Ubuntu 4478-1: Python-RSA vulnerability
Python-RSA could be made to expose sensitive information over the network.
Python-RSA could be made to expose sensitive information over the network.
New F32 selinux-policy build
Updates to the latest upstream release of Eclipse. See the upstream release notes for details: https://www.eclipse.org/eclipseide/2020-06/noteworthy/ Also contains security fixes for CVE-2019-17566 and CVE-2019-17638.
– New upstream version (80.0)
This release includes the latest stable version of Apache **httpd**, version **2.4.46**. A security issue is addressed in this update: * **CVE-2020-11984** mod_proxy_uwsgi: Malicious request may result in information disclosure or RCE of existing file on the server running under a malicious process environment. For the full list of changes in this release, see
Updates to the latest upstream release of Eclipse. See the upstream release notes for details: https://www.eclipse.org/eclipseide/2020-06/noteworthy/ Also contains security fixes for CVE-2019-17566 and CVE-2019-17638.
This is a security update for JBoss EAP Continuous Delivery 20. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
Several vulnerabilities have been found in the Apache HTTPD server. CVE-2020-1927
An update for git is now available for Red Hat Enterprise Linux 7.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
Multiple security issues have been found in Thunderbird which could result in the execution of arbitrary code or the unintended installation of extensions.
Faidon Liambotis discovered that Lilypond, a program for typesetting sheet music, did not restrict the inclusion of Postscript and SVG commands when operating in safe mode, which could result in the execution of arbitrary code when rendering a typesheet file with
Multiple security issues were found in the OpenEXR image library, which could result in denial of service and potentially the execution of arbitrary code when processing malformed EXR image files.
Security fix for CVE-2020-17507
A heap-based buffer overflow flaw was discovered in MuPDF, a lightweight PDF viewer, which may result in denial of service or the execution of arbitrary code if a malformed PDF file is opened.
Distributed Denial of Services (DDoS) attacks can take any website offline. Even Google and GitHub, with their immense resources, struggle to stay online during a large attack. Even worse, anyone with a few dollars can launch one. If you host websites, you and your users could be hit with a denial of service attack big enough to take sites down for hours or even days. However, the worst effects of DDoS attacks can be avoided …
The post How To Survive a DDoS Attack first appeared on cPanel Blog.
* The `readUvarint` function would run infinitely given specific input. The function is now terminating if more than 10 bytes of input have been read. Fixes [issue #35](https://github.com/ulikunitz/xz/issues/35) (CVE-2020-16845). * Supports the check-ID None and fixes “Checksum None is invalid” [issue #27](https://github.com/ulikunitz/xz/issues/27).
* The `readUvarint` function would run infinitely given specific input. The function is now terminating if more than 10 bytes of input have been read. Fixes [issue #35](https://github.com/ulikunitz/xz/issues/35) (CVE-2020-16845).
The Netcraft Browser Extension now
offers credential leak detection for extra protection against
shopping site skimmers.
With brick-and-mortar shops around the world closed due to COVID-19, consumers turned to online businesses to fulfil their shopping needs. According to Adobe’s Digital Economy Index report, US online spending in June was $73 billion, up 76% from $42 billion last year. Even with restrictions lifted, research commissioned by Visa suggests that 74% of Britons who shopped online more often during the lockdown will continue to do so.
Now more than ever it is important to protect against JavaScript skimmers. These are snippets of malicious code which criminals upload to compromised shops. Unbeknownst to the store owner or the user, they transmit entered card details directly to the criminal. Unlike scams such as phishing, which can often be avoided by a vigilant internet user, skimmers are invisible to the human eye without a tool such as the Netcraft Extension to expose them.
Netcraft currently blocks over 6,000 shopping sites which contain skimmers, and even large companies such as British Airways, Ticketmaster and Puma have fallen prey to these attacks in the past.
When you visit a shopping site, the Netcraft extension will
evaluate all requests made by the web page. If a request is found to
be sending credentials to a different domain, the extension
will block the request to prevent your data from being stolen. A block
screen will notify you about the request and provide
information about the malicious behaviour that was detected. Only
card number leaks are currently blocked, but other types of
credentials may be enabled in future updates.
For example, if you check out using your credit card on
exampleshoppingsite.com but your card details are sent to
examplebadsite.com, the extension will block the request. This
checking is done locally and securely in your browser – no sensitive
information is sent to Netcraft.
The extension will also block pages which make requests to
malicious domains that are part of JavaScript attacks.
In addition to shopping site skimmers, the Netcraft Extension also protects against other malicious JavaScript, phishing and fake shops, including those related to coronavirus. The extension is available for Chrome, Firefox, Opera and the new Microsoft Edge based on Chromium.
If you already have the Netcraft Extension installed, your browser
will update it automatically.
Several vulnerabilities were discovered in BIND, a DNS server implementation. CVE-2020-8619
Several security issues were fixed in Squid.
NSS could be made to expose sensitive information if it received a specially crafted input.
An update is now available for CloudForms Management Engine 5.10. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from
New version 3.2.6, Security fix for CVE-2020-17498
New version 3.2.6, Security fix for CVE-2020-17498
libX11 1.6.12 (CVE-2020-14363, CVE 2020-14344)
Chrony could be made to crash or expose sensitive information.
Several vulnerabilities were discovered in Squid, a fully featured web proxy cache, which could result in request splitting, request smuggling (leading to cache poisoning) and denial of service when processing crafted cache digest responses messages.
USN-4446-1 introduced a regression in Squid.
An update for jenkins, jenkins-2-plugins, openshift-ansible, and python-rsa is now available for Red Hat OpenShift Container Platform 3.11. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
Firefox could be made to crash or run programs as your login if it opened a malicious website.
58 queries. 8.75 mb Memory usage. 1.458 seconds.