#amazon

### Impact The vulnerability [CVE-2023-49090](https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-gxhx-g4fq-49hj) wasn't fully addressed. This vulnerability is caused by the fact that when uploading to object storage, including Amazon S3, it is possible to set a Content-Type value that is interpreted by browsers to be different from what's allowed by `content_type_allowlist`, by providing multiple values separated by commas. This bypassed value can be used to cause XSS. ### Patches Upgrade to [3.0.7](https://rubygems.org/gems/carrierwave/versions/3.0.7) or [2.2.6](https://rubygems.org/gems/carrierwave/versions/2.2.6). ### Workarounds Use the following monkey patch to let CarrierWave parse the Content-type by using `Marcel::MimeType.for`. ```ruby # For CarrierWave 3.x CarrierWave::SanitizedFile.class_eval do def declared_content_type @declared_content_type || if @file.respond_to?(:content_type) && @file.content_type Marcel::MimeType.for(d...

This week on the Lock and Code podcast, we speak with Carey Parker about the importance and the process of securing your home network.

By Deeba Ahmed New Dark Web Tool GEOBOX, sold for $700 on Telegram and underground forums, hijacks Raspberry Pi, allowing cybercriminals to fake locations and evade detection. This is a post from HackRead.com Read the original post: New GEOBOX Tool Hijacks Raspberry Pi, Lets Hackers Fake Location

Ubuntu Security Notice 6700-2 - It was discovered that the Layer 2 Tunneling Protocol implementation in the Linux kernel contained a race condition when releasing PPPoL2TP sockets in certain conditions, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the ext4 file system implementation in the Linux kernel did not properly handle block device modification while it is mounted. A privileged attacker could use this to cause a denial of service or possibly expose sensitive information.

## Impacted Resources bref/src/Event/Http/Psr7Bridge.php:94-125 multipart-parser/src/StreamedPart.php:383-418 ## Description When Bref is used with the Event-Driven Function runtime and the handler is a `RequestHandlerInterface`, then the Lambda event is converted to a PSR7 object. During the conversion process, if the request is a MultiPart, each part is parsed. In the parsing process, the `Content-Type` header of each part is read using the [`Riverline/multipart-parser`](https://github.com/Riverline/multipart-parser/) library. The library, in the `StreamedPart::parseHeaderContent` function, performs slow multi-byte string operations on the header value. Precisely, the [`mb_convert_encoding`](https://www.php.net/manual/en/function.mb-convert-encoding.php) function is used with the first (`$string`) and third (`$from_encoding`) parameters read from the header value. ## Impact An attacker could send specifically crafted requests which would force the server into performing long op...

## Description: During some analysis today on npm's `node-tar` package I came across the folder creation process, Basicly if you provide node-tar with a path like this `./a/b/c/foo.txt` it would create every folder and sub-folder here a, b and c until it reaches the last folder to create `foo.txt`, In-this case I noticed that there's no validation at all on the amount of folders being created, that said we're actually able to CPU and memory consume the system running node-tar and even crash the nodejs client within few seconds of running it using a path with too many sub-folders inside ## Steps To Reproduce: You can reproduce this issue by downloading the tar file I provided in the resources and using node-tar to extract it, you should get the same behavior as the video ## Proof Of Concept: Here's a [video](https://hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com/3i7uojw8s52psar6pg8zkdo4h9io?response-content-disposition=attachment%3B%20filename%3D%22tar-dos-poc....

Cybersecurity researchers have shared details of a now-patched security vulnerability in Amazon Web Services (AWS) Managed Workflows for Apache Airflow (MWAA) that could be potentially exploited by a malicious actor to hijack victims' sessions and achieve remote code execution on underlying instances. The vulnerability, now addressed by AWS, has been codenamed FlowFixation by Tenable.

Ubuntu Security Notice 6702-2 - It was discovered that the NVIDIA Tegra XUSB pad controller driver in the Linux kernel did not properly handle return values in certain error conditions. A local attacker could use this to cause a denial of service. It was discovered that the ARM Mali Display Processor driver implementation in the Linux kernel did not properly handle certain error conditions. A local attacker could possibly use this to cause a denial of service.

Ubuntu Security Notice 6705-1 - It was discovered that the DesignWare USB3 for Qualcomm SoCs driver in the Linux kernel did not properly handle certain error conditions during device registration. A local attacker could possibly use this to cause a denial of service. It was discovered that the NVIDIA Tegra XUSB pad controller driver in the Linux kernel did not properly handle return values in certain error conditions. A local attacker could use this to cause a denial of service.

Ubuntu Security Notice 6701-1 - Ruihan Li discovered that the bluetooth subsystem in the Linux kernel did not properly perform permissions checks when handling HCI sockets. A physically proximate attacker could use this to cause a denial of service. It was discovered that the NVIDIA Tegra XUSB pad controller driver in the Linux kernel did not properly handle return values in certain error conditions. A local attacker could use this to cause a denial of service.