#js

### Summary `yt-dlp` does not limit the extensions of downloaded files, which could lead to arbitrary filenames being created in the download folder (and path traversal on Windows). Since `yt-dlp` also reads config from the working directory (and on Windows executables will be executed from the yt-dlp directory) this could lead to arbitrary code being executed. ### Patches `yt-dlp` version 2024.07.01 fixes this issue by whitelisting the allowed extensions. This means some very uncommon extensions might not get downloaded; however, it will also limit the possible exploitation surface. ### Workarounds It is recommended to upgrade yt-dlp to version 2024.07.01 as soon as possible, **always** have `.%(ext)s` at the end of the output template, and make sure you trust the websites that you are downloading from. Also, make sure to never download to a directory within PATH or other sensitive locations like your user directory, `system32`, or other binaries locations. For users not able to up...

Red Hat Security Advisory 2024-4212-03 - An update for golang is now available for Red Hat Enterprise Linux 9.

Red Hat Security Advisory 2024-4211-03 - An update for kernel is now available for Red Hat Enterprise Linux 8. Issues addressed include double free, memory leak, null pointer, spoofing, and use-after-free vulnerabilities.

Red Hat Security Advisory 2024-4210-03 - An update for the redhat-ds:11 module is now available for Red Hat Directory Server 11.9 for RHEL 8. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-4209-03 - An update for the redhat-ds:11 module is now available for Red Hat Directory Server 11.2 for RHEL 8. Issues addressed include a denial of service vulnerability.

amoyjs amoy common v1.0.10 was discovered to contain a prototype pollution via the function extend. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.

rjrodger jsonic-next v2.12.1 was discovered to contain a prototype pollution via the function empty. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.

airvertco frappejs v0.0.11 was discovered to contain a prototype pollution via the function registerView. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.

Debian Linux Security Advisory 5724-1 - The Qualys Threat Research Unit (TRU) discovered that OpenSSH, an implementation of the SSH protocol suite, is prone to a signal handler race condition. If a client does not authenticate within LoginGraceTime seconds (120 by default), then sshd's SIGALRM handler is called asynchronously and calls various functions that are not async-signal-safe. A remote unauthenticated attacker can take advantage of this flaw to execute arbitrary code with root privileges. This flaw affects sshd in its default configuration.

Red Hat Security Advisory 2024-4200-03 - An update for libreswan is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.