Security
Headlines
HeadlinesLatestCVEs

Headline

Debian Security Advisory 5638-1

Debian Linux Security Advisory 5638-1 - It was discovered that the uv_getaddrinfo() function in libuv, an asynchronous event notification library, incorrectly truncated certain hostnames, which may result in bypass of security measures on internal APIs or SSRF attacks.

Packet Storm
#linux#debian#ssrf
-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5638-1                   [email protected]://www.debian.org/security/                     Salvatore BonaccorsoMarch 10, 2024                        https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : libuv1CVE ID         : CVE-2024-24806Debian Bug     : 1063484It was discovered that the uv_getaddrinfo() function in libuv, anasynchronous event notification library, incorrectly truncated certainhostnames, which may result in bypass of security measures on internalAPIs or SSRF attacks.For the oldstable distribution (bullseye), this problem has been fixedin version 1.40.0-2+deb11u1.For the stable distribution (bookworm), this problem has been fixed inversion 1.44.2-1+deb12u1.We recommend that you upgrade your libuv1 packages.For the detailed security status of libuv1 please refer toits security tracker page at:https://security-tracker.debian.org/tracker/libuv1Further information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: [email protected] PGP SIGNATURE-----iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmXtrrFfFIAAAAAALgAoaXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xNDz0TOBw//UDY7qqzhavYjzvVxQ6ka9PGfBLJcRXhMjpwH5JxR6T0KOqCQkasoXCxmNTSzczr0zrtU4Hdtv6tb/E5QfemTpdEfMOtuuKxhQ3jrQNjnqtfDD5ouomrckxMcPtB3SsJ0e1BV97ORDEqrym39VQTIaVgxdZwXU5/mcqaboZx8uxv8XjaDURhAU1eYz5PDno6bTg/zL7bSSugTnxSPHwokv4FICxaG8rR6y6drbI7hndsx+LL+sXs426O8xDzro+deanl3i9kdXxQujhTxJA+7vUTeaCl8rLFs7kOyNxDbCVADYc+Cc0h8Z0xnv/xNDYkIMprGcUx2QgW9mwfDgKGxDVtltPwb6oIBsKzrYBF/gVUqM5aym3VquS8n+lL7+uA0ZHKMxeQRrCtHCIoDUAhjVarQPqbxIX92tftSIRHU7e8Qfmyo7PdbPs9UC4zUUwIwQ6UtRR8OWIKE8IFa+BRxL2/3KCDjDvpK60VUfanRqdF7zcvifFQMw9mqJ/s/IIY6Unhvk9/6QSKrNiaLnFBOVBZ4E4A5OU6W1KAKvixlH8bmv0XCgrlDr2fx/7+Xn8wNA86qPAd9/t6DAVzyjdlis+P6LYzAfrAguWQQS0xkDW+5OQqV3wyKvK1m9PRJK4vfmiX5kw+VclGbJM4ToaKOLbSlns/QNhHuRw2RDem0/+s==ai3N-----END PGP SIGNATURE-----

Related news

Red Hat Security Advisory 2024-8132-03

Red Hat Security Advisory 2024-8132-03 - An update for libuv is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a server-side request forgery vulnerability.

Red Hat Security Advisory 2024-4247-03

Red Hat Security Advisory 2024-4247-03 - An update for libuv is now available for Red Hat Enterprise Linux 8. Issues addressed include a server-side request forgery vulnerability.

Ubuntu Security Notice USN-6666-1

Ubuntu Security Notice 6666-1 - It was discovered that libuv incorrectly truncated certain hostnames. A remote attacker could possibly use this issue with specially crafted hostnames to bypass certain checks.

Packet Storm: Latest News

Ivanti EPM Agent Portal Command Execution