Read Time:7 Second
FEDORA-2022-f44dd1bec2
Packages in this update:
python3.10-3.10.8-2.fc35
Update description:
Security fix for CVE-2022-42919
Monthly Archives: November 2022
Smashing Security podcast #297: Mastodon 101, and the Hushpuppi saga
Read Time:16 Second
Graham offers some security and privacy advice for those exodusing Twitter to Mastodon, and Carole slams the door shut on a notorious scammer with a huge Instagram following.
All this and more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault.
DSA-5275 chromium – security update
Read Time:7 Second
Multiple security issues were discovered in Chromium, which could result
in the execution of arbitrary code, denial of service or information
disclosure.
GLSA 202211-02: lesspipe: Arbitrary Code Exeecution
Okta streamlines IAM portfolio with consumer identity management cloud
Read Time:35 Second
Potential access management customers got a new option from Okta Wednesday, as the identity and access management (IAM) provider announced a newly streamlined Consumer Identity Cloud system designed to simplify the deployment and use of its various products.
Okta said that the new cloud program is split into two main components—those aimed at providing identity validation services for consumers, and those aimed at enterprise customers. The former is focused on providing high-security options for online transactions, support for passkeys (instead of passwords, which are thought to be less secure), and providing an all-in-one security center monitoring system for quick response to suspicious activity.
CVE-2021-26393
Read Time:14 Second
Insufficient memory cleanup in the AMD Secure Processor (ASP) Trusted Execution Environment (TEE) may allow an authenticated attacker with privileges to generate a valid signed TA and potentially poison the contents of the process memory with attacker controlled data resulting in a loss of confidentiality.
CVE-2021-26392
Read Time:11 Second
Insufficient verification of missing size check in ‘LoadModule’ may lead to an out-of-bounds write potentially allowing an attacker with privileges to gain code execution of the OS/kernel by loading a malicious TA.
CVE-2021-26391
Read Time:9 Second
Insufficient verification of multiple header signatures while loading a Trusted Application (TA) may allow an attacker with privileges to gain code execution in that TA or the OS/kernel.
CVE-2021-26360
Read Time:13 Second
An attacker with local access to the system can make unauthorized modifications of the security configuration of the SOC registers. This could allow potential corruption of AMD secure processor’s encrypted memory contents which may lead to arbitrary code execution in ASP.
CVE-2020-12931
Read Time:8 Second
Improper parameters handling in the AMD Secure Processor (ASP) kernel may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity.