similar to: Severity of unpublished CVE-2017-2619 and CVE-2017-7494

Thanks for the analysis of second bug. Please also share CVSSv3 score for first bug. Arjit Kumar On Fri, May 26, 2017 at 12:29 PM, Andrew Bartlett <abartlet at samba.org> wrote: > On Fri, 2017-05-26 at 11:36 +0530, Arjit Gupta via samba wrote: > > Hi Team, > > > > Please let me know the severity of CVE-2017-2619 and CVE-2017-7494. > > They are not unpublished:

On Fri, 2017-05-26 at 11:36 +0530, Arjit Gupta via samba wrote: > Hi Team, > > Please let me know the severity of CVE-2017-2619 and CVE-2017-7494. They are not unpublished: https://www.samba.org/samba/security/CVE-2017-2619.html https://www.samba.org/samba/security/CVE-2017-7494.html For this second bug, I did some work on CVSS scores: I've had a go at a CVSSv3 score for the

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1692 The NIST advisory says that all versions of OpenSSH potentially contain the flaw. ?But is that really true? ?For example, I looked at the 3.8.1p1 distribution and didn't find any reference to JPAKE at all. Thanks.

Hi All, Actually I am working with the OpenSSH version 6.2p which is vulnerable to above mentioned vulnerabilities. So am looking for some help how I can fix these vulnerabilities in my version. I need to fix it in the OpenSSH code. Regards Abhishek

Dear R-core, I just received notification of CVE-2024-27322 [1] in RedHat's Bugzilla. We updated R to v4.4.0 in Fedora rawhide, F40, EPEL9 and EPEL8, so no problem there. However, F38 and F39 will stay at v4.3.3, and I was wondering if there's a specific patch available, or if you could point me to the commits that fixed the issue, so that we can cherry-pick them for F38 and F39. Thanks.

svn diff -c 86235 ~/r-devel/R (or 86238 for the port to the release branch) should be easily backported. (CC Luke in case there is more to it) - pd > On 30 Apr 2024, at 11:28 , I?aki Ucar <iucar at fedoraproject.org> wrote: > > Dear R-core, > > I just received notification of CVE-2024-27322 [1] in RedHat's Bugzilla. We > updated R to v4.4.0 in Fedora rawhide, F40,

On 30 April 2024 at 11:59, peter dalgaard wrote: | svn diff -c 86235 ~/r-devel/R Which is also available as https://github.com/r-devel/r-svn/commit/f7c46500f455eb4edfc3656c3fa20af61b16abb7 Dirk | (or 86238 for the port to the release branch) should be easily backported. | | (CC Luke in case there is more to it) | | - pd | | > On 30 Apr 2024, at 11:28 , I?aki Ucar <iucar at

Many thanks both. I'll wait for Luke's confirmation to trigger the update with the backported fix. I?aki On Tue, 30 Apr 2024 at 12:42, Dirk Eddelbuettel <edd at debian.org> wrote: > > On 30 April 2024 at 11:59, peter dalgaard wrote: > | svn diff -c 86235 ~/r-devel/R > > Which is also available as > >

Hi, I have the SSH Terrapin Prefix Truncation Weakness on Red Hat Enterprise Linux release 8.7 (Ootpa). The details are as follows. # rpm -qa | grep openssh openssh-8.0p1-16.el8.x86_64 openssh-askpass-8.0p1-16.el8.x86_64 openssh-server-8.0p1-16.el8.x86_64 openssh-clients-8.0p1-16.el8.x86_64 # cat /etc/redhat-release Red Hat Enterprise Linux release 8.7 (Ootpa) # SSH Terrapin Prefix Truncation

You might find RedHat's CVE page on this useful: https://access.redhat.com/security/cve/cve-2023-48795 On Tue, Jan 23, 2024 at 10:04?AM Kaushal Shriyan <kaushalshriyan at gmail.com> wrote: > Hi, > > I have the SSH Terrapin Prefix Truncation Weakness on Red Hat Enterprise > Linux release 8.7 (Ootpa). The details are as follows. > > # rpm -qa | grep openssh >

Open-Xchange Security Advisory 2019-12-13 ? Product: Dovecot IMAP/POP3 Server Vendor: OX Software GmbH ? Internal reference: DOV-3719 Vulnerability type: NULL Pointer Dereference (CWE-476) Vulnerable version: 2.3.9 Vulnerable component: push notification driver Report confidence: Confirmed Solution status: Fixed by Vendor Fixed version: 2.3.9.1 Researcher credits: Frederik Schwan, Michael

Open-Xchange Security Advisory 2019-12-13 ? Product: Dovecot IMAP/POP3 Server Vendor: OX Software GmbH ? Internal reference: DOV-3719 Vulnerability type: NULL Pointer Dereference (CWE-476) Vulnerable version: 2.3.9 Vulnerable component: push notification driver Report confidence: Confirmed Solution status: Fixed by Vendor Fixed version: 2.3.9.1 Researcher credits: Frederik Schwan, Michael

Hi I am wondering if this has made it into any updates? http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4645 thanks

All, There seems to be a hullaboo about a vulnerability in R when deserializing untrusted data: https://hiddenlayer.com/research/r-bitrary-code-execution https://nvd.nist.gov/vuln/detail/CVE-2024-27322 https://www.kb.cert.org/vuls/id/238194 Apparently a fix was made for R 4.4.0, but I see no mention of it in the changes report: https://cloud.r-project.org/bin/windows/base/NEWS.R-4.4.0.html

I have created a routed virtual network. From within the routed net, DNS requests to the dnsmasq interface virbr2 work fine. On the libvirt host, DNS requests to the dnsmasq interface virbr2 work fine. I would like to allow external hosts, on the same network as the libvirt host, to query the dnsmasq interface. However external DNS queries to the virbr2 interface time out. The iptables firewall

hi all, i haven't seen any discussion here of this issue, nor do i see any obviously related (open) bugs in bugzilla. It's not clear to me from the CVE how important this issue is or isn't, but i'm a bit concerned. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4091 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4091 thanks as always to wayne & the other contributors

I reboot when I yum update to a new kernel or systemd, which seems to come out about once a month. Should I do it for this week's glibc? Is that "core" enough to justify a reboot or should I wait for the next kernel update? I know the glibc update was mainly to handle the new Japanese calendar, so that shouldn't affect my usage. So my question is more about how shared

On 10/30/20 4:51 PM, Pawel Winogrodzki wrote: > Hello, > > We are currently trying to apply a patch to our 8.0p1 version of OpenSSH for CVE-2020-14145<https://nvd.nist.gov/vuln/detail/CVE-2020-14145>. The "patch" tag from NIST's web page links to the 8.3p1 vs 8.4p1 comparison<https://github.com/openssh/openssh-portable/compare/V_8_3_P1...V_8_4_P1> on GitHub. Is

Hi, I was using CentOS 7 and when I ran some custom commercial security scan on my machine, I found about 122 vulnerabilities. Can you help me on how to get security upgrades on top of my existing CentOS? # cat /etc/redhat-release CentOS Linux release 7.1.1503 (Core) Thanks for the help. -- Thanks & Regards, Venkateswara Rao Dokku.

We are sorry to report that we have a bug in dovecot, which merits a CVE. See details below. If you haven't configured any auth_policy_* settings you are ok. This is fixed with https://git.dovecot.net/dovecot/core/commit/c3d3faa4f72a676e183f34be960cff13a5a725ae and https://git.dovecot.net/dovecot/core/commit/99abb1302ae693ccdfe0d57351fd42c67a8612fc Important vulnerability in Dovecot