A Bootiful Podcast: engineer, CTO, teacher, and pilot Ken Sipe

Hi, Spring fans, JVM enjoyers, and cloud natives! Have I got a treat for you today! We're going to be talking to my longtime pal Ken Sipe. groovy java kotlin go rust spring jvm...

Fedora 41 : python-cramjam / rust-async-compression / rust-brotli / etc (2024-2096f5d14c)

The remote Fedora 41 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2024-2096f5d14c advisory. Update rust-brotli-decompressor to 4.0.1, rust-brotli to 7.0.0, and rust-async-compression to 0.4.13. Patch dependent packages as needed to avoid compat...

Fedora 41 : rust-hyper-rustls / rust-reqwest / rust-rustls-native-certs / etc (2024-347164df1c)

The remote Fedora 41 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2024-347164df1c advisory. - Update the hyper-rustls crate to version 0.27.3. - Update the reqwest crate to version 0.12.8. - Update the rustls-native-certs crate to version 0.8.0 and...

Fedora 41 : rust (2024-3534c44ef9)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-3534c44ef9 advisory. Automatic update for rust-1.77.2-1.fc41. Changelog Tue Apr 9 2024 Josh Stone - 1.77.2-1 - Update to 1.77.2; Fixes RHBZ2274248 CVE-2024-24576 Tenable has...

Mageia: Security Advisory (MGASA-2024-0349)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated nspr, nss, firefox & rust packages fix security vulnerabilities

Permission leak via embed or object elements. CVE-2024-10458 Use-after-free in layout with accessibility. CVE-2024-10459 Confusing display of origin for external protocol handler prompt. CVE-2024-10460 XSS due to Content-Disposition being ignored in multipart/x-mixed-replace response...

hotg-rune-runtime (>=0.11.0 <=0.11.3), hotg-rune-wasm3-runtime (>=0.6.0 <=0.10.0) +7 more potentially affected by CVE-2024-27529 via wasm3 (>=0.1.3 <=0.3.1)

wasm3 CARGO version =0.1.3, =0.11.0, =0.6.0, =0.7.0, =0.4.0, =0.2.0, =0.0.1, =0.16.0, =0.15.0, =0.19.0 Source cves: CVE-2024-27529 Source advisory: OSV:GHSA-FMQ6-4W57-2W3V...

rust-toolset:rhel8 bug fix and enhancement update

An update is available for rust, module.rust. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Rust Toolset provides the Rust programming language compiler rustc,...

SUSE CVE-2024-51990

jj, or Jujutsu, is a Git-compatible VCS written in rust. In affected versions specially crafted Git repositories can cause jj to write files outside the clone. This issue has been addressed in version 0.23.0. Users are advised to upgrade. Users unable to upgrade should avoid cloning repos from...

CVE-2024-51990

jj, or Jujutsu, is a Git-compatible VCS written in rust. In affected versions specially crafted Git repositories can cause jj to write files outside the clone. This issue has been addressed in version 0.23.0. Users are advised to upgrade. Users unable to upgrade should avoid cloning repos from...

CVE-2024-51990 Path traversal via crafted Git repositories in jj

jj, or Jujutsu, is a Git-compatible VCS written in rust. In affected versions specially crafted Git repositories can cause jj to write files outside the clone. This issue has been addressed in version 0.23.0. Users are advised to upgrade. Users unable to upgrade should avoid cloning repos from...

New Stealer Uses Invalid Cert To Compromise Systems

New Stealer Uses Invalid Cert To Compromise Systems By Mohinder Gill, Mallikarjun Wali and Sangram Mohapatro · November 07, 2024 A new Stealer has been making the rounds. Its name: Fickle. Fickle Stealer is a new Rust-based information stealer that spreads through various attack vectors, includin...

AZL-52444 CVE-2024-9681 affecting package rust for versions less than 1.72.0-10

When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than otherwise intended. This affects curl using applications that enable HSTS and use URLs with the insecure HTTP:// scheme and perform transfers with host...

CVE-2024-51502 Panic Vulnerability in loona-hpack

loona is an experimental, HTTP/1.1 and HTTP/2 implementation in Rust on top of io-uring. loona-hpack suffers from the same vulnerability as the original hpack as documented in issue 11. All users who try to decode untrusted input using the Decoder are vulnerable to this exploit. This issue has be...

CVE-2024-51502

CVE-2024-51502 affects loona-hpack (Rust, built on io-uring) where the Decoder can be exploited by decoding untrusted input. The vulnerability is the same as in the original hpack and is mitigated by upgrading to loona release 0.4.3. Connected sources also reference a patched crate (hpack-patched...

CVE-2024-51502 Panic Vulnerability in loona-hpack

loona is an experimental, HTTP/1.1 and HTTP/2 implementation in Rust on top of io-uring. loona-hpack suffers from the same vulnerability as the original hpack as documented in issue 11. All users who try to decode untrusted input using the Decoder are vulnerable to this exploit. This issue has be...

CVE-2024-51502 Panic Vulnerability in loona-hpack

loona is an experimental, HTTP/1.1 and HTTP/2 implementation in Rust on top of io-uring. loona-hpack suffers from the same vulnerability as the original hpack as documented in issue 11. All users who try to decode untrusted input using the Decoder are vulnerable to this exploit. This issue has be...

openSUSE: Security Advisory for 389 (SUSE-SU-2024:3844-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE: Security Advisory for 389 (SUSE-SU-2024:3843-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 41 Update: rust-pyo3-macros-backend-0.22.4-1.fc41

Code generation for PyO3 package...