[SECURITY] Fedora 40 Update: jsr-305-3.0.2-15.fc40

This package contains reference implementations, test cases, and other documents for Java Specification Request 305: Annotations for Software Defect Detection...

[SECURITY] Fedora 40 Update: json_simple-1.1.1-34.fc40

JSON.simple is a simple Java toolkit for JSON. You can use JSON.simple to encode or decode JSON text. Full compliance with JSON specification RFC4627 and reliable Provides multiple functionalities such as encode, decode/parse and escape JSON text while keeping the library lightweight Flexible,...

[SECURITY] Fedora 40 Update: jmock-2.12.0-16.fc40

Mock objects help you design and test the interactions between the objects in your programs. The jMock library: makes it quick and easy to define mock objects, so you don't break the rhythm of programming. lets you precisely specify the interactions between your objects, reducing the brittleness ...

[SECURITY] Fedora 40 Update: jol-0.17-5.fc40

JOL Java Object Layout is a tiny toolbox to analyze Java object layouts. These tools use Unsafe, JVMTI, and Serviceability Agent SA heavily to decode the actual object layout, footprint, and references. This makes JOL much more accurate than other tools relying on heap dumps, specification...

[SECURITY] Fedora 40 Update: javacc-7.0.13-5.fc40

Java Compiler Compiler JavaCC is the most popular parser generator for use with Java applications. A parser generator is a tool that reads a grammar specification and converts it to a Java program that can recognize matches to the grammar. In addition to the parser generator itself, JavaCC provid...

[SECURITY] Fedora 40 Update: ed25519-java-0.3.0-21.fc40

This is an implementation of EdDSA in Java. Structurally, it is based on the ref10 implementation in SUPERCOP see http://ed25519.cr.yp.to/software.html. There are two internal implementations: A port of the radix-2^51 operations in ref10 - fast and constant-time, but only useful for Ed25519. A...

SUSE CVE-2024-26593

In the Linux kernel, the following vulnerability has been resolved: i2c: i801: Fix block process call transactions According to the Intel datasheets, software must reset the block buffer index twice for block process call transactions: once before writing the outgoing data to the buffer, and once...

CVE-2024-23134

A maliciously crafted IGS file in tbb.dll when parsed through Autodesk AutoCAD can be used in user-after-free vulnerability. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process...

Amazon Linux 2023 : runc (ALAS2023-2024-531)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-531 advisory. runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug was found in runc prior to version 1.1.2 where runc exec --cap created processes with non-empty...

PKIX-SSH Prefix Truncation Attacks in SSH Specification (Terrapin Attack)

PKIX-SSH is vulnerable to a novel prefix truncation attack a.k.a. Terrapin attack. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Debian dla-3735 : golang-github-opencontainers-runc-dev - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3735 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3735-1 [email protected]...

CVE-2023-50387

Certain DNSSEC aspects of the DNS protocol in RFC 4033, 4034, 4035, 6840, and related RFCs allow remote attackers to cause a denial of service CPU consumption via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG...

PT-2024-19684 · Autodesk · Autodesk Autocad

Name of the Vulnerable Software and Affected Versions: Autodesk AutoCAD affected versions not specified Description: A maliciously crafted IGS or IGES file in tbb.dll, when parsed through Autodesk AutoCAD, can be used in a user-after-free issue. This issue, along with other issues, could lead to...

Oracle Linux 7 : runc (ELSA-2024-12148)

The remote Oracle Linux 7 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2024-12148 advisory. 1.1.12-1 - Update runc to 1.1.12 JIRA: OLDIS-30530 1.1.10-1 - Update runc to 1.1.10 JIRA: OLDIS-30530 Tenable has extracted the preceding description block...

RHEL 8 : container-tools:rhel8 (RHSA-2024:0759)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:0759 advisory. The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: runc: file descript...

RHEL 9 : runc (RHSA-2024:0755)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:0755 advisory. The runC tool is a lightweight, portable implementation of the Open Container Format OCF that provides container runtime. Security Fixes: runc: file...

SUSE SLES12 Security Update : runc (SUSE-SU-2024:0328-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:0328-1 advisory. - runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an...

Debian dsa-5615 : golang-github-opencontainers-runc-dev - security update

The remote Debian 11 / 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5615 advisory. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5615-1...

Amazon Linux AMI : runc (ALAS-2024-1911)

The version of runc installed on the remote host is prior to 1.1.11-1.1. It is, therefore, affected by a vulnerability as referenced in the ALAS-2024-1911 advisory. AWS is aware of CVE-2024-21626, an issue affecting the runc component of several open source container management systems. Under...

Amazon Linux 2 : runc (ALASECS-2024-033)

The version of runc installed on the remote host is prior to 1.1.11-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2ECS-2024-033 advisory. AWS is aware of CVE-2024-21626, an issue affecting the runc component of several open source container management systems. Under...