Read Time:9 Second
FEDORA-2022-e699dd5247
Packages in this update:
python3.10-3.10.9-1.fc36
python3-docs-3.10.9-1.fc36
Update description:
Update to 3.10.9
Monthly Archives: December 2022
Cyber-criminals Scammed Each Other Out of Millions in 2022
python3.10-3.10.9-1.fc37
Read Time:6 Second
FEDORA-2022-b2f06fbb62
Packages in this update:
python3.10-3.10.9-1.fc37
Update description:
Update to 3.10.9
python3.9-3.9.16-1.fc35
Read Time:6 Second
FEDORA-2022-6f4e6120d7
Packages in this update:
python3.9-3.9.16-1.fc35
Update description:
Update to 3.9.16
python3.9-3.9.16-1.fc36
Read Time:6 Second
FEDORA-2022-fd3771db30
Packages in this update:
python3.9-3.9.16-1.fc36
Update description:
Update to 3.9.16
python3.9-3.9.16-1.fc37
Read Time:6 Second
FEDORA-2022-6b8b96f883
Packages in this update:
python3.9-3.9.16-1.fc37
Update description:
Update to 3.9.16
CVE-2022-23476 (nokogiri)
Read Time:33 Second
Nokogiri is an open source XML and HTML library for the Ruby programming language. Nokogiri `1.13.8` and `1.13.9` fail to check the return value from `xmlTextReaderExpand` in the method `Nokogiri::XML::Reader#attribute_hash`. This can lead to a null pointer exception when invalid markup is being parsed. For applications using `XML::Reader` to parse untrusted inputs, this may potentially be a vector for a denial of service attack. Users are advised to upgrade to Nokogiri `>= 1.13.10`. Users may be able to search their code for calls to either `XML::Reader#attributes` or `XML::Reader#attribute_hash` to determine if they are affected.
Smashing Security podcast #301: AI chatbot or the start of Skynet? Eufy privacy, and hot desks
Read Time:23 Second
An AI chatbot is causing a stir – both impressing and terrifying users in equal measure. A security researcher discovers that a “smart” cam that doesn’t use the internet is err.. using the internet. And university students revolt over under-the-belt surveillance.
All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Host Unknown’s Thom Langford.
USN-5766-1: Heimdal vulnerability
Read Time:8 Second
It was discovered that Heimdal did not properly manage memory when
normalizing Unicode. An attacker could possibly use this issue to
cause a denial of service.
CVE-2022-23471
Read Time:44 Second
containerd is an open source container runtime. A bug was found in containerd’s CRI implementation where a user can exhaust memory on the host. In the CRI stream server, a goroutine is launched to handle terminal resize events if a TTY is requested. If the user’s process fails to launch due to, for example, a faulty command, the goroutine will be stuck waiting to send without a receiver, resulting in a memory leak. Kubernetes and crictl can both be configured to use containerd’s CRI implementation and the stream server is used for handling container IO. This bug has been fixed in containerd 1.6.12 and 1.5.16. Users should update to these versions to resolve the issue. Users unable to upgrade should ensure that only trusted images and commands are used and that only trusted users have permissions to execute commands in running containers.