FEDORA-EPEL-2023-347df5dde7
Packages in this update:
netconsd-0.2-1.el8
Update description:
Update to 0.2 to address CVE-2023-28753; Fixes: RHBZ#2181655
netconsd-0.2-1.el8
Update to 0.2 to address CVE-2023-28753; Fixes: RHBZ#2181655
netconsd-0.2-1.el9
Update to 0.2 to address CVE-2023-28753; Fixes: RHBZ#2181655
netconsd-0.2-1.fc36
Update to 0.2 to address CVE-2023-28753; Fixes: RHBZ#2181655
netconsd-0.2-1.fc37
Update to 0.2 to address CVE-2023-28753; Fixes: RHBZ#2181655
netconsd-0.2-1.fc38
Update to 0.2 to address CVE-2023-28753; Fixes: RHBZ#2181655
This is fascinating:
“When a squid ends up chipping what’s called its ring tooth, which is the nail underneath its tentacle, it needs to regrow that tooth very rapidly, otherwise it can’t claw its prey,” he explains.
This was intriguing news and it sparked an idea in Hopkins lab where he’d been trying to figure out how to store and transmit heat.
“It diffuses in all directions. There’s no way to capture the heat and move it the way that you would electricity. It’s just not a fundamental law of physics.”
[…]
The tiny brown batteries he mentions are about the size of a chiclet, and Hopkins says it will take a decade or more to create larger batteries that could have commercial value.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Read my blog posting guidelines here.
A vulnerability was found in OpenShift Assisted Installer. During generation of the Discovery ISO, image pull secrets were leaked as plaintext in the installation logs. An authenticated user could exploit this by re-using the image pull secret to pull container images from the registry as the associated user.
A flaw was found in rizin. The create_section_from_phdr function allocates space for ELF section data by processing the headers. Crafted values in the headers can cause out of bounds reads, which can lead to memory corruption and possibly code execution through the binary object’s callback function.
My latest book continues to sell well. Its ranking hovers between 1,500 and 2,000 on Amazon. It’s been spied in airports.
Reviews are consistently good. I have been enjoying giving podcast interviews. It all feels pretty good right now.
You can order a signed book from me here.
For those of you in New York, I’m giving at book talk at the Ford Foundation on Thursday, April 6. Admission is free, but you have to register.
WooCommerce, a popular plug-in for running WordPress-based online stores, contains a critical vulnerability that could allow attackers to take over websites. Technical details about the vulnerability have not been published yet, but the WooCommerce team released updates and attackers could reverse-engineer the patch.
“Although what we know at this time is limited, what we do know is that the vulnerability allows for unauthenticated administrative takeover of websites,” researchers from web security firm Sucuri said in a blog post. “Website administrators using this plugin are advised to issue the patch as soon as possible and check for any suspicious activity within their WordPress websites such as any administrative actions performed from unrecognized IP addresses.”