Packet Storm

Ubuntu Security Notice 7048-1 - Suyue Guo discovered that Vim incorrectly handled memory when flushing the typeahead buffer, leading to heap-buffer-overflow. An attacker could possibly use this issue to cause a denial of service.

Ubuntu Security Notice 7015-3 - USN-7015-1 fixed several vulnerabilities in Python. This update provides the corresponding updates for CVE-2023-27043 for python2.7 in Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS, and for python3.5 in Ubuntu 16.04 LTS. It was discovered that the Python email module incorrectly parsed email addresses that contain special characters. A remote attacker could possibly use this issue to bypass certain protection mechanisms. It was discovered that Python allowed excessive backtracking while parsing certain tarfile headers. A remote attacker could possibly use this issue to cause Python to consume resources, leading to a denial of service. It was discovered that the Python email module incorrectly quoted newlines for email headers. A remote attacker could possibly use this issue to perform header injection. It was discovered that the Python http.cookies module incorrectly handled parsing cookies that contained backslashes for quot...

Ubuntu Security Notice 7046-1 - It was discovered that Flatpak incorrectly handled certain persisted directories. An attacker could possibly use this issue to read and write files in locations it would not normally have access to. A patch was also needed to Bubblewrap in order to avoid race conditions caused by this fix.

Red Hat Security Advisory 2024-7443-03 - Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes. The updated image includes security and bug fixes.

Red Hat Security Advisory 2024-7442-03 - A security update is now available for Red Hat JBoss Enterprise Application Platform 8.0. Issues addressed include an information leakage vulnerability.

Red Hat Security Advisory 2024-7441-03 - A security update is now available for Red Hat JBoss Enterprise Application Platform 8.0. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section. Issues addressed include an information leakage vulnerability.

Red Hat Security Advisory 2024-7436-03 - The components for Red Hat OpenShift for Windows Containers 10.17.0 are now available. This product release includes bug fixes and security updates for the following packages: windows-machine-config-operator and windows-machine-config-operator-bundle.

Red Hat Security Advisory 2024-7434-03 - An update for 389-ds-base is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support.

Red Hat Security Advisory 2024-7433-03 - An update for kpatch-patch-4_18_0-372_118_1 and kpatch-patch-4_18_0-372_91_1 is now available for Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions.

Student Study Center Management System version 1.0 suffers from an ignored default credential vulnerability.