Displaying 20 results from an estimated 2000 matches similar to: "De-serialization vulnerability?"
2024 Jun 26
2
Regarding the Security Vulnerability CVE 2024 - 27322
Dear Aishwarya Priyadarshini,
Welcome to R-help! Most people here aren't affiliated with R Foundation.
? Wed, 26 Jun 2024 17:03:37 +0000
"Priya, Aishwarya via R-help" <r-help at r-project.org> ?????:
> I am reaching out to seek your guidance on addressing the security
> vulnerability CVE-2024-27322.
> To address this issue effectively, it appears that we need to
2024 Jun 26
1
Regarding the Security Vulnerability CVE 2024 - 27322
Dear R Foundation Team,
I hope this message finds you well.
I am reaching out to seek your guidance on addressing the security vulnerability CVE-2024-27322. As I understand, a security fix for this vulnerability has been available starting from v4.4.0. This issue affects all versions from 1.4.0 to 4.3.3.
During our testing phase, we encountered a challenge while attempting to upgrade to the
2024 Jun 27
1
Regarding the Security Vulnerability CVE 2024 - 27322
Hi Ivan and R - Help Team,
Thank you for your prompt response and the helpful information.
I have another query: Is there a way to patch or upgrade the existing installation to version 4.4.0, rather than having to uninstall the older version and then install the latest one? A direct upgrade or patch would greatly simplify the process and reduce downtime.
Your guidance on this matter would be
2024 Apr 30
1
Patches for CVE-2024-27322
Dear R-core,
I just received notification of CVE-2024-27322 [1] in RedHat's Bugzilla. We
updated R to v4.4.0 in Fedora rawhide, F40, EPEL9 and EPEL8, so no problem
there. However, F38 and F39 will stay at v4.3.3, and I was wondering if
there's a specific patch available, or if you could point me to the commits
that fixed the issue, so that we can cherry-pick them for F38 and F39.
Thanks.
2024 Apr 30
1
Patches for CVE-2024-27322
svn diff -c 86235 ~/r-devel/R
(or 86238 for the port to the release branch) should be easily backported.
(CC Luke in case there is more to it)
- pd
> On 30 Apr 2024, at 11:28 , I?aki Ucar <iucar at fedoraproject.org> wrote:
>
> Dear R-core,
>
> I just received notification of CVE-2024-27322 [1] in RedHat's Bugzilla. We
> updated R to v4.4.0 in Fedora rawhide, F40,
2024 Apr 30
1
Patches for CVE-2024-27322
On 30 April 2024 at 11:59, peter dalgaard wrote:
| svn diff -c 86235 ~/r-devel/R
Which is also available as
https://github.com/r-devel/r-svn/commit/f7c46500f455eb4edfc3656c3fa20af61b16abb7
Dirk
| (or 86238 for the port to the release branch) should be easily backported.
|
| (CC Luke in case there is more to it)
|
| - pd
|
| > On 30 Apr 2024, at 11:28 , I?aki Ucar <iucar at
2024 Apr 30
1
Patches for CVE-2024-27322
Many thanks both. I'll wait for Luke's confirmation to trigger the update
with the backported fix.
I?aki
On Tue, 30 Apr 2024 at 12:42, Dirk Eddelbuettel <edd at debian.org> wrote:
>
> On 30 April 2024 at 11:59, peter dalgaard wrote:
> | svn diff -c 86235 ~/r-devel/R
>
> Which is also available as
>
>
2024 May 13
1
[External] R hang/bug with circular references and promises
On Mon, 13 May 2024 09:54:27 -0500 (CDT)
luke-tierney--- via R-devel <r-devel at r-project.org> wrote:
> Looks like I added that warning 22 years ago, so that should be enough
> notice :-). I'll look into removing it now.
Dear Luke,
I've got a somewhat niche use case: as a way of protecting myself
against rogue *.rds files and vulnerabilities in the C code, I've been
2024 May 13
1
[External] R hang/bug with circular references and promises
On Sat, 11 May 2024, Peter Langfelder wrote:
> On Sat, May 11, 2024 at 9:34?AM luke-tierney--- via R-devel
> <r-devel at r-project.org> wrote:
>>
>> On Sat, 11 May 2024, Travers Ching wrote:
>>
>>> The following code snippet causes R to hang. This example might be a
>>> bit contrived as I was experimenting and trying to understand
>>>
2014 Nov 14
6
[Bug 10936] New: Rsync path hijacking attack vulnerability
https://bugzilla.samba.org/show_bug.cgi?id=10936
Bug ID: 10936
Summary: Rsync path hijacking attack vulnerability
Product: rsync
Version: 3.1.1
Hardware: All
OS: All
Status: NEW
Severity: critical
Priority: P5
Component: core
Assignee: wayned at samba.org
2013 Nov 06
0
CESA-2013:X012 Xen4CentOS Medium kernel Security Update
CentOS Errata and Security Advisory 2013:X012 (Xen4CentOS)
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
-----------------------------
X86_64
-----------------------------
2eb1022ec7ec2d508248c9c152e253aa72acfa08a155701d2791b1458766590a e1000e-2.5.4-3.4.68.2.el6.centos.alt.x86_64.rpm
2013 Nov 07
0
CentOS-announce Digest, Vol 105, Issue 5
Send CentOS-announce mailing list submissions to
centos-announce at centos.org
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.centos.org/mailman/listinfo/centos-announce
or, via email, send a message with subject or body 'help' to
centos-announce-request at centos.org
You can reach the person managing the list at
centos-announce-owner at centos.org
When
2014 Oct 01
0
CESA-2014:X011 Moderate kernel Xen4CentOS Security Update
CentOS Errata and Security Advisory 2014:X011 (Xen4CentOS)
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
-----------------------------
X86_64
-----------------------------
0ca23e081ddc488aa22b357fd2ad46b26526424f4613f5af7254bcbdcbcf1474 e1000e-2.5.4-3.10.55.2.el6.centos.alt.x86_64.rpm
2014 Jun 16
0
CESA-2014:X009 Important: Xen4CentOS kernel Security Update
CentOS Errata and Security Advisory 2014:X009 (Xen4CentOS)
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
-----------------------------
X86_64
-----------------------------
b46a8cc4391424f463aec8e81e716152357426ae3601857b2661bc5a1257f9b3 e1000e-2.5.4-3.10.43.2.el6.centos.alt.x86_64.rpm
2017 May 26
2
Severity of unpublished CVE-2017-2619 and CVE-2017-7494
Hi Team,
Please let me know the severity of CVE-2017-2619 and CVE-2017-7494.
Arjit Kumar
2017 May 26
2
Severity of unpublished CVE-2017-2619 and CVE-2017-7494
Thanks for the analysis of second bug.
Please also share CVSSv3 score for first bug.
Arjit Kumar
On Fri, May 26, 2017 at 12:29 PM, Andrew Bartlett <abartlet at samba.org>
wrote:
> On Fri, 2017-05-26 at 11:36 +0530, Arjit Gupta via samba wrote:
> > Hi Team,
> >
> > Please let me know the severity of CVE-2017-2619 and CVE-2017-7494.
>
> They are not unpublished:
2016 Jun 24
1
UDP Constant IP Identification Field Fingerprinting Vulnerability
We received a notice from our pci-dss auditors respecting this:
CVE-2002-0510 The UDP implementation in Linux 2.4.x kernels keeps the
IP Identification field at 0 for all non-fragmented packets, which
could allow remote attackers to determine that a target system is
running Linux.
The NVD entry for which contains this note:
CHANGE> [Cox changed vote from REVIEWING to NOOP]
Cox> So I
2014 Jan 30
2
CVE-2014-1692
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1692
The NIST advisory says that all versions of OpenSSH potentially contain the flaw. ?But is that really true? ?For example, I looked at the 3.8.1p1 distribution and didn't find any reference to JPAKE at all.
Thanks.
2013 Dec 28
0
CESA-2013:X018 Important Xen4CentOS kernel Security Update
CentOS Errata and Security Advisory 2013:X018 (Xen4CentOS)
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
-----------------------------
X86_64
-----------------------------
2ac8f3b6799eac04c6fc5fe054a68d00bdf914f173087a7802c9bce8b4366e48 e1000e-2.5.4-3.10.25.2.el6.centos.alt.x86_64.rpm
2017 May 26
0
Severity of unpublished CVE-2017-2619 and CVE-2017-7494
On Fri, 2017-05-26 at 11:36 +0530, Arjit Gupta via samba wrote:
> Hi Team,
>
> Please let me know the severity of CVE-2017-2619 and CVE-2017-7494.
They are not unpublished:
https://www.samba.org/samba/security/CVE-2017-2619.html
https://www.samba.org/samba/security/CVE-2017-7494.html
For this second bug, I did some work on CVSS scores:
I've had a go at a CVSSv3 score for the