#js

Red Hat Security Advisory 2024-0554-03 - An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include out of bounds write and use-after-free vulnerabilities.

Red Hat Security Advisory 2024-0539-03 - An update for tomcat is now available for Red Hat Enterprise Linux 8. Issues addressed include a HTTP request smuggling vulnerability.

Red Hat Security Advisory 2024-0538-03 - An update for libssh is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include bypass and null pointer vulnerabilities.

Red Hat Security Advisory 2024-0533-03 - An update for gnutls is now available for Red Hat Enterprise Linux 9.

Red Hat Security Advisory 2024-0532-03 - An update for tomcat is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a HTTP request smuggling vulnerability.

### Summary The Import Certificate feature allows arbitrary write into the system. The feature does not check if the provided user input is a certification/key and allows to write into arbitrary paths in the system. https://github.com/0xJacky/nginx-ui/blob/f20d97a9fdc2a83809498b35b6abc0239ec7fdda/api/certificate/certificate.go#L72 ``` func AddCert(c *gin.Context) { var json struct { Name string `json:"name"` SSLCertificatePath string `json:"ssl_certificate_path" binding:"required"` SSLCertificateKeyPath string `json:"ssl_certificate_key_path" binding:"required"` SSLCertificate string `json:"ssl_certificate"` SSLCertificateKey string `json:"ssl_certificate_key"` ChallengeMethod string `json:"challenge_method"` DnsCredentialID int `json:"dns_credential_id"` } if !api.BindAndValid(c, &json) { return } certModel := &model.Cert{ Name: json.Name, SSLCertificatePath: json.SSLCertificatePath, SSLCer...

Debian Linux Security Advisory 5609-1 - Several vulnerabilities were discovered in the Slurm Workload Manager, a cluster resource management and job scheduling system, which may result in privilege escalation, denial of service, bypass of message hash checks or opening files with an incorrect set of extended groups.

Debian Linux Security Advisory 5608-1 - A heap-based buffer overflow during tile list parsing was discovered in the AV1 video codec parser for the GStreamer media framework, which may result in denial of service or potentially the execution of arbitrary code if a malformed media file is opened.

Apple Security Advisory 01-22-2024-9 - tvOS 17.3 addresses code execution vulnerabilities.

Apple Security Advisory 01-22-2024-5 - macOS Sonoma 14.3 addresses bypass and code execution vulnerabilities.