENSUSE-SU-2024:10479-1 fossil-1.35-1.3 on GA media

These are all security issues fixed in the fossil-1.35-1.3 package on the GA media of openSUSE Tumbleweed...

Debian: Security Advisory (DLA-3819-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...