251 matches found
Security Bulletin: TSSC/IMC is vulnerable to aritrary code excecution due to Java (CVE-2023-22081)
Summary TSSC/IMC is vulnerable to aritrary code excecution due to Dmidecode. A patch has been provided that updates the Java library. CVE-2023-22081 Vulnerability Details CVEID:CVE-2023-22081 DESCRIPTION: An unspecified vulnerability in Java SE related to the JSSE component could allow a remote...
AZL-79044 CVE-2024-24789 affecting package golang 1.25.7-1
The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects...
CLSA-2024-1713955813 Update of nss
Fix broken dependencies...
CLSA-2024-1710437080 bind: Fix of 2 CVEs
CVE-2023-50387: Resolved CPU exhaustion from specially crafted DNSSEC-signed zone responses - CVE-2023-50868: Resolved CPU exhaustion from DNSSEC-signed zones using NSEC3 - Enable internal tests by default...
CLSA-2024-1709729100 Update of nss
Update to CKBI 2.64 from NSS 3.95 - Removed: - Certificate "E-Tugra Certification Authority" - Certificate "Hongkong Post Root CA 1" - Certificate "Symantec Class 1 Public Primary Certification Authority - G6" - Certificate "Symantec Class 2 Public Primary Certification Authority - G6" -...
UBUNTU-CVE-2024-26308
Allocation of Resources Without Limits or Throttling vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.21 before 1.26. Users are recommended to upgrade to version 1.26, which fixes the issue...
CLSA-2024-1706697759 Fix CVE(s): CVE-2023-22081
OpenJDK 11.0.21 release, build 9. - CVE-2023-22081 - Release notes: https://mail.openjdk.org/pipermail/jdk-updates-dev/2023-October/026351.html - adjust debian/pathes/exclude-broken-tests.patch...
OPENSUSE-SU-2024:0026-1 Security update for seamonkey
This update for seamonkey fixes the following issues: Update to 2.53.18.1: Update the NSS library to the latest esr 115 version for the final 2.53.18.1 release. SeaMonkey 2.53.18.1 uses the same backend as Firefox and contains the relevant Firefox 60.8 security fixes. SeaMonkey 2.53.18.1 shares...
CLSA-2023-1702573569 Fix of 5 CVEs
SECURITY UPDATE: Update to 5.7.44 to fix security issues - CVE-2023-22053, CVE-2023-22084, CVE-2023-22015, CVE-2023-22026, CVE-2023-22028 debian/patches/offroottests.patch: disable mysqlddaemon and mysqldsafe tests under root due to known issues with these tests...
CLSA-2023-1702573449 Fix of 5 CVEs
SECURITY UPDATE: Update to 5.7.44 to fix security issues - CVE-2023-22053, CVE-2023-22084, CVE-2023-22015, CVE-2023-22026, CVE-2023-22028...
CLSA-2023-1702496473 squid34: Fix of CVE-2023-46728
CVE-2023-46728: Remove support for Gopher protocol...
CLSA-2023-1702495907 squid34: Fix of CVE-2023-46728
CVE-2023-46728: Remove support for Gopher protocol...
CLSA-2023-1702495796 squid: Fix of CVE-2023-46728
CVE-2023-46728: Remove support for Gopher protocol - Enable test-suite...
CLSA-2023-1701286147 squid34: Fix of CVE-2023-46724
CVE-2023-46724: Fix validation of certificates with CN=...
CLSA-2023-1700589307 Update of zlib
Changed suffix from esu to els...
CVE-2023-46129 xkeys Seal encryption used fixed key for all encryption
NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. The cryptographic key handling library, nkeys, recently gained support for encryption, not just for signing/authentication. This is used in nats-server...
PYSEC-2023-212
urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303 after the request had its method changed from one that could accept a request body like POST to GET as is required by HT...
CLSA-2023-1697464688 curl: Fix of CVE-2023-38546
CVE-2023-38546: cookie: remove unnecessary struct fields - Rebuild expired test certificates...
CLSA-2023-1696878020 python: Fix of CVE-2022-48565
CVE-2022-48565: Reject XML entity declarations in plist files...
CLSA-2023-1692293738 amanda: Fix of 2 CVEs
CVE-2022-37705: fix tar option filtering - CVE-2023-30577: introduce tar option allow list...