Update to prevent invalid fragment values from leading to a buffer overrun
Comment
Archive for September 7th, 2023
9 results.
Debian: DSA-5491-1: chromium security update
Sep07
on September 7, 2023
at 6:38 pm
Posted In: Uncategorized
Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
Python could be made to crash or leak sensitive information if it received specially crafted input.
PLIB could be made to execute arbitrary code if it opens a specially crafted TGA file.
RedHat: RHSA-2023-5019:01 Important: firefox security update
Sep07
on September 7, 2023
at 1:08 pm
Posted In: Uncategorized
An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
Ubuntu 6352-1: Apache Shiro vulnerabilities
Sep07
on September 7, 2023
at 4:01 am
Posted In: Uncategorized
Several security issues were fixed in Apache Shiro.
This release fixes a heap buffer overwrite in search_brace() (CVE-2023-40305) and a heap overread in lexi().
Fedora 37: php-phpmailer6 2023-f2be748f28
Sep07
on September 7, 2023
at 2:12 am
Posted In: Uncategorized
Minor security note * The DSN support added in 6.8.0 reflects the DSN back to the user in an error message if it is invalid. If a DSN uses user-supplied input (a very bad idea), it opens a distant possibility of XSS if the host app does not escape output. In an abundance of caution, malformed DSNs are no longer reflected in error messages. Changes * Don’t reflect malformed DSNs in
Update to prevent invalid fragment values from leading to a buffer overrun