CVE-2020-23621

Read Time:12 Second

The Java Remote Management Interface of all versions of SVI MS Management System was discovered to contain a vulnerability due to insecure deserialization of user-supplied content, which can allow attackers to execute arbitrary code via a crafted serialized Java object.

Read More

CVE-2020-23620

Read Time:12 Second

The Java Remote Management Interface of all versions of Orlansoft ERP was discovered to contain a vulnerability due to insecure deserialization of user-supplied content, which can allow attackers to execute arbitrary code via a crafted serialized Java object.

Read More

CVE-2020-23618

Read Time:9 Second

A reflected cross site scripting (XSS) vulnerability in Xtend Voice Logger 1.0 allows attackers to execute arbitrary web scripts or HTML, via the path of the error page.

Read More

CVE-2020-23617

Read Time:9 Second

A cross site scripting (XSS) vulnerability in the error page of Totolink N200RE and N100RE Routers 2.0 allows attackers to execute arbitrary web scripts or HTML via SCRIPT element.

Read More

libopenmpt-0.6.3-1.el7

Read Time:1 Minute, 5 Second

FEDORA-EPEL-2022-4b9c772ddc

Packages in this update:

libopenmpt-0.6.3-1.el7

Update description:

libopenmpt 0.6.3 (2022-04-24)

Pitch / Pan Separation and Random Variation instrument properties were not resetting properly when seeking, potentially causing instruments to be played e.g. at a vastly different pan position compared to playing the module continuously.
MED: Stereo samples were not imported correctly.
zlib: Update to v1.2.12 (2022-03-27).

libopenmpt 0.6.2 (2022-03-13)

[Sec] Possible out-of-bounds write in malformed IT / XM / MPTM files using the internal LFO plugin. (r17076)
[Sec] Possible out-of-bounds read when using Amiga BLEP interpolation with extremely high-pitched notes. (r17078, r17079)
ISO-8859-1-related charsets from Amiga OS and RISC OS are now handled more accurately, thus avoiding some unwanted control characters.
MO3: Pattern indices 254 / 255 were not treated as playable patterns even if the original file was a MOD / XM.
Correctly apply ST3-style effect memory when seeking in S3M files.
Command S (S3M / IT style) effect memory was not applied when seeking.
Initial channel mute status was not reported correctly in get_channel_mute_status since libopenmpt 0.6.0.
FLAC: Update to v1.3.4 (2022-02-21).
pugixml: Update to v1.12.1 (2022-02-16).

Read More

libopenmpt-0.6.3-1.el9

Read Time:1 Minute, 5 Second

FEDORA-EPEL-2022-5d0edca089

Packages in this update:

libopenmpt-0.6.3-1.el9

Update description:

libopenmpt 0.6.3 (2022-04-24)

Pitch / Pan Separation and Random Variation instrument properties were not resetting properly when seeking, potentially causing instruments to be played e.g. at a vastly different pan position compared to playing the module continuously.
MED: Stereo samples were not imported correctly.
zlib: Update to v1.2.12 (2022-03-27).

libopenmpt 0.6.2 (2022-03-13)

[Sec] Possible out-of-bounds write in malformed IT / XM / MPTM files using the internal LFO plugin. (r17076)
[Sec] Possible out-of-bounds read when using Amiga BLEP interpolation with extremely high-pitched notes. (r17078, r17079)
ISO-8859-1-related charsets from Amiga OS and RISC OS are now handled more accurately, thus avoiding some unwanted control characters.
MO3: Pattern indices 254 / 255 were not treated as playable patterns even if the original file was a MOD / XM.
Correctly apply ST3-style effect memory when seeking in S3M files.
Command S (S3M / IT style) effect memory was not applied when seeking.
Initial channel mute status was not reported correctly in get_channel_mute_status since libopenmpt 0.6.0.
FLAC: Update to v1.3.4 (2022-02-21).
pugixml: Update to v1.12.1 (2022-02-16).

Read More

libopenmpt-0.6.3-1.el8

Read Time:1 Minute, 5 Second

FEDORA-EPEL-2022-1709e5c07f

Packages in this update:

libopenmpt-0.6.3-1.el8

Update description:

libopenmpt 0.6.3 (2022-04-24)

Pitch / Pan Separation and Random Variation instrument properties were not resetting properly when seeking, potentially causing instruments to be played e.g. at a vastly different pan position compared to playing the module continuously.
MED: Stereo samples were not imported correctly.
zlib: Update to v1.2.12 (2022-03-27).

libopenmpt 0.6.2 (2022-03-13)

[Sec] Possible out-of-bounds write in malformed IT / XM / MPTM files using the internal LFO plugin. (r17076)
[Sec] Possible out-of-bounds read when using Amiga BLEP interpolation with extremely high-pitched notes. (r17078, r17079)
ISO-8859-1-related charsets from Amiga OS and RISC OS are now handled more accurately, thus avoiding some unwanted control characters.
MO3: Pattern indices 254 / 255 were not treated as playable patterns even if the original file was a MOD / XM.
Correctly apply ST3-style effect memory when seeking in S3M files.
Command S (S3M / IT style) effect memory was not applied when seeking.
Initial channel mute status was not reported correctly in get_channel_mute_status since libopenmpt 0.6.0.
FLAC: Update to v1.3.4 (2022-02-21).
pugixml: Update to v1.12.1 (2022-02-16).

Read More

Russia to Rent Tech-Savvy Prisoners to Corporate IT?

Read Time:3 Minute, 41 Second

Image: Proxima Studios, via Shutterstock.

Faced with a brain drain of smart people fleeing the country following its invasion of Ukraine, the Russian Federation is floating a new strategy to address a worsening shortage of qualified information technology experts: Forcing tech-savvy people within the nation’s prison population to perform low-cost IT work for domestic companies.

Multiple Russian news outlets published stories on April 27 saying the Russian Federal Penitentiary Service had announced a plan to recruit IT specialists from Russian prisons to work remotely for domestic commercial companies.

Russians sentenced to forced labor will serve out their time at one of many correctional centers across dozens of Russian regions, usually at the center that is closest to their hometown. Alexander Khabarov, deputy head of Russia’s penitentiary service, said his agency had received proposals from businessmen in different regions to involve IT specialists serving sentences in correctional centers to work remotely for commercial companies.

Khabarov told Russian media outlets that under the proposal people with IT skills at these facilities would labor only in IT-related roles, but would not be limited to working with companies in their own region.

“We are approached with this initiative in a number of territories, in a number of subjects by entrepreneurs who work in this area,” Khabarov told Russian state media organization TASS. “We are only at the initial stage. If this is in demand, and this is most likely in demand, we think that we will not force specialists in this field to work in some other industries.”

According to Russian media site Lenta.ru, since March 21 nearly 95,000 vacancies in IT have remained unfilled in Russia. Lenta says the number unfilled job slots actually shrank 25 percent from the previous month, officially because “many Russian companies are currently reviewing their plans and budgets, and some projects have been postponed.” The story fails to even mention the recent economic sanctions that are currently affecting many Russian companies thanks to Russia’s invasion of Ukraine in late February.

The Russian Association for Electronic Communications (RAEC) estimated recently that between 70,000 and 100,000 people will leave Russia as part of the second wave of emigration of IT specialists from Russia. “The study also notes that the number of IT people who want to leave Russia is growing. Experts consider the USA, Germany, Georgia, Cyprus and Canada to be the most attractive countries for moving,” Lenta reported of the RAEC survey.

It’s not clear how many “IT specialists” are currently serving prison time in Russia, or precisely what that might mean in terms of an inmate’s IT skills and knowledge. According to the BCC, about half of the world’s prison population is held in the United States, Russia or China. The BCC says Russia currently houses nearly 875,000 inmates, or about 615 inmates for every 100,000 citizens. The United States has an even higher incarceration rate (737/100,000), but also a far larger total prison population of nearly 2.2 million.

Sergei Boyarsky, deputy chairman of the Russian Duma’s Committee on Information Policy, said the idea was worth pursuing if indeed there are a significant number of IT specialists who are already incarcerated in Russia.

“I know that we have a need in general for IT specialists, this is a growing market,” said Boyarsky, who was among the Russian leaders sanctioned by the United States Treasury on Marc. 24, 2022 in response to the Russian invasion of Ukraine. Boyarsky is head of the St. Petersburg branch of United Russia, a strongly pro-Putin political party that holds more than 70 percent of the seats in the Russian State Duma.

“Since they still work there, it would probably be right to give people with a profession that allows them to work remotely not to lose their qualifications,” Boyarsky was quoted as saying of potentially qualified inmates. “At a minimum, this proposal is worth attention and discussion if there are a lot of such specialists.”

According to Russia’s penitentiary service, the average salary of those sentenced to forced labor is about 20,000 rubles per month, or approximately USD $281. Russian news outlet RBC reports that businesses started using prison labor after the possibility of creating correctional centers in organizations appeared in 2020. RBC notes that Russia now has 117 such centers across 76 Russian regions.

Read More