Read Time:28 Second

FEDORA-EPEL-2023-5114b71516

Packages in this update:

rust-below-0.6.3-4.el9
rust-cargo-c-0.9.12-4.el9
rust-pore-0.1.8-3.el9

Update description:

Recent updates for the tokio, h2, and openssl crates addressed some (potential or confirmed) security or soundness issues:

tokio: RUSTSEC-2023-0005
h2: RUSTSEC-2023-0034 / CVE-2023-26964
openssl: RUSTSEC-2023-0022, RUSTSEC-2023-0023, RUSTSEC-2023-0024

This update contains rebuilds of all affected applications against the latest versions of these crates, which have addressed all linked issues.

Advisories

clevis-pin-tpm2-0.5.2-5.fc37 greetd-0.9.0-4.fc37 keyring-ima-signer-0.1.0-9.fc37 libkrun-1.5.0-2.fc37 mirrorlist-server-3.0.6-6.fc37 nispor-1.2.10-4.fc37 nmstate-2.2.10-5.fc37 rust-afterburn-5.4.0-3.fc37 rust-below-0.6.3-4.fc37 rust-bodhi-cli-2.1.0-2.fc37 rust-cargo-c-0.9.12-4.fc37 rust-coreos-installer-0.17.0-2.fc37 rust-fedora-update-feedback-2.1.2-2.fc37 rust-git-delta-0.13.0-5.fc37 rust-gst-plugin-reqwest-0.10.4-2.fc37 rust-pore-0.1.8-3.fc37 rust-rpm-sequoia-1.4.0-2.fc37 rust-sequoia-octopus-librnp-1.4.1-8.fc37 rust-sequoia-policy-config-0.6.0-3.fc37 rust-sequoia-sq-0.26.0-7.fc37 rust-sevctl-0.3.2-4.fc37 rust-tealdeer-1.6.1-2.fc37 rust-ybaas-0.0.10-7.fc37

May 4, 2023

Read Time:1 Minute, 13 Second

FEDORA-2023-37ae269843

Packages in this update:

clevis-pin-tpm2-0.5.2-5.fc37
greetd-0.9.0-4.fc37
keyring-ima-signer-0.1.0-9.fc37
libkrun-1.5.0-2.fc37
mirrorlist-server-3.0.6-6.fc37
nispor-1.2.10-4.fc37
nmstate-2.2.10-5.fc37
rust-afterburn-5.4.0-3.fc37
rust-below-0.6.3-4.fc37
rust-bodhi-cli-2.1.0-2.fc37
rust-cargo-c-0.9.12-4.fc37
rust-coreos-installer-0.17.0-2.fc37
rust-fedora-update-feedback-2.1.2-2.fc37
rust-git-delta-0.13.0-5.fc37
rust-gst-plugin-reqwest-0.10.4-2.fc37
rust-pore-0.1.8-3.fc37
rust-rpm-sequoia-1.4.0-2.fc37
rust-sequoia-octopus-librnp-1.4.1-8.fc37
rust-sequoia-policy-config-0.6.0-3.fc37
rust-sequoia-sq-0.26.0-7.fc37
rust-sevctl-0.3.2-4.fc37
rust-tealdeer-1.6.1-2.fc37
rust-ybaas-0.0.10-7.fc37

Update description:

Recent updates for the tokio, h2, and openssl crates addressed some (potential or confirmed) security or soundness issues:

tokio: RUSTSEC-2023-0005
h2: RUSTSEC-2023-0034 / CVE-2023-26964
openssl: RUSTSEC-2023-0022, RUSTSEC-2023-0023, RUSTSEC-2023-0024

This update contains rebuilds of all affected applications against the latest versions of these crates, which have addressed all linked issues.

Advisories

clevis-pin-tpm2-0.5.2-5.fc38 greetd-0.9.0-4.fc38 keyring-ima-signer-0.1.0-9.fc38 libkrun-1.5.0-2.fc38 mirrorlist-server-3.0.6-6.fc38 nispor-1.2.10-4.fc38 nmstate-2.2.10-4.fc38 rust-afterburn-5.4.0-3.fc38 rust-below-0.6.3-4.fc38 rust-bodhi-cli-2.1.0-2.fc38 rust-cargo-c-0.9.12-4.fc38 rust-coreos-installer-0.17.0-3.fc38 rust-fedora-update-feedback-2.1.2-2.fc38 rust-git-delta-0.13.0-5.fc38 rust-gst-plugin-reqwest-0.10.4-2.fc38 rust-pore-0.1.8-3.fc38 rust-rpm-sequoia-1.4.0-2.fc38 rust-sequoia-octopus-librnp-1.4.1-8.fc38 rust-sequoia-policy-config-0.6.0-3.fc38 rust-sequoia-sq-0.26.0-7.fc38 rust-sevctl-0.3.2-4.fc38 rust-tealdeer-1.6.1-2.fc38 rust-ybaas-0.0.10-7.fc38

May 4, 2023

Read Time:1 Minute, 13 Second

FEDORA-2023-cc21019773

Packages in this update:

clevis-pin-tpm2-0.5.2-5.fc38
greetd-0.9.0-4.fc38
keyring-ima-signer-0.1.0-9.fc38
libkrun-1.5.0-2.fc38
mirrorlist-server-3.0.6-6.fc38
nispor-1.2.10-4.fc38
nmstate-2.2.10-4.fc38
rust-afterburn-5.4.0-3.fc38
rust-below-0.6.3-4.fc38
rust-bodhi-cli-2.1.0-2.fc38
rust-cargo-c-0.9.12-4.fc38
rust-coreos-installer-0.17.0-3.fc38
rust-fedora-update-feedback-2.1.2-2.fc38
rust-git-delta-0.13.0-5.fc38
rust-gst-plugin-reqwest-0.10.4-2.fc38
rust-pore-0.1.8-3.fc38
rust-rpm-sequoia-1.4.0-2.fc38
rust-sequoia-octopus-librnp-1.4.1-8.fc38
rust-sequoia-policy-config-0.6.0-3.fc38
rust-sequoia-sq-0.26.0-7.fc38
rust-sevctl-0.3.2-4.fc38
rust-tealdeer-1.6.1-2.fc38
rust-ybaas-0.0.10-7.fc38

Update description:

Recent updates for the tokio, h2, and openssl crates addressed some (potential or confirmed) security or soundness issues:

tokio: RUSTSEC-2023-0005
h2: RUSTSEC-2023-0034 / CVE-2023-26964
openssl: RUSTSEC-2023-0022, RUSTSEC-2023-0023, RUSTSEC-2023-0024

This update contains rebuilds of all affected applications against the latest versions of these crates, which have addressed all linked issues.

Advisories

clevis-pin-tpm2-0.5.2-5.fc39 greetd-0.9.0-4.fc39 keyring-ima-signer-0.1.0-9.fc39 libkrun-1.5.0-2.fc39 mirrorlist-server-3.0.6-6.fc39 nispor-1.2.10-4.fc39 nmstate-2.2.10-4.fc39 rust-afterburn-5.4.0-3.fc39 rust-below-0.6.3-4.fc39 rust-bodhi-cli-2.1.0-2.fc39 rust-cargo-c-0.9.12-4.fc39 rust-coreos-installer-0.17.0-3.fc39 rust-fedora-update-feedback-2.1.2-2.fc39 rust-git-delta-0.13.0-5.fc39 rust-gst-plugin-reqwest-0.10.4-2.fc39 rust-pore-0.1.8-3.fc39 rust-rpm-sequoia-1.4.0-2.fc39 rust-sequoia-octopus-librnp-1.4.1-8.fc39 rust-sequoia-policy-config-0.6.0-3.fc39 rust-sequoia-sq-0.26.0-7.fc39 rust-sevctl-0.3.2-4.fc39 rust-tealdeer-1.6.1-2.fc39 rust-ybaas-0.0.10-7.fc39

May 4, 2023

Read Time:1 Minute, 13 Second

FEDORA-2023-d88521bfc5

Packages in this update:

clevis-pin-tpm2-0.5.2-5.fc39
greetd-0.9.0-4.fc39
keyring-ima-signer-0.1.0-9.fc39
libkrun-1.5.0-2.fc39
mirrorlist-server-3.0.6-6.fc39
nispor-1.2.10-4.fc39
nmstate-2.2.10-4.fc39
rust-afterburn-5.4.0-3.fc39
rust-below-0.6.3-4.fc39
rust-bodhi-cli-2.1.0-2.fc39
rust-cargo-c-0.9.12-4.fc39
rust-coreos-installer-0.17.0-3.fc39
rust-fedora-update-feedback-2.1.2-2.fc39
rust-git-delta-0.13.0-5.fc39
rust-gst-plugin-reqwest-0.10.4-2.fc39
rust-pore-0.1.8-3.fc39
rust-rpm-sequoia-1.4.0-2.fc39
rust-sequoia-octopus-librnp-1.4.1-8.fc39
rust-sequoia-policy-config-0.6.0-3.fc39
rust-sequoia-sq-0.26.0-7.fc39
rust-sevctl-0.3.2-4.fc39
rust-tealdeer-1.6.1-2.fc39
rust-ybaas-0.0.10-7.fc39

Update description:

Recent updates for the tokio, h2, and openssl crates addressed some (potential or confirmed) security or soundness issues:

tokio: RUSTSEC-2023-0005
h2: RUSTSEC-2023-0034 / CVE-2023-26964
openssl: RUSTSEC-2023-0022, RUSTSEC-2023-0023, RUSTSEC-2023-0024

This update contains rebuilds of all affected applications against the latest versions of these crates, which have addressed all linked issues.

News

Consumer Group Slams Bank App Fraud Failings

May 4, 2023

Read Time:3 Second

Which? wants banks to improve customer outreach and security

News

Malicious HTML Attachment Volumes Surge

May 4, 2023

Read Time:3 Second

File type remains the most dangerous in email-borne threats

News

US Authorities Dismantle Dark Web “Card Checking” Platform

May 4, 2023

Read Time:3 Second

Try2Check helped cyber-criminals test stolen card details

Advisories

USN-6055-1: Ruby vulnerabilities

May 4, 2023

Read Time:21 Second

It was discovered that Ruby incorrectly handled certain regular expressions.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2023-28755)

It was discovered that Ruby incorrectly handled certain regular expressions.
An attacker could possibly use this issue to cause a denial of service.
This issue is being addressed only for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.
(CVE-2023-28756)

News

Apple and Google join forces to combat AirTag stalking

May 4, 2023

Read Time:11 Second

Apple and Google have announced that they are teaming up in order to combat the safety risks associated with AirTags and other tracking devices.

Read more in my article on the Hot for Security blog.

Advisories

ZDI-23-537: D-Link DAP-1360 Hardcoded Credentials Authentication Bypass Vulnerability

May 4, 2023

Read Time:8 Second

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability.

Cyber Security News

Daily Archives: May 4, 2023

rust-below-0.6.3-4.el9 rust-cargo-c-0.9.12-4.el9 rust-pore-0.1.8-3.el9

FEDORA-EPEL-2023-5114b71516

Packages in this update:

Update description:

FEDORA-2023-37ae269843

Packages in this update:

Update description:

FEDORA-2023-cc21019773

Packages in this update:

Update description:

FEDORA-2023-d88521bfc5

Packages in this update:

Update description:

Consumer Group Slams Bank App Fraud Failings

Malicious HTML Attachment Volumes Surge

US Authorities Dismantle Dark Web “Card Checking” Platform

USN-6055-1: Ruby vulnerabilities

Apple and Google join forces to combat AirTag stalking

ZDI-23-537: D-Link DAP-1360 Hardcoded Credentials Authentication Bypass Vulnerability

News, Advisories and much more