[oss-security] fetchmail-SA-2025-01: SMTP AUTH denial of service

https://www.fetchmail.info/fetchmail-SA-2025-01.txt reports: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 fetchmail-SA-2025-01: SMTP AUTH denial of service Topics: fetchmail SMTP client can crash when authenticating Author: Matthias Andree Version:1.0 Announced:

[oss-security] malware in SoopSocks package on PyPi

/ -- -Alan Coopersmith- alan.coopersm...@oracle.com Oracle Solaris Engineering - https://blogs.oracle.com/solaris

[oss-security] SQLite - Integer Overflow in FTS5 Extension [CVE-2025-7709]

bp 0x7ffdd1591570 sp 0x7ffdd1591568 READ of size 8 at 0x503012f0 thread T0 Fix can be found here: https://sqlite.org/src/info/63595b74956a9391 Timeline Date reported: 07/15/2025 Date fixed: 07/16/2025 Date disclosed: 08/15/2025 See the above URL for Further Analysis. --

[oss-security] SQLite: Integer truncation in findOrCreateAggInfoColumn [CVE-2025-6965]

rray [5] is followed by an out-of-bounds write to the same index [6], leading to memory corruption. Timeline Date reported: 2025-06-28 Date fixed: 2025-06-30 Date disclosed: 2025-08-25 [See the above URL for the code excerpt that the [...] references point to and for further analysis

[oss-security] CVE-2025-43023 in HPLIP for Use of 1024-bit DSA Key

-but-rely-on-installed-signing_key.a.patch/ -- -Alan Coopersmith- alan.coopersm...@oracle.com Oracle Solaris Engineering - https://blogs.oracle.com/solaris

Re: [oss-security] RSYNC: 6 vulnerabilities

the machine the server is running on. The researchers responsible for #1-#5 on that list have now published their writeup in https://phrack.org/issues/72/11_md#article . -- -Alan Coopersmith- alan.coopersm...@oracle.com Oracle Solaris Engineering - https

Re: [oss-security] HTTP/2 implementations are vulnerable to "MadeYouReset" DoS attack through HTTP/2 control frames

On 8/13/25 11:27, Alan Coopersmith wrote: https://kb.cert.org/vuls/id/767506 was published today: HTTP/2 implementations are vulnerable to "MadeYouReset" DoS attack  through HTTP/2 control frames Vulnerability Note VU#767506 Original Release Date: 2025-08-13 | Last Revised:

[oss-security] HTTP/2 implementations are vulnerable to "MadeYouReset" DoS attack through HTTP/2 control frames

anks to the reporters, Gal Bar Nahum, Anat Bremler-Barr, and Yaniv Harel of Tel Aviv University. This document was written by Christopher Cullen. See https://kb.cert.org/vuls/id/767506 for the latest vendor information, as it gets updated as affected implementations issu

[oss-security] CVE-2025-47906 & CVE-2025-47907 fixed in Go 1.24.6 & 1.23.12

an error. We believe this affects most database/sql drivers. Thanks to Spike Curtis from Coder for reporting this issue. This is CVE-2025-47907 and https://go.dev/issue/74831. View the release notes for more information: https://go.dev/doc/devel/release#go1.24.6

[oss-security] Fwd:[CVE-2025-8194] Cpython Tarfile infinite loop during parsing with negative member offset

Forwarded Message Subject:[Security-announce][CVE-2025-8194] Tarfile infinite loop during parsing with negative member offset Date: Mon, 28 Jul 2025 18:44:01 + From: Seth Larson Reply-To: security-...@python.org To: security-annou...@python.org

[oss-security] GHSL-2025-054: Use After Free (UAF) in Poppler - CVE-2025-52886

-054 in any communication regarding this issue. -- -Alan Coopersmith- alan.coopersm...@oracle.com Oracle Solaris Engineering - https://blogs.oracle.com/solaris

[oss-security] PHP security releases 8.4.10, 8.3.23, 8.2.29, 8.1.33

(Null byte termination in hostnames). (CVE-2025-1220) https://github.com/php/php-src/security/advisories/GHSA-3cr5-j632-f35r -- -Alan Coopersmith- alan.coopersm...@oracle.com Oracle Solaris Engineering - https://blogs.oracle.com/solaris

[oss-security] gnutls 3.8.10 fixes 4 CVEs

tracker as <https://gitlab.com/gnutls/gnutls/-/issues/1718>. Recommendation: To address the issue found upgrade to GnuTLS 3.8.10 or later versions. -- -Alan Coopersmith- alan.coopersm...@oracle.com Oracle Solaris Engineering - https://blogs.oracle.com/solaris

Re: [oss-security] 5 security issues disclosed in libxml2

On 6/16/25 15:12, Alan Coopersmith wrote: BTW, users of libxml2 may also be using its sibling project, libxslt, which currently has no active maintainer, but has three unfixed security issues reported against it according to https://gitlab.gnome.org/Teams/Releng/security/-/wikis/2025#libxml2-and

[oss-security] Go 1.24.5 & 1.23.11 fix CVE-2025-4674

ase#go1.24.5 You can download binary and source distributions from the Go website: https://go.dev/dl/ To compile from source using a Git clone, update to the release with git checkout go1.24.5 and build as usual. Thanks to everyone who contributed to the releases. Cheers, Carlos and David for t

[oss-security] libssh 0.11.2 security and bugfix release

libssh is compiled with the OpenSSL backend. === Credits === Originally reported by Ronald Crane (Hackerone: tdp3kel9g) via Zippenhop LLC Patches provided by Jakub Jelen from the libssh team. -- -Alan Coopersmith- alan.coopersm...@oracle.com Oracle

[oss-security] CPython: Multiple CVEs (1 CRITICAL, 3 HIGH, 1 MODERATE) affecting the tarfile module

It looks like the following notice never got forwarded to this list. A followup post added: There is a correction for the mitigation. The mitigation code CVE-2025-4517, CVE-2025-4330, CVE-2025-4138, and CVE-2024-12718 is now provided in this Gist: https://gist.github.com/sethmlarson/52398e33eff

[oss-security] ClamAV 1.4.3 and 1.0.9 security patch versions published

identifying this issue. -- -Alan Coopersmith- alan.coopersm...@oracle.com Oracle Solaris Engineering - https://blogs.oracle.com/solaris

[oss-security] 5 security issues disclosed in libxml2

curity/-/wikis/2025#libxml2-and-libxslt -- -Alan Coopersmith- alan.coopersm...@oracle.com Oracle Solaris Engineering - https://blogs.oracle.com/solaris

[oss-security] Go 1.24.4 and Go 1.23.10 fix CVE-2025-4673, CVE-2025-0913, CVE-2025-22874

https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A/m/XDxq7uidAgAJ announces: Hello gophers, We have just released Go versions 1.24.4 and 1.23.10, minor point releases. These minor releases include 3 security fixes following the security policy: * net/http: sensitive headers not clear

[oss-security] CVE-2024-47081: Netrc credential leak in PSF requests library

[I'm not sure how the attacker is supposed to get the victim to make a requests call using a URL the attacker controls, but that didn't stop them from getting a CVE issued for this. -alan- ] Forwarded Message Subject: [FD] CVE-2024-47081: Netrc credential leak in PSF requests

[oss-security] Samba 4.21.6 fixes CVE-2025-0620 in SMB session re-authentication

Forwarded Message Subject: [Announce] Samba 4.21.6 Available for Download Date: Tue, 3 Jun 2025 09:11:55 +0200 From: Jule Anger via samba-announce Reply-To: Jule Anger To: samba-annou...@lists.samba.org, sa...@lists.samba.org, samba-techni...@lists.samba.org Release Anno

Re: [oss-security] CVE-2025-5278: Heap Buffer Overflow in GNU Coreutils sort

On 5/29/25 02:46, Simon McVittie wrote: On Tue, 27 May 2025 at 14:43:44 -0700, Alan Coopersmith forwarded: The vulnerability is exploitable when:   1. A user passes the key specification in traditional format (   +0.18446744073709551615R) How would an attacker trigger this? Is this only

[oss-security] CVE-2025-5278: Heap Buffer Overflow in GNU Coreutils sort

g back to the more verbose code from coreutils 7.1 avoids the issue. and appears to have pushed a fix & test case in: https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633 -- -Alan Coopersmith- alan.coope

[oss-security] CVE-2025-48708: ghostscript can embed plaintext password in encrypted PDFs

ostpdl.git/commit/?h=gs10.05.1&id=5b5968c306b3e35cdeec83bb15026fd74a7334de -- -Alan Coopersmith- alan.coopersm...@oracle.com Oracle Solaris Engineering - https://blogs.oracle.com/solaris

[oss-security] CPython CVE-2025-4516: Use-after-free crash using bytes.decode("unicode_escape", error="ignore|replace")

Forwarded Message Subject: [Security-announce][CVE-2025-4516] Use-after-free crash using bytes.decode("unicode_escape", error="ignore|replace") Date: Thu, 15 May 2025 09:33:30 -0400 From: Seth Larson Reply-To: security-...@python.org To: security-annou...@py

[oss-security] Dropbear SSH 2025.88 fixes CVE-2025-47203

eport, tracked as CVE-2025-47203 -- -Alan Coopersmith- alan.coopersm...@oracle.com Oracle Solaris Engineering - https://blogs.oracle.com/solaris

[oss-security] CVE-2025-4207: PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation

. This affects the database server and also libpq. Versions before PostgreSQL 17.5, 16.9, 15.13, 14.18, and 13.21 are affected. -- -Alan Coopersmith- alan.coopersm...@oracle.com Oracle Solaris Engineering - https://blogs.oracle.com/solaris

Re: [oss-security] CVE-2025-27363: out of bounds write in FreeType <= 2.13.0

undling and unbundling tendencies in the packaging of browsers, so I am not sure how exposed anyone is. Anyway, I don't see patches for 2.11.x and 2.12.x in stable/LTS releases, and the FreeType website seems pretty quiet about this. Douglas -- -Alan Coopersmith- alan.c

[oss-security] Go 1.24.3 fixes CVE-2025-22873: os: Root permits access to parent directory

clone, update to the release with git checkout go1.24.3 and build as usual. Thanks to everyone who contributed to the releases. Cheers, Cherry and Carlos for the Go team -- -Alan Coopersmith- alan.coopersm...@oracle.com Oracle Solaris Engineering - https://blogs.oracle.com/solaris

[oss-security] CVE-2025-47153: out-of-bounds access in some 32-bit builds of Node.js

r the year 2038.] -- -Alan Coopersmith- alan.coopersm...@oracle.com Oracle Solaris Engineering - https://blogs.oracle.com/solaris

[oss-security] CVE-2025-23016: Integer & buffer overflow in fastcgi < 2.4.5

gests both upgrading to the fixed version and "limiting potential remote access to the FastCGI socket by declaring it as a UNIX socket." -- -Alan Coopersmith- alan.coopersm...@oracle.com Oracle Solaris Engineering - https://blogs.oracle.com/solaris

[oss-security] 3 new CVE's in old branch of GNU mailman

ation bypass flaw that allows unauthenticated attackers to create mailing lists via the /mailman/create endpoint. The issue stems from missing access controls in the create CGI script, enabling attackers to abuse the mailing system for spam, phishing, or resource exhaustion. --

[oss-security] libarchive 3.7.8 fixed CVE-2024-57970, CVE-2025-1632, & CVE-2025-25724

) - tar reader: fix unchecked return value in list_item_verbose() (#2532, CVE-2025-25724) (Though 3.7.9 has since been released to fix a regression in libarchive 3.7.8 regarding GNU sparse entries.) -- -Alan Coopersmith- alan.coopersm...@oracle.com Oracle Solaris

[oss-security] A bowlful of bugs in GNOME's libsoup

Fixed Fix: Not Fixed CVE: CVE-2025-32914 CWE: Out-of-bounds Read (CWE-125) Discovery Credit: Alon Zahavi Additional Thanks: Sovereign Tech Resilience program of the Sovereign Tech Agency libsoup is vulnerable to an out of bounds read in soup_multipart_new_from_message(

Re: [oss-security] CVE program averts swift end

ption, especially for EU folks. -- -Alan Coopersmith- alan.coopersm...@oracle.com Oracle Solaris Engineering - https://blogs.oracle.com/solaris

[oss-security] Security audit of PHP

https://thephp.foundation/blog/2025/04/10/php-core-security-audit-results/ https://ostif.org/php-audit-complete/ -- -Alan Coopersmith- alan.coopersm...@oracle.com Oracle Solaris Engineering - https://blogs.oracle.com/solaris

[oss-security] CVE-2025-22871 : Go net/http: request smuggling through invalid chunked data

lines containing a bare LF. Thanks to Jeppe Bonde Weikop for reporting this issue. This is CVE-2025-22871 and Go issue https://go.dev/issue/71988. -- -Alan Coopersmith- alan.coopersm...@oracle.com Oracle Solaris Engineering - https://blogs.oracle.com/solaris

[oss-security] pgAdmin 4 v9.2 fixes CVE-2025-2945 & CVE-2025-2946

heads/main/pgAdmin_poc.mp4 Cloud Deployment with Google Provider vulnerability POC: https://www.youtube.com/watch?v=V2WzCmRct7s&ab_channel=SYP -- -Alan Coopersmith- alan.coopersm...@oracle.com Oracle Solaris Engineering - https://blogs.oracle.com/solaris

[oss-security] CVE-2025-3155 GNOME Yelp: Arbitrary file read by abusing ghelp scheme

help document. This notably requires the attacker to guess the filesystem path of the downloaded help document. While there are proposed patches in the bug report, none seem to have been committed to the git repo yet. -- -Alan Coopersmith- alan.coopersm...@oracle.com

Re: [oss-security] atop: Heap corruption

Upstream now has a bug for tracking this as well: https://github.com/Atoptool/atop/issues/334 -- -Alan Coopersmith- alan.coopersm...@oracle.com Oracle Solaris Engineering - https://blogs.oracle.com/solaris

Re: [oss-security] atop: Heap corruption

but only listing the above blog and the ycombinator threads for details. -- -Alan Coopersmith- alan.coopersm...@oracle.com Oracle Solaris Engineering - https://blogs.oracle.com/solaris

Re: [oss-security] CVE-2025-29927: Authorization Bypass in Next.js Middleware

On 3/23/25 12:14, Alan Coopersmith wrote: https://github.com/vercel/next.js/security/advisories/GHSA-f82v-jwr5-mffw adds: Credits     Allam Rachid (zhero;)     Allam Yasser (inzo_) They have published their own writeup at: https://zhero-web-sec.github.io/research-and-things/nextjs-and-the

[oss-security] CVE-2025-29927: Authorization Bypass in Next.js Middleware

us more proactively work with partners depending on Next.js, and other infrastructure providers, we are opening a partner mailing list. Please reach out to partn...@nextjs.org to be included. https://github.com/vercel/next.js/security/advisories/GHSA-f82v-jwr5-mffw adds: Credits

[oss-security] Mercurial 6.9.4 fixes CVE-2025-2361: XSS in hgweb

hope that measures like refreshing our security list should improve the situation in the future. Debian's security tracker points to this commit for further details: https://foss.heptapod.net/mercurial/mercurial-devel/-/commit/a5c72ed2929341d97b11968211c880854803f003 -- -Alan C

[oss-security] PHP security releases 8.4.5, 8.3.19, 8.2.28, 8.1.32

parser of `http` stream wrapper does not handle folded headers). (CVE-2025-1217) https://github.com/php/php-src/security/advisories/GHSA-v8xr-gpvj-cx9g -- -Alan Coopersmith- alan.coopersm...@oracle.com Oracle Solaris Engineering - https://blogs.oracle.com/solaris

[oss-security] [CVE-2024-8176] Long linear chains of entities crash Expat with stack overflow due to use of unlimited recursion

On 3/15/24 09:57, Alan Coopersmith wrote: https://blog.hartwork.org/posts/expat-2-6-2-released/ (published 2024-03-13) announces the release of Expat 2.6.2, with security fixes: [...] The blog also points to the call for help maintaining libexpat in the Changelog at https://github.com

[oss-security] Go CVE-2025-22870: proxy bypass using IPv6 zone IDs

CVE-2025-22870 and Go issue https://go.dev/issue/71984. -- -Alan Coopersmith- alan.coopersm...@oracle.com Oracle Solaris Engineering - https://blogs.oracle.com/solaris

[oss-security] GNU Emacs 30.1 released with 2 CVE fixes

ears, but has not been addressed thus far. Emacs maintainers are working on countermeasures that will hopefully make their way into future Emacs versions. This advisory is intended to help users of existing Emacs versions protect themselves. UPDATE: Mitigations are implemented in Emacs 30.

[oss-security] OpenH264 Decoding Functions Heap Overflow Vulnerability

x ideation: Philipp Hancke and Shyam Sadhwani of Meta Fix implementation: Benzheng Zhang (@BenzhengZhang) Release engineering: Benzheng Zhang (@BenzhengZhang) -- -Alan Coopersmith- alan.coopersm...@oracle.com Oracle Solaris Engineering - https://blogs.

[oss-security] [CVE-2024-3220] CPython: Default mimetype known files writeable on Windows

Forwarded Message Subject: [Security-announce][CVE-2024-3220] Default mimetype known files writeable on Windows Date: Fri, 14 Feb 2025 10:16:45 -0600 From: Seth Larson Reply-To: security-...@python.org To: security-annou...@python.org There is a LOW sever

[oss-security] Fwd: libtasn1-4.20.0 released [fixes CVE-2024-12133]

At the very bottom of the message below, you will find that this release includes a fix for: - Fix CVE-2024-12133: Potential DoS in handling of numerous SEQUENCE OF or SET OF elements The CVE record is not yet published, but a writeup appears to be available at: https://gitlab.com/gnutls/libtas

[oss-security] 7-Zip Mark-of-the-Web Bypass Vulnerability on Windows platforms

apped inside "#if defined(_WIN32)". -- -Alan Coopersmith- alan.coopersm...@oracle.com Oracle Solaris Engineering - https://blogs.oracle.com/solaris

[oss-security] Node.js EOL CVEs: CVE-2025-23087, CVE-2025-23088, CVE-2025-23089

s as vulnerable even if no existing CVE specifically says that they are. While I can understand their reasoning, I can just imagine the noise if every project started issuing CVE's for every version that reaches EOL. -- -Alan Coopersmith- alan.coopersm...@oracle.com

Re: [oss-security] Oracle January 2025 Critical Patch Update

com/security-alerts/#OLBulletin Oracle Solaris: https://www.oracle.com/security-alerts/#SolarisThirdPartyBulletin -- -Alan Coopersmith- alan.coopersm...@oracle.com Oracle Solaris Engineering - https://blogs.oracle.com/solaris

[oss-security] CERT/CC VU#199397 - Insecure Implementation of Tunneling Protocols (GRE/IPIP/4in6/6in4)

nformation section of the note at https://kb.cert.org/vuls/id/199397 for the latest information from the various implementations. -- -Alan Coopersmith- alan.coopersm...@oracle.com Oracle Solaris Engineering - https://blogs.oracle.com/solaris

[oss-security] Go 1.23.5 and Go 1.22.11 are released with 2 security fixes

. Cheers, Michael and Dmitri for the Go team -- -Alan Coopersmith- alan.coopersm...@oracle.com Oracle Solaris Engineering - https://blogs.oracle.com/solaris

Re: [oss-security] RSYNC: 6 vulnerabilities

test fixes. Also many thanks to Wayne Davison for assisting with the release process as this is the first release I've done since 2002 when Wayne took over as the rsync maintainer. Andrew Tridgell rsync maintainer (again!) -- -Alan Coopersmith- alan.coopersm...@oracl

[oss-security] "/bin/sh: The Biggest Unix Security Loophole" paper from 1984

fix shell injections and similar bugs. Fortunately when discussing other classes of bugs, it's prediction that "it is very unlikely that UNIX will ever be immune to this kind of loophole" has not stood the test of time as well. -- -Alan Coopersmith- alan.cooper

[oss-security] Re: GStreamer 1.24.10 stable security bug-fix release

On 12/13/24 10:26, Alan Coopersmith wrote: https://discourse.gstreamer.org/t/gstreamer-1-24-10-stable-bug-fix-release/3683 was posted on December 3, announcing:    The GStreamer team is pleased to announce another bug fix release in the new    stable 1.24 release series.    This release

[oss-security] GStreamer 1.24.10 stable security bug-fix release

gstreamer-plugins-base, and gstreamer-plugins-good packages. -- -Alan Coopersmith- alan.coopersm...@oracle.com Oracle Solaris Engineering - https://blogs.oracle.com/solaris

[oss-security] Fwd: [Security-announce][CVE-2024-12254] Unbounded memory buffering in SelectorSocketTransport.writelines()

Forwarded Message Subject: [Security-announce][CVE-2024-12254] Unbounded memory buffering in SelectorSocketTransport.writelines() Date: Fri, 6 Dec 2024 09:15:28 -0600 From: Seth Larson Reply-To: security-...@python.org To: security-annou...@python.org Ther

[oss-security] Fwd: wget-1.25.0 released [fixes CVE-2024-10524]

The JFrog Security Research Team has posted about this vulnerability in: https://jfrog.com/blog/cve-2024-10524-wget-zero-day-vulnerability/ They say: "The vulnerability, later assigned CVE-2024-10524, may lead to various types of attacks – including phishing, SSRF, and MiTM. These attacks can

[oss-security] CVE-2024-52533: Buffer overflow in socks proxy code in glib < 2.82.1

ase made on Sep. 19. https://www.cve.org/CVERecord?id=CVE-2024-52533 says that NVD has assigned a CVSS score of 9.8, but https://access.redhat.com/security/cve/CVE-2024-52533 suggests a score of 7.0 instead. -- -Alan Coopersmith- alan.coopersm...@oracle.com

Re: [oss-security] 4 recent security bugs in GNOME's libsoup

On 11/9/24 10:45, Alan Coopersmith wrote: https://gitlab.gnome.org/Teams/Releng/security/-/wikis/home lists four security vulnerabilities reported against libsoup since June 2024, none of which have CVE id's listed as being assigned.  (For those not familiar with it, libsoup is an HTTP c

[oss-security] 4 recent security bugs in GNOME's libsoup

390 is listed, but is not publicly visible yet, it has a disclosure date listed of November 19, 2024, and is marked as not yet fixed. -- -Alan Coopersmith- alan.coopersm...@oracle.com Oracle Solaris Engineering - https://blogs.oracle.com/solaris

[oss-security] libarchive 3.7.5 released with security fixes

ons (#2160) - uu: stop processing if lines are too long (#2168) It appears Mitre has issued CVE-2024-48957 (#2149) & CVE-2024-48958 (#2148) for the issues listed above as: - rar4: fix OOB in delta and audio filter (#2148, #2149) -- -Alan Coopersmith- alan.coopersm

[oss-security] CVE-2024-8508 in Unbound DNS server prior to 1.21.1

https://nlnetlabs.nl/downloads/unbound/CVE-2024-8508.txt states: The CVE number for this vulnerability is CVE-2024-8508. A vulnerability has been discovered in Unbound when handling replies with very large RRsets that Unbound needs to perform name compression for. == Summary Malicious upstrea

Re: [oss-security] CVE-2024-42415: Integer Overflow in GNOME libgsf

On 10/4/24 13:59, Alan Coopersmith wrote: The upstream bug report is at https://gitlab.gnome.org/GNOME/libgsf/-/issues/34 and states the bug is "Fixed in 1.14.53" and https://gitlab.gnome.org/GNOME/libgsf/-/ commit/06d0cb92a4c02e7126ef2ff6f5e29fd74b4be9e0 says it fixes that issue.

[oss-security] CVE-2024-42415: Integer Overflow in GNOME libgsf

in the report at the above URL. The upstream bug report is at https://gitlab.gnome.org/GNOME/libgsf/-/issues/34 and states the bug is "Fixed in 1.14.53" and https://gitlab.gnome.org/GNOME/libgsf/-/commit/06d0cb92a4c02e7126ef2ff6f5e29fd74b4be9e0 says it fixes that issue. --

Re: [oss-security] CUPS printing system vulnerabilities

140c -- -Alan Coopersmith- alan.coopersm...@oracle.com Oracle Solaris Engineering - https://blogs.oracle.com/solaris

[oss-security] Security fixes available in Python 3.13.0RC2, 3.12.6, 3.11.10, 3.10.15, 3.9.20, and 3.8.20

https://mail.python.org/archives/list/python-announce-l...@python.org/thread/N6H2D7I752UM3VZ37AVSBOC3CAGAMUX6/ announces the release of new versions of python for the 3.8 through 3.13 trains, including the following security content: gh-123678 an

[oss-security] libpcap 1.10.5 released with two security fixes

capture code, which is disabled by default. -- -Alan Coopersmith- alan.coopersm...@oracle.com Oracle Solaris Engineering - https://blogs.oracle.com/solaris

[oss-security] Go 1.23.1 and Go 1.22.7 released with 3 security fixes

https://x.com/golang/status/1831719877121339614 announces: Go 1.23.1 and 1.22.7 are released! Security: Includes security fixes for encoding/gob, go/build/constraint, and go/parser https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc further says: We have just released Go versions

[oss-security] CPython: [CVE-2024-6232] Regular-expression DoS when parsing TarFile headers

The CVE record currently says: Versions: affected from 0 before 3.13.0rc2 and points to https://github.com/python/cpython/issues/121285 which provides this slightly expanded description: "Today the tarfile module parsing of header values allows for backtracking when parsing header values. Head

[oss-security] CPython: CVE-2024-8088: Infinite loop when iterating over zip archive entry names

Forwarded Message Subject: [Security-announce][CVE-2024-8088] Infinite loop when iterating over zip archive entry names Date: Thu, 22 Aug 2024 13:40:20 -0500 From: Seth Larson Reply-To: security-...@python.org To: security-annou...@python.org There is a H

[oss-security] Unbound 1.21.0 released with multiple security fixes

flush*` commands. This appears to have been assigned CVE-2024-43167: https://www.cve.org/CVERecord?id=CVE-2024-43167 -- -Alan Coopersmith- alan.coopersm...@oracle.com Oracle Solaris Engineering - https://blogs.oracle.com/solaris

[oss-security] CPython CVE-2024-6923: Email header injection due to unquoted newlines

- Begin Forwarded Message - Subject:[Security-announce][CVE-2024-6923] Email header injection due to unquoted newlines Date: Thu, 1 Aug 2024 08:38:53 -0500 From: Seth Larson Reply-To: security-...@python.org To: security-annou...@python.org There is a MEDIUM severi

[oss-security] Fwd: [Security-announce] [CVE-2024-3219] Pure-Python fallback of socket.socketpair() doesn’t authenticate peer connection

Forwarded Message Subject:[Security-announce] [CVE-2024-3219] Pure-Python fallback of socket.socketpair() doesn’t authenticate peer connection Date: Mon, 29 Jul 2024 16:54:59 -0500 From: Seth Larson Reply-To: security-...@python.org To: security-annou.

Re: [oss-security] GStreamer Security Advisory 2024-0003: Orc compiler stack-based buffer overflow

code, sometimes it does, sometimes it doesn't). and so the standard was written to allow both ways to be conformant. If GNU libc was willing to change that, perhaps the next version of the standard could as well. -- -Alan Coopersmith- alan.coopersm...@oracle.com

[oss-security] GStreamer Security Advisory 2024-0003: Orc compiler stack-based buffer overflow

r system-specific extensions: https://pubs.opengroup.org/onlinepubs/9799919799/functions/asprintf.html https://pubs.opengroup.org/onlinepubs/9799919799/functions/vasprintf.html though they are not yet part of the C standard itself. -- -Alan Coopersmith- alan.coopersm...@or

[oss-security] GNU C Library version 2.40 released with 5 CVE fixes

can also be found at: https://sourceware.org/git/?p=glibc.git;a=tree;f=advisories;hb=glibc-2.40 -- -Alan Coopersmith- alan.coopersm...@oracle.com Oracle Solaris Engineering - https://blogs.oracle.com/solaris

Re: [oss-security] CVE-2024-6387: RCE in OpenSSH's server, on glibc-based Linux systems

I've requested and received many CVE's from the Red Hat CNA for security advisories issued by the X.Org Foundation - far more than "on occasion". -- -Alan Coopersmith- alan.coopersm...@oracle.com Oracle Solaris Engineering - https://blogs.oracle.com/solaris

[oss-security] CVE-2024-3596: RADIUS/UDP vulnerable to improved MD5 collision attack

. -- -Alan Coopersmith- alan.coopersm...@oracle.com Oracle Solaris Engineering - https://blogs.oracle.com/solaris

[oss-security] Kerberos 1.21.3 fixes vulnerabilities in GSS message token handling

valid memory reads by sending message tokens with invalid length fields. -- -Alan Coopersmith- alan.coopersm...@oracle.com Oracle Solaris Engineering - https://blogs.oracle.com/solaris

[oss-security] Fwd: [Security-announce][CVE-2024-5642] Buffer over-read in SSLContext.set_npn_protocols() for Python 3.9 and earlier

Note that in versions of Python that still had NPN support, whether NPN support is built depends on which SSL library/version you build with: https://github.com/python/cpython/blob/3.9/Modules/_ssl.c#L188-L202 Forwarded Message Subject: [Security-announce][CVE-2024-5642] Buffe

[oss-security] Indirector: High-Precision Branch Target Injection Attacks Exploiting the Indirect Branch Predictor

on for frequent domain crossings (browsers, sandboxes, and even kernel/user) - plus the fact that the OS does not use it in the most frequent domain transitions by default. -- -Alan Coopersmith- alan.coopersm...@oracle.com Oracle Solaris Engi

[oss-security] Fwd: [siren] Reputation Farming Using Closed Github Issues / PRs

Forwarded Message Subject: [siren] Reputation Farming Using Closed Github Issues / PRs Resent-Date: Mon, 24 Jun 2024 15:29:38 -0700 Resent-From: bpurs...@linuxfoundation.org Date: Mon, 24 Jun 2024 18:29:26 -0400 From: Bennett Pursell Reply-To: si...@lists.openssf-vuln.org, b

[oss-security] Fwd: [Security-announce][CVE-2024-4032] Incorrect IPv4 and IPv6 private ranges

Forwarded Message Subject:[Security-announce][CVE-2024-4032] Incorrect IPv4 and IPv6 private ranges Date: Mon, 17 Jun 2024 09:01:18 -0500 From: Seth Larson Reply-To: security-...@python.org To: security-annou...@python.org The “ipaddress” module cont

[oss-security] Fwd: [Security-announce][CVE-2024-0397] Memory race condition in ssl.SSLContext certificate store methods

Forwarded Message Subject: [Security-announce][CVE-2024-0397] Memory race condition in ssl.SSLContext certificate store methods Date: Mon, 17 Jun 2024 09:02:21 -0500 From: Seth Larson Reply-To: security-...@python.org To: security-annou...@python.org A def

[oss-security] vte 0.76.3 released with fix for CVE-2024-37535

lnerability found was in XTerm back in 2000. The CVE for the vulnerability in XTerm is CVE-2000-0476 Steps to reproduce: Open gnome-terminal Execute printf "e[4;65535;65535t" in the terminal -- -Alan Coopersmith- alan.coopersm...@oracle.com

[oss-security] PHP security releases 8.3.8, 8.2.20, and 8.1.29

. Unfortunately the related advisories don't seem to be published yet under those GHSA id's on https://github.com/php/php-src/security . -- -Alan Coopersmith- alan.coopersm...@oracle.com Oracle Solaris Engineering - https://blogs.oracle.com/solaris

[oss-security] libarchive 3.7.4 released with 2 security fixes

that the fix is available for other platforms from the open source upstream. [1] https://infosec.exchange/@wdormann/112559605548386109 -- -Alan Coopersmith- alan.coopersm...@oracle.com Oracle Solaris Engineering - https://blogs.oracle.com/solaris

[oss-security] Go 1.22.4 and Go 1.21.11 released with 2 security fixes (CVE-2024-24789, CVE-2024-24790)

this issue. This is CVE-2024-24790 and Go issue https://go.dev/issue/67680. View the release notes for more information: https://go.dev/doc/devel/release#go1.22.4 -- -Alan Coopersmith- alan.coopersm...@oracle.com Oracle Solaris Engineering -

[oss-security] Intel CPU Hardware Features and Behaviors Related to Speculative Execution

. You can find it at: https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/hardware-behavior-related-to-speculative-execution.html -- -Alan Coopersmith- alan.coopersm...@oracle.com Oracle Solaris

[oss-security] asterisk security releases 18.23.1, 20.8.1, & 21.3.1

All three releases address https://github.com/asterisk/asterisk/security/advisories/GHSA-qqxj-v78h-hrf9 "res_pjsip_endpoint_identifier_ip: wrongly matches ALL unauthorized SIP requests" "ALL unauthorized SIP requests are identified as PJSIP Endpoint of local asterisk server." "Impact: Unauthoriz

[oss-security] CVE-2024-21823: Intel DSA and Intel IAA advisory

;) I don't know if any other open source kernels or hypervisors support this hardware yet - if so, they will presumably need to publish equivalent mitigations. -- -Alan Coopersmith- alan.coopersm...@oracle.com Oracle Solaris Engineering - https://blogs.oracle.com/solaris

[oss-security] [security] Go 1.22.3 and Go 1.21.10 are released

rom the Go website: https://go.dev/dl/ To compile from source using a Git clone, update to the release with git checkout go1.22.3 and build as usual. Thanks to everyone who contributed to the releases. Cheers, David, Cherry, and Roland for the Go team -- -Alan C

[oss-security] Re: CVEs issued by the Linux kernel CNA

On 2/20/24 15:30, Alan Coopersmith wrote: As recently announced [1], kernel.org is now a CNA for the Linux kernel, and today issued its first 8 CVEs, as seen in the archives of their mailing list at https://lore.kernel.org/linux-cve-announce/ . Their documentation [2] warns that we should

[oss-security] CVE-2024-27322: Deserialization vulnerability in R before 4.4.0

ced the release of R 4.4.0 but does not mention the CVE id in the list of fixes. -- -Alan Coopersmith- alan.coopersm...@oracle.com Oracle Solaris Engineering - https://blogs.oracle.com/solaris

  1   2   >