Blog

Security Advisory Description Crypto++ through 8.4 contains a timing side channel in ECDSA signature generation. Function FixedSizeAllocatorWithCleanup could write to memory outside of the ... More info: https://my.f5.com/manage/s/article/K000137107?utm_source=f5support&utm_medium=RSS

Security Advisory Description CVE-2018-7167 Calling Buffer.fill() or Buffer.alloc() with some parameters can lead to a hang which could result in a Denial of Service. In order to address this ... More info: https://my.f5.com/manage/s/article/K000137093?utm_source=f5support&utm_medium=RSS

Publication Date: 2023/10/02 02:00 PM EDT AWS is aware of CVE-2023-43654 and CVE-2022-1471 in PyTorch TorchServe versions 0.3.0 to 0.8.1, which use a version of the SnakeYAML v1.31 open source library. TorchServe version 0.8.2 resolves these issues. AWS recommends customers using PyTorch inference Deep Learning Containers (DLC) 1.13.1, 2.0.0, or 2.0.1 in EC2, EKS, or ECS released prior to September 11, 2023, update to TorchServe version 0.8.2. Customers using PyTorch inference Deep Learning More info: https://aws.amazon.com/security/security-bulletins/AWS-2023-009/

Security Advisory Description CVE-2023-32002 The use of `Module._load()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This ... More info: https://my.f5.com/manage/s/article/K000135997?utm_source=f5support&utm_medium=RSS

Security Advisory Description CVE-2018-12121 Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with large HTTP headers: By using a combination of many ... More info: https://my.f5.com/manage/s/article/K000137090?utm_source=f5support&utm_medium=RSS

Publication Date: 2023/10/02 02:00 PM EDT AWS is aware of CVE-2023-43654 in PyTorch TorchServe versions 0.3.0 to 0.8.1, which use a version of the SnakeYAML v1.31 open source library. TorchServe version 0.8.2 resolves these issues. AWS recommends customers using PyTorch inference Deep Learning Containers (DLC) 1.13.1, 2.0.0, or 2.0.1 in EC2, EKS, or ECS released prior to September 11, 2023, update to TorchServe version 0.8.2. Customers using PyTorch inference Deep Learning Containers (DLC) More info: https://aws.amazon.com/security/security-bulletins/AWS-2023-009/

Security Advisory Description A flaw was found in the Linux kernel Traffic Control (TC) subsystem. Using a specific networking configuration (redirecting egress packets to ingress using TC action ... More info: https://my.f5.com/manage/s/article/K000137058?utm_source=f5support&utm_medium=RSS

Security Advisory Description CVE-2023-4863 Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory ... More info: https://my.f5.com/manage/s/article/K000137054?utm_source=f5support&utm_medium=RSS

Security Advisory Description In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to ... More info: https://my.f5.com/manage/s/article/K34125394?utm_source=f5support&utm_medium=RSS

The GPG key used to sign the Firefox release manifests is expiring soon, and so we’re going to be switching over to new key shortly. The new GPG fingerprint is … Read moreThe post Updated GPG key for signing Firefox Releases appeared first on Mozilla Security Blog. More info: https://blog.mozilla.org/security/2023/05/11/updated-gpg-key-for-signing-firefox-releases/