OpenTofu potential leaking of secret variable values when using static evaluation in v1.8

Impact Users who have opted into static evaluation of module sources, versions, and backend configurations may be at risk of exposing sensitive variables and locals. This is a workflow that should not be possible and explicitly show errors. Workarounds Check that you are not using sensitive...

GHSA-WPR2-J6GR-PJW9 OpenTofu potential leaking of secret variable values when using static evaluation in v1.8

Impact Users who have opted into static evaluation of module sources, versions, and backend configurations may be at risk of exposing sensitive variables and locals. This is a workflow that should not be possible and explicitly show errors. Workarounds Check that you are not using sensitive...

Android users targeted on Facebook and porn sites, served adware

Android users, be on your guard against adware trying to infect your device. The adware—known as MobiDash—is spreading via several channels, according to ThreatDown research. One of the characteristics that makes MobiDash stand out is that it can be added to legitimate apps without changing how t...

CVE-2024-46763 fou: Fix null-ptr-deref in GRO.

In the Linux kernel, the following vulnerability has been resolved: fou: Fix null-ptr-deref in GRO. We observed a null-ptr-deref in fougroreceive while shutting down a host. 0 The NULL pointer is sk-skuserdata, and the offset 8 is of protocol in struct fou. When fourelease is called due to netns...

CVE-2024-46763 fou: Fix null-ptr-deref in GRO.

In the Linux kernel, the following vulnerability has been resolved: fou: Fix null-ptr-deref in GRO. We observed a null-ptr-deref in fougroreceive while shutting down a host. 0 The NULL pointer is sk-skuserdata, and the offset 8 is of protocol in struct fou. When fourelease is called due to netns...

CVE-2024-46763

CVE-2024-46763 (Linux kernel) involves a NULL pointer dereference in fou_gro_receive() during host shutdown. The NULL pointer is sk->sk_user_data (offset 8 in struct fou), which may be NULL when udp_tunnel_sock_release() clears sk_user_data and the tunnel socket is destroyed after an RCU grace...

Updated botan2 packages fix security vulnerability

An attacker could present an ECDSA X.509 certificate using explicit encoding where the parameters are very large. When parsing, the parameter is checked to be prime, causing excessive computation. This was patched in 2.19.4 and 3.3.0 to allow the prime parameter of the elliptic curve to be at mos...

MGASA-2024-0297 Updated botan2 packages fix security vulnerability

An attacker could present an ECDSA X.509 certificate using explicit encoding where the parameters are very large. When parsing, the parameter is checked to be prime, causing excessive computation. This was patched in 2.19.4 and 3.3.0 to allow the prime parameter of the elliptic curve to be at mos...

GHSA-M6FV-JMCG-4JFG send vulnerable to template injection that can lead to XSS

Impact passing untrusted user input - even after sanitizing it - to SendStream.redirect may execute untrusted code Patches this issue is patched in send 0.19.0 Workarounds users are encouraged to upgrade to the patched version of express, but otherwise can workaround this issue by making sure any...

DEBIAN-CVE-2024-43826

In the Linux kernel, the following vulnerability has been resolved: nfs: pass explicit offset/count to trace events nfsfoliolength is unsafe to use without having the folio locked and a check for a NULL -fmapping that protects against truncations and can lead to kernel crashes. E.g. when running...

UBUNTU-CVE-2024-43826

In the Linux kernel, the following vulnerability has been resolved: nfs: pass explicit offset/count to trace events nfsfoliolength is unsafe to use without having the folio locked and a check for a NULL -fmapping that protects against truncations and can lead to kernel crashes. E.g. when running...

Linux kernel 代码问题漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A code issue vulnerability exists in Linux kernel that stems from a failure to pass an explicit offset or count...

AZL-47344 CVE-2024-42158 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: s390/pkey: Use kfreesensitive to fix Coccinelle warnings Replace memzeroexplicit and kfree with kfreesensitive to fix warnings reported by Coccinelle: WARNING opportunity for kfreesensitive/kvfreesensitive line 1506 WARNING...

UBUNTU-CVE-2024-42158

In the Linux kernel, the following vulnerability has been resolved: s390/pkey: Use kfreesensitive to fix Coccinelle warnings Replace memzeroexplicit and kfree with kfreesensitive to fix warnings reported by Coccinelle: WARNING opportunity for kfreesensitive/kvfreesensitive line 1506 WARNING...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a warning reported by Coccinelle in the s390/pkey module when using memzeroexplicit and kfree, which should ...

CVE-2024-42093

In the Linux kernel, the following vulnerability has been resolved: net/dpaa2: Avoid explicit cpumask var allocation on stack For CONFIGCPUMASKOFFSTACK=y kernel, explicit allocation of cpumask variable on stack is not recommended since it can cause potential stack overflow. Instead, kernel code...

CVE-2024-42065

CVE-2024-42065 relates to the Linux kernel DRM/XE path. A NULL pointer dereference vulnerability in xe_ttm_stolen_mgr_init was fixed by adding an explicit NULL check to ensure the mgr is not NULL before use. The patch updates the function to validate the mgr reference and prevents dereferencing a...

CVE-2024-42065 drm/xe: Add a NULL check in xe_ttm_stolen_mgr_init

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Add a NULL check in xettmstolenmgrinit Add an explicit check to ensure that the mgr is not NULL...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the lack of an explicit check in xettmstolenmgrinit to ensure that the mgr is not null...

GHSA-P3F3-5CCG-83XQ dbt has an implicit override for built-in materializations from installed packages

Impact What kind of vulnerability is it? Who is impacted? When a user installs a package in dbt, it has the ability to override macros, materializations, and other core components of dbt. This is by design, as it allows packages to extend and customize dbt's functionality. However, this also mean...