Fabian Vogt reported that the PAM module in oath-toolkit, a collection of components to build one-time password authentication systems, does not safely perform file operations in users’s home directories when using the usersfile feature (allowing to place the OTP state in the home
Archive for October, 2024
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.
PHP version 8.2.24 (26 Sep 2024) CGI: Fixed bug GHSA-p99j-rfp4-xqvq (Bypass of CVE-2024-4577, Parameter Injection Vulnerability). (CVE-2024-8926) (nielsdos) Fixed bug GHSA-94p6-54jq-9mwp (cgi.force_redirect configuration is bypassable
Fix CVE-2024-9014.
Several security issues were fixed in ImageMagick.
A system authentication measure could be bypassed.
unzip could be made to crash or run programs as your login if it opened a specially crafted file.
Several security issues were fixed in the Linux kernel.
Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.
New upstream builds (131.0)
Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in incorrect parsing of multipart/form-data, bypass of the cgi.force_direct directive or incorrect logging.
A protocol flaw was fixed in AsyncSSH.
PHP version 8.3.12 (26 Sep 2024) CGI: Fixed bug GHSA-p99j-rfp4-xqvq (Bypass of CVE-2024-4577, Parameter Injection Vulnerability). (CVE-2024-8926) (nielsdos) Fixed bug GHSA-94p6-54jq-9mwp (cgi.force_redirect configuration is bypassable
Update to new upstream version (closes rhbz#2237124)
PHP version 8.3.12 (26 Sep 2024) CGI: Fixed bug GHSA-p99j-rfp4-xqvq (Bypass of CVE-2024-4577, Parameter Injection Vulnerability). (CVE-2024-8926) (nielsdos) Fixed bug GHSA-94p6-54jq-9mwp (cgi.force_redirect configuration is bypassable
Several security issues were fixed in Devise-Two-Factor.
cups-filters could be made to run programs if it received specially crafted network traffic.
Several security issues were fixed in PHP.
WordPress 6.7 Beta 1
WordPress 6.7 Beta 1 is now ready for download and testing! This version of the WordPress software is under development. Please do not install, run, or test this version of WordPress on production or mission-critical websites. Instead, it is recommended you evaluate Beta 1 on a test server and site.