Fedora 38 : rust (2023-6f2c7aa713)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-6f2c7aa713 advisory. Security fix for CVE-2023-38497 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus h...

EulerOS 2.0 SP9 : cups (EulerOS-SA-2023-2607)

According to the versions of the cups package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - OpenPrinting CUPS is an open source printing system. In versions 2.4.2 and prior, a heap buffer overflow vulnerability would allow a remote attacke...

CVE-2023-38497

CVE-2023-38497 concerns Cargo and Rust: older Cargo (pre-0.72.2) bundled with Rust pre-1.71.1 did not respect the umask when extracting crate archives, allowing a local-privilege-like impact where a local user could alter source code being compiled and executed by the current user. The issue is m...

CVE-2023-38497

Cargo downloads the Rust project’s dependencies and compiles the project. Cargo prior to version 0.72.2, bundled with Rust prior to version 1.71.1, did not respect the umask when extracting crate archives on UNIX-like systems. If the user downloaded a crate containing files writeable by any local...

CVE-2023-38497 Cargo not respecting umask when extracting crate archives

Cargo downloads the Rust project’s dependencies and compiles the project. Cargo prior to version 0.72.2, bundled with Rust prior to version 1.71.1, did not respect the umask when extracting crate archives on UNIX-like systems. If the user downloaded a crate containing files writeable by any local...

Ubuntu: Security Advisory (USN-6275-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GHSA-J3XP-WFR4-HX87 Cargo not respecting umask when extracting crate archives

The Rust Security Response WG was notified that Cargo did not respect the umask when extracting crate archives on UNIX-like systems. If the user downloaded a crate containing files writeable by any local user, another local user could exploit this to change the source code compiled and executed b...

Cargo not respecting umask when extracting crate archives

The Rust Security Response WG was notified that Cargo did not respect the umask when extracting crate archives on UNIX-like systems. If the user downloaded a crate containing files writeable by any local user, another local user could exploit this to change the source code compiled and executed b...

CVE-2023-38497

Cargo downloads the Rust project’s dependencies and compiles the project. Cargo prior to version 0.72.2, bundled with Rust prior to version 1.71.1, did not respect the umask when extracting crate archives on UNIX-like systems. If the user downloaded a crate containing files writeable by any local...

Cargo security breach

Cargo is a Rust package manager open-sourced by The Rust Programming Language. A security vulnerability exists in versions of Cargo prior to 0.72.2, which stems from the fact that on UNIX-like systems, Cargo does not take into account the umask setting when extracting crate archives...

Fedora: Security Advisory for kitty (FEDORA-2023-3746647cc3)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux 2023 : cups, cups-client, cups-devel (ALAS2023-2023-235)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-235 advisory. A vulnerability was found in CUPS. This issue occurs due to logging data of free memory to the logging service AFTER the connection has been closed, when it should have logged the data immediately befor...

Fedora 37 : cups (2023-9dbd5b28d4)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-9dbd5b28d4 advisory. 2218124 - The command cancel -x does not remove job files 2218123 - Delays printing to lpd when reserved ports are exhausted Security fix for...

Debian dla-3476 : cups - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3476 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3476-1 [email protected] https://www.debian.org/lts/security/...

CVE-2023-34241

OpenPrinting CUPS is a standards-based, open source printing system for Linux and other Unix-like operating systems. Starting in version 2.0.0 and prior to version 2.4.6, CUPS logs data of free memory to the logging service AFTER the connection has been closed, when it should have logged the data...

CVE-2023-34241

CVE-2023-34241 (CUPS) affects OpenPrinting CUPS prior to 2.4.6. A use-after-free occurs in cupsdAcceptClient when logging data after a connection closes due to the function httpClose(con->http) freeing the pointer; cupsdLogClient then passes that freed pointer to httpGetHostname. This can happ...

CVE-2023-34241 CUPS vulnerable to use-after-free in cupsdAcceptClient()

OpenPrinting CUPS is a standards-based, open source printing system for Linux and other Unix-like operating systems. Starting in version 2.0.0 and prior to version 2.4.6, CUPS logs data of free memory to the logging service AFTER the connection has been closed, when it should have logged the data...

CVE-2023-34241 CUPS vulnerable to use-after-free in cupsdAcceptClient()

OpenPrinting CUPS is a standards-based, open source printing system for Linux and other Unix-like operating systems. Starting in version 2.0.0 and prior to version 2.4.6, CUPS logs data of free memory to the logging service AFTER the connection has been closed, when it should have logged the data...

The vulnerability of the `peek_for_as4_capability` function in the software for implementing network routing on Unix-like systems allows a hacker to cause a service failure.

The vulnerability of the peekforas4capability function in the software for implementing network routing on Unix-like systems is related to deficiencies in the use of the assert function. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

Fedora: Security Advisory for kitty (FEDORA-2023-a354113801)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...