#git

In snapd versions prior to 2.62, snapd failed to properly check the file type when extracting a snap. The snap format is a squashfs file-system image and so can contain files that are non-regular files (such as pipes or sockets etc). Various file entries within the snap squashfs image (such as icons etc) are directly read by snapd when it is extracted. An attacker who could convince a user to install a malicious snap which contained non-regular files at these paths could then cause snapd to block indefinitely trying to read from such files and cause a denial of service.

In snapd versions prior to 2.62, when using AppArmor for enforcement of sandbox permissions, snapd failed to restrict writes to the $HOME/bin path. In Ubuntu, when this path exists, it is automatically added to the users PATH. An attacker who could convince a user to install a malicious snap which used the 'home' plug could use this vulnerability to install arbitrary scripts into the users PATH which may then be run by the user outside of the expected snap sandbox and hence allow them to escape confinement.

Seeing a “blue screen of death,” often with code that looks indecipherable, has been ingrained into our heads that it’s a “hack."

Craft CMS 5 allows reuse of TOTP tokens multiple times within the validity period. ### Impact An attacker is able to re-submit a valid TOTP token to establish an authenticated session. This requires that the attacker has knowledge of the victim's credentials. A TOTP token can be used multiple times to establish an authenticated session. [RFC 6238](https://www.rfc-editor.org/rfc/rfc6238) insists that an OTP must not be used more than once. > The verifier MUST NOT accept the second attempt of the OTP after the successful validation has been issued for the first OTP, which ensures one-time only use of an OTP. The OWASP Application Security Verification Standard v4.0.3 (ASVS) [reiterates this property with requirement 2.8.4](https://github.com/OWASP/ASVS/blob/v4.0.3/4.0/en/0x11-V2-Authentication.md#v28-one-time-verifier). > Verify that time-based OTP can be used only once within the validity period. It should also be noted that the validity period of an TOTP token is 2 minutes. This...

`gix-attributes` (in [`state::ValueRef`](https://github.com/Byron/gitoxide/blob/gix-attributes-v0.22.2/gix-attributes/src/state.rs#L19-L27)) unsafely creates a `&str` from a `&[u8]` containing non-UTF8 data, with the justification that so long as nothing reads the `&str` and relies on it being UTF-8 in the `&str`, there is no UB: ```rust // SAFETY: our API makes accessing that value as `str` impossible, so illformed UTF8 is never exposed as such. ``` The problem is that the non-UTF8 `str` **is** exposed to outside code: first to the `kstring` crate itself, which requires UTF-8 in its documentation and may have UB as a consequence of this, but also to `serde`, where it propagates to e.g. `serde_json`, `serde_yaml`, etc., where the same problems occur. This is not sound, and it could cause further UB down the line in these places that can view the `&str`.

A software engineer hired for an internal IT AI team immediately became an insider threat by loading malware onto his workstation.

OpenAM is an open access management solution. In versions 15.0.3 and prior, the `getCustomLoginUrlTemplate` method in RealmOAuth2ProviderSettings.java is vulnerable to template injection due to its usage of user input. Although the developer intended to implement a custom URL for handling login to override the default PingOne Advanced Identity Cloud login page,they did not restrict the `CustomLoginUrlTemplate`, allowing it to be set freely. Commit fcb8432aa77d5b2e147624fe954cb150c568e0b8 introduces `TemplateClassResolver.SAFER_RESOLVER` to disable the resolution of commonly exploited classes in FreeMarker template injection. As of time of publication, this fix is expected to be part of version 15.0.4.

Ubuntu Security Notice 6913-1 - Filip Hejsek discovered that phpCAS was using HTTP headers to determine the service URL used to validate tickets. A remote attacker could possibly use this issue to gain access to a victim's account on a vulnerable CASified service. This security update introduces an incompatible API change. After applying this update, third party applications need to be modified to pass in an additional service base URL argument when constructing the client class.

Red Hat Security Advisory 2024-4836-03 - Updated images are now available for Red Hat Advanced Cluster Security. The updated image includes new features, bug fixes, and updates to patch vulnerabilities.

In Spring Cloud Data Flow versions prior to 2.11.4,  a malicious user who has access to the Skipper server api can use a crafted upload request to write an arbitrary file to any location on the file system which could lead to compromising the server