python3.12 security update

3.12.5-2 - Security fix for CVE-2024-8088 Resolves: RHEL-55939 3.12.5-1 - Update to 3.12.5 - Security fix for CVE-2024-6923 Resolves: RHEL-53075 3.12.4-3 - Properly propagate the optimization flags to C extensions 3.12.4-2 - Build Python with -O3 -...

Hotfix XS82ECU1075 - For Citrix Hypervisor 8.2 Cumulative Update 1

Who Should Install This Hotfix? This is a hotfix for customers running Citrix Hypervisor 8.2 Cumulative Update 1. Note: This hotfix is available only to customers on the Customer Success Services program. Where To Get This Hotfix Download Citrix Hypervisor 8.2 Cumulative Update 1 hotfixes from...

Security Bulletin: IBM Decision Optimization for Cloud Pak for Data is vulnerable to a denial of service (CVE-2024-39249)

Summary There is a vulnerability in Async used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-39249 DESCRIPTION: Async is vulnerable to a denial of service, caused...

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Tensorflow

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Tensorflow Vulnerability Details CVEID:CVE-2023-30767 DESCRIPTION: Intel Optimization for TensorFlow could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper...

Release Information for Veeam Backup for Microsoft Azure 7 Cumulative Patches

Requirements Please confirm that you are running version Veeam Backup for Microsoft Azure v7 build 7.0.0.467 or later before upgrading. You can find the currently installed build number Product version in the About section under Configuration | Support Information | Updates. After installing Veea...

SUSE-SU-2024:3267-1 Security update for SUSE Manager Client Tools

This update fixes the following issues: golang-github-prometheus-prometheus: - Security issues fixed: CVE-2024-6104: Update go-retryablehttp to version 0.7.7 bsc1227038 CVE-2023-45142: Updated otelhttp to version 0.46.1 bsc1228556 - Require Go 1.20 for building - Migrate from disabled to manual...

Next.js Remote Patterns Server-Side Request Forgery

Next.js framework embeds an image optimization component which is enabled by default and allows dynamic resizing when requested. This feature leverages the 'next.config.js' configuration file to ensure that the target host being requested is allowed. When misconfigured, a remote and unauthenticat...

PT-2024-34100

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue arises when the caller supplies an iocb-ki pos value close to the filesystem upper limit, and an iterator with a count that causes an overflow of that limit, resulting in...

mm/memory-failure: fix deadlock when hugetlb_optimize_vmemmap is enabled

...

DragonRank, a Chinese-speaking SEO manipulator service provider

Key Takeaways Cisco Talos is disclosing a new threat called "DragonRank" that primarily targets countries in Asia and a few in Europe, operating PlugX and BadIIS for search engine optimization SEO rank manipulation. DragonRank exploits targets' web application services to deploy a web shell and...

NetScaler - How to Integrate NetScaler and Exchange Server when Content Switch is Involved.

How to Integrate NetScaler and Exchange Server when Content Switch is Involved...

Webinar: Learn to Boost Cybersecurity with AI-Powered Vulnerability Management

The world of cybersecurity is in a constant state of flux. New vulnerabilities emerge daily, and attackers are becoming more sophisticated. In this high-stakes game, security leaders need every advantage they can get. That's where Artificial Intelligence AI comes in. AI isn't just a buzzword; it'...

CVE-2024-45056

zksolc is a Solidity compiler for ZKsync. All LLVM versions since 2015 fold xor shl 1, x, -1 to rotl 1, x if run with optimizations enabled. Here 1 is generated as an unsigned 64 bits number 2^64-1. This number is zero-extended to 256 bits on EraVM target while it should have been sign-extended...

CVE-2024-45056

zksolc is a Solidity compiler for ZKsync. All LLVM versions since 2015 fold xor shl 1, x, -1 to rotl 1, x if run with optimizations enabled. Here 1 is generated as an unsigned 64 bits number 2^64-1. This number is zero-extended to 256 bits on EraVM target while it should have been sign-extended...

CVE-2024-45056 `fold (xor (shl 1, x), -1) -> (rotl ~1, x)` misoptimization in zksolc

zksolc is a Solidity compiler for ZKsync. All LLVM versions since 2015 fold xor shl 1, x, -1 to rotl 1, x if run with optimizations enabled. Here 1 is generated as an unsigned 64 bits number 2^64-1. This number is zero-extended to 256 bits on EraVM target while it should have been sign-extended...

ZKsync Era 安全漏洞

ZKsync Era is an open source compiler from Matter Labs. A security vulnerability exists in versions of ZKsync Era prior to 1.5.3, which stems from LLVM mishandling of specific instructions during optimization, resulting in a numeric expansion error that affects contract execution on EraVM...

Security Bulletin: Multiple vulnerabilities in IBM Semeru Runtime may affect IBM Decision Optimization for IBM Cloud Pak for Data

Summary There are multiple vulnerabilities in IBM® Semeru Runtime Version 17 used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2024-21085 DESCRIPTION: An unspecified...

Security Bulletin: IBM Decision Optimization for Cloud Pak for Data is vulnerable to a weak security (CVE-2024-39689)

Summary There is a weak security in Certifi python-certifi used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-39689 DESCRIPTION: Certifi python-certifi could...

Security Bulletin: IBM Decision Optimization for Cloud Pak for Data is vulnerable to an information disclosure (CVE-2024-37891)

Summary There is an information disclosure vulnerability in urllib3 used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-37891 DESCRIPTION: urllib3 could allow a...

AZL-48203 CVE-2024-43904 affecting package kernel for versions less than 6.6.64.2-9

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add null checks for 'stream' and 'plane' before dereferencing This commit adds null checks for the 'stream' and 'plane' variables in the dcn30applyidlepoweroptimizations function. These variables were previously...