Important: kernel security and bug fix update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: use-after-free vulnerability in the perfgroupdetach function of the Linux Kernel Performance Events CVE-2023-2235 kernel: netfilter: use-after-free in nftables when processing batch...

RLSA-2021:4593 Moderate: annobin security update

Annobin provides a compiler plugin to annotate and tools to examine compiled binary files. Security Fixes: Developer environment: Unicode's bidirectional BiDi override characters can cause trojan source attacks CVE-2021-42574 The following changes were introduced in annobin in order to facilitate...

The vulnerability of the NULL character detection function in Cisco Firepower Threat Defense’s network interface controllers, as well as in Cisco FirePOWER Services Software for ASA and Cisco Firepower Management Center’s network management software, allows attackers to bypass the configured content filters and compromise the integrity of the protected information.

The vulnerability of the NULL character detection function in Cisco Firepower Threat Defense’s microprogramming network interface cards, as well as in Cisco FirePOWER Services Software for ASA and Cisco Firepower Management Center’s network management software, stems from errors in command text...

CVE-2018-19211

In ncurses 6.1, there is a NULL pointer dereference at function ncparseentry in parseentry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a "dubious character ' in name or alias field" detection...

Weblate: CSV export filter bypass leads to formula injection.

Dear Weblate bug bounty team, Summary --- The new filter can be bypassed using: %0A-3+3+cmd|' /C calc'!D2. python text = "%0A-3+3+cmd|' /C calc'!D2" def csvfilterbypass: if text and text0 in '=', '+', '-', '@': return "'" + text return text How can this be fixed? --- You need to escape and detect...