Several vulnerabilites are fixed in Asterisk, an Open Source PBX and telephony toolkit. CVE-2019-13161 Continue Reading — Debian LTS: DLA-2017-1: asterisk security update>
Unix, Linux, DevOps , Cloud computing and BigData Knowledge-Base
The updated packages fix a security vulnerability: file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used. (CVE-201… Continue Reading — Mageia 2019-0352: glib2.0 security update>
Updated httpie packages fix security vulnerability: HTTPie is vulnerable to Open Redirect that allows an attacker to write an arbitrary file with supplied filename and content to the current directory, by redirecting a request from HTTP to a crafted U… Continue Reading — Mageia 2019-0351:...
Updated python-sqlalchemy packages fix security vulnerabilities: SQL Injection via the order_by parameter (CVE-2019-7164). SQL Injection via the group_by parameter (CVE-2019-7548). Continue Reading — Mageia 2019-0350: python-sqlalchemy security update>
Updated glibc packages fixes the following security issue: On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, al… Continue Reading — Mageia 2019-0349: glibc security update>