Open Source Security Mailing List

Discussion of security flaws, concepts, and practices in the Open Source community

List Archives

Jan–Mar
Apr–Jun
Jul–Sep
Oct–Dec
2024
358
233
–
–
2023
220
284
269
356
2022
212
220
239
273
2021
281
236
193
182
2020
131
219
211
241
2019
199
237
257
176
2018
287
256
284
279
2017
701
658
596
437
2016
738
637
689
788
2015
1068
839
658
618
2014
714
711
886
1185
2013
777
648
688
583
2012
815
578
591
549
2011
640
738
550
591
2010
291
376
465
383
2009
250
264
272
304
2008
206
390
402
358

Latest Posts

Re: New SMTP smuggling attack Erik Auerswald (May 09)
Hi,

This section of the RFC explicitly states that any ASCII character is
allowed (see the first sentence you omitted from your quote). Any ASCII
character includes NUL. Stripping the NUL violates the standard.
This is obvious. The RFC text is clear.

The Cisco ESA has been called out in the original SMTP smuggling report
as facilitating SMTP smuggling attacks, thus it is useful as an example.
It provides an example where a side-effect of...

CVE-2024-34365: Apache Karaf Cave: Cave SSRF and arbitrary file access Arnout Engelen (May 09)
Severity: important

Affected versions:

- Apache Karaf Cave or later

Description:

** UNSUPPORTED WHEN ASSIGNED ** Improper Input Validation vulnerability in Apache Karaf Cave.This issue affects all
versions of Apache Karaf Cave.

As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an
alternative or restrict access to the instance to trusted users.NOTE: This vulnerability only...

[kubernetes] CVE-2024-3744: azure-file-csi-driver discloses service account tokens in logs Rita Zhang (May 09)
Hello Kubernetes Community,

A security issue was discovered in azure-file-csi-driver where an actor
with access to the driver logs could observe service account tokens. These
tokens could then potentially be exchanged with external cloud providers to
access cloud resources. Tokens are only logged when TokenRequests is
configured in the CSIDriver object
<https://kubernetes-csi.github.io/docs/token-requests.html> and the driver
is set to...

Re: New SMTP smuggling attack Mark Esler (May 09)
This applies to <CRLF>.<CRLF> and RFC 5321 section 4.5.2 as well.

Postfix' CVE-2023-51764 patchset adds options to normalize (default),
note, reject, or ignore bare newlines:
```
cleanup_replace_stray_cr_lf = default:yes
smtpd_forbid_bare_newline = default:normalize
smtpd_forbid_bare_newline_exclusions = default:$mynetworks
```
(See Postfix' HISTORY file for more context.)

To get back to your question, these all have...

CVE-2024-26579: Apache Inlong JDBC Vulnerability Charles Zhang (May 09)
Severity: important

Affected versions:

- Apache InLong 1.7.0 through 1.10

Description:

Deserialization of Untrusted Data vulnerability in Apache InLong.This issue affects Apache InLong: from 1.7.0 through
1.11.0,

the attackers can bypass using malicious parameters.

Users are advised to upgrade to Apache InLong's 1.12.0 or cherry-pick [1], [2] to solve it.

[1] https://github.com/apache/inlong/pull/9694

[2] ...

CVE-2024-32113: Apache OFBiz: Path traversal leading to RCE Jacques Le Roux (May 09)
Severity: important

Affected versions:

- Apache OFBiz before 18.12.13

Description:

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz.This issue
affects Apache OFBiz: before 18.12.13.

Users are recommended to upgrade to version 18.12.13, which fixes the issue.

Credit:

Qiyi Zhang (RacerZ) @secsys from Fudan (finder)

References:

https://ofbiz.apache.org/download.html...

Xen Security Advisory 457 v3 (CVE-2024-27393) - Linux/xen-netfront: Memory leak due to missing cleanup function Xen . org security team (May 08)
Xen Security Advisory CVE-2024-27393 / XSA-457
version 3

Linux/xen-netfront: Memory leak due to missing cleanup function

UPDATES IN VERSION 3
====================

CVE assigned.

ISSUE DESCRIPTION
=================

In netfront, xennet_alloc_one_rx_buffer() failed to call the
appropriate clean-up function, resulting in a memory leak.

IMPACT
======

A malicious guest userspace process can exhaust...

[security] Go 1.22.3 and Go 1.21.10 are released Alan Coopersmith (May 08)
https://groups.google.com/g/golang-announce/c/wkkO4P9stm0 announces:

Re: CVE-2024-26925: Linux: nf_tables: locking issue in the nf_tables_abort() function Salvatore Bonaccorso (May 08)
Hi,

Should be noted that this though has been backported to stable series:

5.4.262, 5.10.198, 5.15.134, 6.1.56, 6.4.13

but equally the fix in

5.4.274, 5.10.215, 5.15.155, 6.1.86, 6.6.26, 6.8.5.

Regards.
Salvatore

Xen Security Advisory 457 v2 - Linux/xen-netfront: Memory leak due to missing cleanup function Xen . org security team (May 08)
Xen Security Advisory XSA-457
version 2

Linux/xen-netfront: Memory leak due to missing cleanup function

UPDATES IN VERSION 2
====================

* Clarify the XSA is in netfront and *not* netback
* Clarify the impact: only the guest may crash

ISSUE DESCRIPTION
=================

In netfront, xennet_alloc_one_rx_buffer() failed to call the
appropriate clean-up function, resulting in a...

Xen Security Advisory 457 v1 - Linux/xen-netback: Memory leak due to missing cleanup function Xen . org security team (May 07)
Xen Security Advisory XSA-457

Linux/xen-netback: Memory leak due to missing cleanup function

ISSUE DESCRIPTION
=================

In netback, xennet_alloc_one_rx_buffer() failed to call the
appropriate clean-up function, resulting in a memory leak.

IMPACT
======

A malicious guest userspace process can exhaust memory resources
within the guest kernel, potentially leading to a system crash (Denial
of Service). It is not...

Xen Security Advisory 456 v3 (CVE-2024-2201) - x86: Native Branch History Injection Xen . org security team (May 07)
Xen Security Advisory CVE-2024-2201 / XSA-456
version 3

x86: Native Branch History Injection

UPDATES IN VERSION 3
====================

Issues were found with the original code changes. See the bottom of the
Resolution section for how to obtain those.

ISSUE DESCRIPTION
=================

In August 2022, researchers at VU Amsterdam disclosed Spectre-BHB.

Spectre-BHB was discussed in...

CVE-2024-26925: Linux: nf_tables: locking issue in the nf_tables_abort() function HexRabbit Chen (May 07)
Hello,

I found a locking issue in nf_tables set element GC implementation and
exploited it in kernelCTF. The bug breaks the sequence number assumption
in set asynchronous GC, which can be used to cause double free, and
leads to local privilege escalation.

Introduced in v6.5:
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=720344340fb9

Fixed in v6.9-rc3:...

GLib (2.26.0+): GDBus signal subscriptions for well-known names are vulnerable to unicast spoofing Philip Withnall (May 07)
Hello,

A series of related security fixes for how signal subscriptions are
handled in GDBus have just landed in GLib. They have been assigned CVE-
2024-34397:

* https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4038 (changes
on main)
* https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4039 (trivial
backport to glib-2-80)
* https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4040 (non-
trivial backport to glib-2-78)

There is a...

Re: Buildroot: incorrect permissons on /dev/shm Peter Korsgaard (May 07)
> Ben, All,
> On 2024-05-06 12:24 +0200, Ben Hutchings via buildroot spake thusly:
>> On Thu, Apr 11, 2024 at 05:31:02PM +0200, Ben Hutchings wrote:
>> > Buildroot is a Linux distribution and system builder for embedded
>> > systems. Starting in Buildroot 2011.08, its default /etc/fstab
>> > included an entry for /dev/shm with incorrect permissons (sticky bit
>> > not set). (CWE-276)...

More Lists

Dozens of other network security lists are archived at SecLists.Org.