#linux

Debian Linux Security Advisory 5616-1 - It was discovered that ruby-sanitize, a whitelist-based HTML sanitizer, insufficiently sanitized style elements, which may result in cross-site scripting.

Red Hat Security Advisory 2024-0670-03 - An update for runc is now available for Red Hat Enterprise Linux 9.

This is the fifth and final part of Vincent Danen’s “Patch management needs a revolution” series.Patch management needs a revolution, part 1: Surveying cybersecurity’s lineagePatch management needs a revolution, part 2: The flood of vulnerabilitiesPatch management needs a revolution, part 3: Vulnerability scores and the concept of trustPatch management needs a revolution, part 4: Sane patching is safe patching is selective patchingThere is an intersection between “compliance” and “security” but it’s wise to realize that compliance does not equal security. Compliance, when don

Debian Linux Security Advisory 5615-1 - It was discovered that runc, a command line client for running applications packaged according to the Open Container Format (OCF), was susceptible to multiple container break-outs due to an internal file descriptor leak.

This Metasploit exploit module leverages sql injection and local file inclusion vulnerabilities in Cacti versions prior to 1.2.26 to achieve remote code execution. Authentication is needed and the account must have access to the vulnerable PHP script (pollers.php). This is granted by setting the Sites/Devices/Data permission in the General Administration section.

Gentoo Linux Security Advisory 202402-10 - Multiple vulnerabilities have been found in NBD Tools, the worst of which could result in arbitrary code execution. Versions greater than or equal to 3.24 are affected.

runc versions 1.1.11 and below, as used by containerization technologies such as Docker engine and Kubernetes, are vulnerable to an arbitrary file write vulnerability. Due to a file descriptor leak it is possible to mount the host file system with the permissions of runc (typically root). Successfully tested on Ubuntu 22.04 with runc 1.1.7-0ubuntu1~22.04.1 using Docker build.

Debian Linux Security Advisory 5614-1 - Two vulnerabilities were discovered in zbar, a library for scanning and decoding QR and bar codes, which may result in denial of service, information disclosure or potentially the execution of arbitrary code if a specially crafted code is processed.

SISQUAL WFM version 7.1.319.103 suffers from a host header injection vulnerability.

Gentoo Linux Security Advisory 202402-9 - Multiple out-of-bounds read vulnerabilities have been discovered in Wireshark. Versions greater than or equal to 4.0.11 are affected.