New Alerts for curl, NetApp, and Linux.

curl 

When curl does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a MitM attack to go unnoticed and allows it to inject data to the client.
More info.

curl supports "chained" HTTP compression algorithms, with an unbounded number of acceptable "links" in this "decompression chain", allowing a malicious server to insert a virtually unlimited number of compression steps, resulting in an out of memory DoS.
More info.

A malicious server can serve excessive amounts of Set-Cookies headers in a HTTP response to curl and curl stores all of them, resulting in a DoS.
More info.

NetApp 

NetApp has published 8 new bulletins identifying vulnerabilities in third-party software included in their products. No patches yet.
More info.

Linux 

SUSE has updated the kernel. More info.
OpenSUSE has updated the kernel and other kernel modules. More info.
Ubuntu has updated the kernel. More info.

Security Wizardry Cyber Threat Intelligence - The Radar Page


https://radar.securitywizardry.com/

Security Wizardry Cyber Threat Intelligence - The Mobile Radar Page

A mobile version of our Security Wizardry Radar Page, providing vulnerability details and visibility for a variety of software and industries.
https://www.securitywizardry.com/mobile-radar.htm

SecurityWizardry.com - Vulnerability Details

Security Wizardry Radar Page provides vulnerability details and visibility for a variety of software and industries.
https://www.securitywizardry.com/index.php/the-radar-page/alert-details#alerts