Ducktail fashion week

Ducktail is a malware family that has been active since the second half of 2021 and aims to steal Facebook business accounts. WithSecure and GridinSoft have covered Ducktail attacks: the infostealer spread under the guise of documents relating to well-known companies and brands projects and...

Moderate: Red Hat Security Advisory: python3.9 security update

An update for python3.9 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

[SECURITY] Fedora 39 Update: golang-1.21.3-1.fc39

The Go Programming Language...

HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)

A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RSTSTREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any...

[SECURITY] Fedora 37 Update: golang-1.20.10-3.fc37

The Go Programming Language...

[SECURITY] Fedora 38 Update: golang-1.20.10-2.fc38

The Go Programming Language...

RLSA-2023:5738 Important: go-toolset and golang security and bug fix update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. The golang packages provide the Go programming language compiler. Security Fixes: golang: net/http, x/net/http2: rapid stream resets can cause excessive work CVE-2023-44487 CVE-2023-39325...

Important: Red Hat Security Advisory: python39:3.9 and python39-devel:3.9 security update

An update for the python39:3.9 and python39-devel:3.9 modules is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

The vulnerability of the Go programming language-based http2 package, which allows a hacker to trigger a service failure

The vulnerability of the Go programming language’s http2 package is related to an uncontrolled resource consumption by the server due to the incorrect setting of the Server.MaxConcurrentStreams parameter when processing request streams. Exploiting this vulnerability can allow a remote attacker to...

ALSA-2023:5997 Important: python3 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)

A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RSTSTREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any...

HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)

A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RSTSTREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any...

The vulnerability of the PHP programming language interpreter arises from incorrect restrictions on XML links to external objects. This allows attackers to trigger service failures or gain unauthorized access to confidential data.

The vulnerability of the PHP programming language interpreter is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability can allow an attacker to cause service failures or gain unauthorized access to confidential data...

Important: Red Hat Security Advisory: nodejs security, bug fix, and enhancement update

An update for nodejs is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

Important: Red Hat Security Advisory: python3.11 security update

An update for python3.11 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

ALSA-2023:5456 Important: python3.11 security update

Python is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. Security Fixes: python: TLS handshake bypass CVE-2023-40217 For mo...

ROS-20230929-01

Vulnerability in the URI component of the Ruby programming language, related to improper handling of invalid URLs containing certain characters. Exploitation of the vulnerability could allow an attacker, acting remotely, to cause a denial of service Vulnerability in the...

PT-2023-36265 · Skopeo · Skopeo

Name of the Vulnerable Software and Affected Versions: skopeo affected versions not specified Description: The issue is related to a security release in the Go programming language, version 1.21. The skopeo package has been rebuilt with this security release to address the issue. There is no...

[SECURITY] Fedora 37 Update: golang-1.19.13-1.fc37

The Go Programming Language...

[SECURITY] Fedora 38 Update: golang-1.20.8-1.fc38

The Go Programming Language...