Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-35928: Fixed security issue with passwords entered via a prompt · paulej/AESCrypt@6876185

AES Crypt is a file encryption software for multiple platforms. AES Crypt for Linux built using the source on GitHub and having the version number 3.11 has a vulnerability with respect to reading user-provided passwords and confirmations via command-line prompts. Passwords lengths were not checked before being read. This vulnerability may lead to buffer overruns. This does not affect source code found on aescrypt.com, nor is the vulnerability present when providing a password or a key via the -p or -k command-line options. The problem was fixed via in commit 68761851b and will be included in release 3.16. Users are advised to upgrade. Users unable to upgrade should us the -p or -k options to provide a password or key.

CVE
Open in Source
#vulnerability#linux#git#perl

@@ -1,32 +1,57 @@ # AES Crypt (Linux source code)
The Linux source code in the git respository is intended for use with "The Autotools". This includes the following packages: autoconf; automake; and, libtool. Install these from your distro packages. The Linux source code in the git repository is intended for use with CMake or "The Autotools".

CMake build

Change to the Linux directory and issue the following commands to create a release build:
```bash cmake -B build -S . --install-prefix=/usr -DCMAKE_BUILD_TYPE:STRING=Release cmake --build build --parallel ```
The aescrypt and aescrypt_keygen binaries will be placed in the directory `build/src/` once the build completes.
If you wish to install the two binary files `aescrypt` and `aescrypt_keygen`, just run this command:
```bash cmake --install build ```
To invoke the tests to ensure everything is working properly, do the following:
```bash cd build make test ```

Using Autotools

Install these from your Linus distribution packages:
* autoconf * automake * libtool
Before you can build the software, you need to run the following command:
``` autoreconf -ivf ```bash autoreconf -ivf ```
Note that the package maintainers, when producing an official release, will run the above command and only publish the source files needed to run “configure” and "make". Official source releases can be downloaded from https://www.aescrypt.com/. from [aescrypt.com](https://www.aescrypt.com/download/).
Package maintainers can create a tarball using the following command:
```bash make dist ``` make dist ```

CMake build

mkdir build cd build cmake …/ make

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE