Security Advisory

Overview An update has been made available to fix vulnerabilities in BuildKit. Users of affected versions are advised to update to the latest version.  Affected Products All versions of BuildKit 0.12.4 and earlier   Resolved Vulnerabilities A race condition vulnerability due to a time-of-check/time-of-use (TOCTOU) issue while mounting cache volumes

Overview An update has been made available to fix vulnerabilities in Mastodon. Users of affected versions are advised to update to the latest version.  Affected Products Mastodon 3.all versions prior to 5.17 4.0.x versions prior to 4.0.13 4.any 1.x version prior to 4.1.13 4.any 2.x version prior to 4.2.5  

Overview An update has been made available to fix vulnerabilities in iVanti’s products. Users of affected versions are advised to update to the latest version.  Affected Products CVE-2024-21888, CVE-2024-21893 Ivanti Connect Secure 9.x, 22.x versions Ivanti Policy Secure 9.x, 22.x versions   Resolved Vulnerabilities Privilege escalation vulnerability in Ivanti Connect

Overview An update has been made available to fix vulnerabilities in BuildKit. Users of affected versions are advised to update to the latest version.  Affected Products All versions of BuildKit 0.12.4 and earlier   Resolved Vulnerabilities Out-of-container file removal vulnerability in the BuildKit frontend (CVE-2024-23652)Improper authorization validation vulnerability in BuildKit’s

Overview An update has been made available to fix vulnerabilities in the GNU glibc library. Users of affected versions are advised to update to the latest version.  Affected Products Versions of the GNU glibc library from 2.36 to less than 2.39   Resolved Vulnerabilities Heap buffer overflow vulnerability in the

Overview An update has been made available to fix vulnerabilities in the Runc package. Users of affected versions are advised to update to the latest version.  Affected Products All versions of Runc 1.1.11 and earlier   Resolved Vulnerabilities Container escape vulnerability due to file descriptor leak in the runc package

Overview An update has been made available to fix vulnerabilities in FFmpeg(https://ffmpeg.org/). Users of affected versions are advised to update to the latest version.   Affected Products All versions of FFmpeg below n6.1   Resolved Vulnerabilities CVE-2024-22860, CVE-2024-22861, CVE-2024-22862 Integer overflow vulnerability in FFmpeg   Vulnerability Patches Vulnerability patches were

Overview An update has been made available to fix vulnerabilities in ModSecurity / libModSecurity. Users of affected versions are advised to update to the latest version.  Affected Products ModSecurity / libModSecurity v3.0.0 through v3.0.11 and earlier   Resolved Vulnerabilities Web application firewall (WAF) bypass vulnerability due to a crafted request

Overview An update has been made available to fix vulnerabilities in Cisco Unified Communications products. Users of affected versions are advised to update to the latest version.   Affected Products Unified CM, Unified CM SME, Cisco Unified CM IM&P, Cisco Unity Connection 11.5(1) version 12.version 5(1) version 14   Cisco

Overview An update has been made available to fix vulnerabilities in the Better Search Replace plugin in WordPress. Users of affected versions are advised to update to the latest version.   Affected Products Versions of the Better Search Replace pluginin WordPress 1.4.4 and earlier   Resolved Vulnerabilities Unauthenticated PHP object