Explore top 10 tips to secure your open-source projects now. Read More
×
Marcin Nowak discovered that dbclient(1) hostname arguments with a comma (for multihop) are passed to the shell which could result in running arbitrary shell commands locally. That could be a security issue in situations where dbclient(1) is passed untrusted hostname arguments. . ------------------------------------------------------------------------- Debian LTS Advisory DLA-4169-1
Two security vulnerabilities were discovered in Emacs: CVE-2024-53920 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5871-1
Update to 1.8.0 Fix for CVE-2024-6257 CVE-2024-6104 CVE-2024-24789. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-c83208238d 2024-08-08 02:40:51.386017 -------------------------------------------------------------------------------- Name : opentofu Product : Fedora 40 Version : 1.8.0 Release : 1.fc40 URL : https://github.com/opentofu/opentofu Summary : OpenTofu lets you declaratively manage your cloud infrastructure Description : OpenTofu lets you declaratively manage your cloud infrastructure. -------------------------------------------------------------------------------- Update Information: Update to 1.8.0 Fix for CVE-2024-6257 CVE-2024-6104 CVE-2024-24789 -------------------------------------------------------------------------------- ChangeLog: * Mon Jul 29 2024 Mikel Olasagasti Uranga - 1.8.0-1 - Update to 1.8.0 - Closes rhbz#2300353 * Sat Jul 27 2024 Mikel Olasagasti Uranga - 1.7.3-3 - Fix for CVE-2024-6257 CVE-2024-6104 CVE-2024-24789 - Closes rhbz#2294255 rhbz#2294007 rhbz#2292714 * Thu Jul 18 2024 Fedora Release Engineering - 1.7.3-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2292714 - CVE-2024-24789 opentofu: golang: archive/zip: Incorrect handling of certain ZIP files [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2292714 [ 2 ] Bug #2294007 - CVE-2024-6104 opentofu: go-retryablehttp: url might write sensitive information to log file [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2294007 [ 3 ] Bug #2294255 - CVE-2024-6257 opentofu: hashicorp/go-getter: Arbitrary command execution through local git config file [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2294255 -------------------------------------------------------------------------------- This updatecan be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-c83208238d' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
It was discovered that missing input sanitising in libspreadsheet-parseexcel-perl, a Perl module to access information from Excel Spreadsheets, may result in the execution of arbitrary commands if a specially crafted document file is processed. . - ------------------------------------------------------------------------- Debian Security Advisory DSA-5592-1
It was discovered that missing input sanitising in the ctags functionality of Emacs may result in the execution of arbitrary shell commands. For the stable distribution (bullseye), this problem has been fixed in . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5314-1
Git could be made to run arbitrary commands as an administrator if it received specially crafted inputs.. =========================================================================Ubuntu Security Notice USN-5511-1 July 13, 2022 git vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS - Ubuntu 21.10 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Git could be made to run arbitrary commands as an administrator if it received specially crafted inputs. Software Description: - git: fast, scalable, distributed revision control system Details: Carlo Marcelo Arenas Belón discovered that an issue related to CVE-2022-24765 still affected Git. An attacker could possibly use this issue to run arbitrary commands as administrator. (CVE-2022-29187) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS: git 1:2.34.1-1ubuntu1.4 Ubuntu 21.10: git 1:2.32.0-1ubuntu1.3 Ubuntu 20.04 LTS: git 1:2.25.1-1ubuntu3.5 Ubuntu 18.04 LTS: git 1:2.17.1-1ubuntu0.12 In general, a standard system update will make all the necessary changes. References: CVE-2022-29187 Package Information: https://launchpad.net/ubuntu/+source/git/1:2.34.1-1ubuntu1.4 https://launchpad.net/ubuntu/+source/git/1:2.32.0-1ubuntu1.3 https://launchpad.net/ubuntu/+source/git/1:2.25.1-1ubuntu3.5 https://launchpad.net/ubuntu/+source/git/1:2.17.1-1ubuntu0.12 . Ubuntu Security Notice USN-5512-1 addresses vulnerabilities in Samba that could lead to unauthorized access and data leakage through manipulated requests.. Ubuntu Security, Git Command Execution, Software Threats. . Severity: Critical. LinuxSecurity.com Team
Elison Niven discovered that the c_rehash script included in OpenSSL did not sanitise shell meta characters which could result in the execution of arbitrary commands. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5139-1
Tim Starling discovered two vulnerabilities in firejail, a sandbox program to restrict the running environment of untrusted applications. CVE-2020-17367 . - ------------------------------------------------------------------------- Debian Security Advisory DSA-4742-1
Get the latest Linux and open source security news straight to your inbox.