Read Time:7 Second
Multiple security issues were discovered in Chromium, which could result
in the execution of arbitrary code, denial of service or information
disclosure.
Monthly Archives: October 2022
pypy3.9-7.3.9-4.3.9.fc38
Read Time:17 Second
FEDORA-2022-7936d4cf83
Packages in this update:
pypy3.9-7.3.9-4.3.9.fc38
Update description:
Automatic update for pypy3.9-7.3.9-4.3.9.fc38.
Changelog
* Mon Oct 10 2022 Lumír Balhar <lbalhar@redhat.com> – 7.3.9-4.3.9
– Backport fix for CVE-2021-28861
Resolves: rhbz#2120789
pypy3.8-7.3.9-5.3.8.fc37
Read Time:7 Second
FEDORA-2022-20116fb6aa
Packages in this update:
pypy3.8-7.3.9-5.3.8.fc37
Update description:
Backport fix for CVE-2021-28861
pypy3.8-7.3.9-5.3.8.fc38
Read Time:17 Second
FEDORA-2022-8072014f7b
Packages in this update:
pypy3.8-7.3.9-5.3.8.fc38
Update description:
Automatic update for pypy3.8-7.3.9-5.3.8.fc38.
Changelog
* Mon Oct 10 2022 Lumír Balhar <lbalhar@redhat.com> – 7.3.9-5.3.8
– Backport fix for CVE-2021-28861
Resolves: rhbz#2120788
Smashing Security podcast #293: Massive crypto bungle, and the slave scammers
Read Time:14 Second
A couple unexpectedly find $10.5 million in their cryptocurrency account, and in Cambodia people are being forced to commit scams.
All this and more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault.
Malwarebytes pairs new MDR, EDR for overwhelmed cybersecurity teams
Read Time:24 Second
Addressing the shortage of skilled cybersecurity professionals, Malwarebytes on Wednesday launched Malwarebytes MDR (managed detection and response), pairing EDR (end point detection and response) technology with a dedicated team of security analysts, providing both automated and human lines of defense.
In doing so, the company says, the new MDR service helps reduce the need for security teams to dedicate a large staff to prioritize, triage and respond to threats.
CVE-2021-36369
Read Time:22 Second
An issue was discovered in Dropbear through 2020.81. Due to a non-RFC-compliant check of the available authentication methods in the client-side SSH code, it is possible for an SSH server to change the login process in its favor. This attack can bypass additional security measures such as FIDO2 tokens or SSH-Askpass. Thus, it allows an attacker to abuse a forwarded agent for logging on to another server unnoticed.
CVE-2018-18447
Read Time:5 Second
dotPDN Paint.NET before 4.1.2 allows Deserialization of Untrusted Data (issue 2 of 2).
CVE-2018-18446
Read Time:5 Second
dotPDN Paint.NET before 4.1.2 allows Deserialization of Untrusted Data (issue 1 of 2).
kernel-5.19.15-100.fc35
Read Time:9 Second
FEDORA-2022-be69f646c9
Packages in this update:
kernel-5.19.15-100.fc35
Update description:
The 5.19.15 stable kernel update contains a number of important fixes across the tree.