[slackware-security] cups

New cups packages are available for Slackware 14.2, 15.0, and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/cups-2.4.2-i586-1slack15.0.txz: Upgraded. Fixed certificate strings comparison for Local authorization. For more information, se...

Read buffer overruns processing ASN.1 strings

ASN.1 strings are represented internally within OpenSSL as an ASN1STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL 0 byte...

GHSA-Q9WJ-F4QW-6VFJ Read buffer overruns processing ASN.1 strings

ASN.1 strings are represented internally within OpenSSL as an ASN1STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL 0 byte...

OS Command Injection

maven-shared-utils is vulnerable to OS command injection. The vulnerability exists due to the use of double-quoted strings without proper escaping which allows an attacker to execute shell commands...

CVE-2021-32921

An issue was discovered in Prosody before 0.11.9. It does not use a constant-time algorithm for comparing certain secret strings when running under Lua 5.2 or later. This can potentially be used in a timing attack to reveal the contents of secret strings to an attacker...

Canonical Apport 安全特征问题漏洞

Canonical Apport is a toolkit from Canonical UK that collects and provides feedback on error messages information that the operating system considers useful when an application crashes. Canonical Apport suffers from a security signature issue vulnerability that stems from not filtering D-Bus...

ROS-20220516-10

A vulnerability in the evdevlogmsg function of the libinput library's implementation of the X.Org and Wayland display server protocols is related to the use of uncontrolled format strings. Wayland is related to the use of uncontrolled format strings. Exploitation of the vulnerability could allow ...

CSRF vulnerability in Jenkins Translation Assistance plugin

Jenkins Translation Assistance Plugin 1.15 and earlier did not require form submissions to be submitted via POST, resulting in a CSRF vulnerability allowing attackers to override localized strings displayed to all users on the current Jenkins instance if the victim is a Jenkins administrator...

GHSA-PWVJ-6PHX-QV8C CSRF vulnerability in Jenkins Translation Assistance plugin

Jenkins Translation Assistance Plugin 1.15 and earlier did not require form submissions to be submitted via POST, resulting in a CSRF vulnerability allowing attackers to override localized strings displayed to all users on the current Jenkins instance if the victim is a Jenkins administrator...

fs-git command injection vulnerability

fs-git is a file system like api for git repository. The fs-git version 1.0.1 module relies on childprocess.exec, however, the buildCommand method used to construct exec strings does not properly sanitize data and is vulnerable to command injection across all methods that use it and call exec...

GHSA-WP3J-GV53-4PG8 fs-git command injection vulnerability

fs-git is a file system like api for git repository. The fs-git version 1.0.1 module relies on childprocess.exec, however, the buildCommand method used to construct exec strings does not properly sanitize data and is vulnerable to command injection across all methods that use it and call exec...

GHSA-8VHQ-QQ4P-GRQ3 OS Command Injection in Plexus-utils

Plexus-utils before 3.0.16 is vulnerable to command injection because it does not correctly process the contents of double quoted strings...

OESA-2022-1635 ncurses security update

The ncurses new curses library is a free software emulation of curses in System V Release 4.0 SVr4, and more. It uses terminfo format, supports pads and color and multiple highlights and forms characters and function-key mapping, and has all the other SVr4-curses enhancements over BSD curses. SVr...

CVE-2022-26116

Multiple improper neutralization of special elements used in SQL commands 'SQL Injection' vulnerability CWE-89 in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.2 and below may allow an authenticated attack...

[SECURITY] Fedora 36 Update: golang-contrib-opencensus-resource-0.1.2-6.fc36

Go packages for auto discovery of resource information in various environment s. The resourcekeys packages defines well-known type and label key strings that are used by the other packages...

Nessus Network Monitor < 6.0.0 Multiple Vulnerabilities (TNS-2022-02)

The version of Nessus Network Monitor NNM installed on the remote host is prior to 6.0.0. It is, therefore, affected by multiple vulnerabilities: - ASN.1 strings are represented internally within OpenSSL as an ASN1STRING structure which contains a buffer holding the string data and a field holdin...

CVE-2022-25787

Information Exposure Through Query Strings in GET Request vulnerability in LMM API of Secomea GateManager allows system administrator to hijack connection. This issue affects: Secomea GateManager all versions prior to 9.7...

CVE-2022-25787

Information Exposure Through Query Strings in GET Request vulnerability in LMM API of Secomea GateManager allows system administrator to hijack connection. This issue affects: Secomea GateManager all versions prior to 9.7...

CVE-2022-25787

Information Exposure Through Query Strings in GET Request vulnerability in LMM API of Secomea GateManager allows system administrator to hijack connection. This issue affects: Secomea GateManager all versions prior to 9.7...

CVE-2022-25787

The CVE concerns Secomea GateManager, specifically its LMM API: Information Exposure Through Query Strings in GET requests can leak information via the GATE LMM API, allowing a local attacker (or an admin) to hijack connections. Affected are all GateManager versions prior to 9.7. The root cause i...