This week we discuss compiler warnings as build errors in the Linux kernel, plus we look at security updates for HAProxy, GNU cpio, PySAML2, mod-auth-mellon and more.
15 unique CVEs addressed
///- an attacker could craft a URL that specified a particular URL via the
ReturnToparameter and this would then automatically redirect the user to that crafted URL - so could be used for phishing attacks that look more trustworthy. ie. an attacker creates a phishing site that copies the victim site at their own domain. they then send an email to a user asking them to login and they specify a URL to the real victim site but with the
ReturnToparameter set to their own site - a user looking at this URL will see it specifies the real site so won’t be concerned - when they visit it they get automatically redirected to the victim site - so if they don’t then check the URL they will start logging into the fake phishing site and not the real one - fixed to just reject these URLs so they don’t get abused by the redirect process
COMPILE_TESTis enabled - this used as a flag to tell the kernel to compile everything even if it is not being used - and is then often used by CI systems / developers which explicitly want to compile everything who work on detecting new warnings