Graham Cluley Security News is sponsored this week by the folks at Expel. Thanks to the great team there for their support! Every quarter, the Expel security operations centre (SOC) publishes its Quarterly Threat Report (QTR) to distill all the trends, notable new behaviours, and unusual attacks it saw in the previous quarter. By sharing … Continue reading “The Expel Quarterly Threat Report distills the threats and trends the Expel SOC saw in Q2. Download it now.”
Daily Archives: September 19, 2023
linux-firmware-20230919-1.fc39
FEDORA-2023-dd3ebcea25
Packages in this update:
linux-firmware-20230919-1.fc39
Update description:
Update to upstream 20230919 release:
amd-ucode: Add note on fam19h warnings
i915: update MTL HuC to version 8.5.4
amdgpu: update DMCUB to 0.0.183.0 for various AMDGPU ASICs
qcom: add link to sc8280xp audioreach firmware
qcom: sm8250: add RB5 sensors DSP firmware
qcom: Update vpu-1.0 firmware
qcom: sm8250: update DSP firmware
qcom: add firmware for the onboard WiFi on qcm2290 / qrb4210
qcom: add venus firmware files for v6.0
qcom: add firmware for QRB4210 platforms
qcom: add firmware for QCM2290 platforms
qcom: add GPU firmware for QCM2290 / QRB2210
ath10k/WCN3990: move wlanmdsp to qcom/sdm845
QCA: Update Bluetooth WCN685x 2.1 firmware to 2.1.0-00605
Fix carl9170fw shell scripts for shellcheck errors
i915: Update MTL DMC to v2.16
Update firmware file for Intel Bluetooth AX200/AX201/AX203/AX210/AX211
Update firmware for qat_4xxx devices
Update AMD SEV firmware
rtw89: 8852b: update fw to v0.29.29.3
rtw89: 8851b: update fw to v0.29.41.2
i915: add GSC 102.0.0.1655 for MTL
cirrus: Add CS35L41 firmware for HP G11 models
Update AMD cpu microcode
rtl_bt: Add firmware v2 file for RTL8852C
Revert “rtl_bt: Update RTL8852C BT USB firmware to 0x040D_7225”
cxgb4: Update firmware to revision 1.27.4.0
linux-firmware-20230919-1.fc38
FEDORA-2023-4056a5c165
Packages in this update:
linux-firmware-20230919-1.fc38
Update description:
Update to upstream 20230919 release:
amd-ucode: Add note on fam19h warnings
i915: update MTL HuC to version 8.5.4
amdgpu: update DMCUB to 0.0.183.0 for various AMDGPU ASICs
qcom: add link to sc8280xp audioreach firmware
qcom: sm8250: add RB5 sensors DSP firmware
qcom: Update vpu-1.0 firmware
qcom: sm8250: update DSP firmware
qcom: add firmware for the onboard WiFi on qcm2290 / qrb4210
qcom: add venus firmware files for v6.0
qcom: add firmware for QRB4210 platforms
qcom: add firmware for QCM2290 platforms
qcom: add GPU firmware for QCM2290 / QRB2210
ath10k/WCN3990: move wlanmdsp to qcom/sdm845
QCA: Update Bluetooth WCN685x 2.1 firmware to 2.1.0-00605
Fix carl9170fw shell scripts for shellcheck errors
i915: Update MTL DMC to v2.16
Update firmware file for Intel Bluetooth AX200/AX201/AX203/AX210/AX211
Update firmware for qat_4xxx devices
Update AMD SEV firmware
rtw89: 8852b: update fw to v0.29.29.3
rtw89: 8851b: update fw to v0.29.41.2
i915: add GSC 102.0.0.1655 for MTL
cirrus: Add CS35L41 firmware for HP G11 models
Update AMD cpu microcode
rtl_bt: Add firmware v2 file for RTL8852C
Revert “rtl_bt: Update RTL8852C BT USB firmware to 0x040D_7225”
cxgb4: Update firmware to revision 1.27.4.0
linux-firmware-20230919-1.fc37
FEDORA-2023-defb0a89ff
Packages in this update:
linux-firmware-20230919-1.fc37
Update description:
Update to upstream 20230919 release:
amd-ucode: Add note on fam19h warnings
i915: update MTL HuC to version 8.5.4
amdgpu: update DMCUB to 0.0.183.0 for various AMDGPU ASICs
qcom: add link to sc8280xp audioreach firmware
qcom: sm8250: add RB5 sensors DSP firmware
qcom: Update vpu-1.0 firmware
qcom: sm8250: update DSP firmware
qcom: add firmware for the onboard WiFi on qcm2290 / qrb4210
qcom: add venus firmware files for v6.0
qcom: add firmware for QRB4210 platforms
qcom: add firmware for QCM2290 platforms
qcom: add GPU firmware for QCM2290 / QRB2210
ath10k/WCN3990: move wlanmdsp to qcom/sdm845
QCA: Update Bluetooth WCN685x 2.1 firmware to 2.1.0-00605
Fix carl9170fw shell scripts for shellcheck errors
i915: Update MTL DMC to v2.16
Update firmware file for Intel Bluetooth AX200/AX201/AX203/AX210/AX211
Update firmware for qat_4xxx devices
Update AMD SEV firmware
rtw89: 8852b: update fw to v0.29.29.3
rtw89: 8851b: update fw to v0.29.41.2
i915: add GSC 102.0.0.1655 for MTL
cirrus: Add CS35L41 firmware for HP G11 models
Update AMD cpu microcode
rtl_bt: Add firmware v2 file for RTL8852C
Revert “rtl_bt: Update RTL8852C BT USB firmware to 0x040D_7225”
cxgb4: Update firmware to revision 1.27.4.0
USN-6388-1: Linux kernel vulnerabilities
Daniel Moghimi discovered that some Intel(R) Processors did not properly
clear microarchitectural state after speculative execution of various
instructions. A local unprivileged user could use this to obtain to
sensitive information. (CVE-2022-40982)
Yang Lan discovered that the GFS2 file system implementation in the Linux
kernel could attempt to dereference a null pointer in some situations. An
attacker could use this to construct a malicious GFS2 image that, when
mounted and operated on, could cause a denial of service (system crash).
(CVE-2023-3212)
It was discovered that the NET/ROM protocol implementation in the Linux
kernel contained a race condition in some situations, leading to a use-
after-free vulnerability. A local attacker could use this to cause a denial
of service (system crash) or possibly execute arbitrary code.
(CVE-2023-32269)
It was discovered that the NFC implementation in the Linux kernel contained
a use-after-free vulnerability when performing peer-to-peer communication
in certain conditions. A privileged attacker could use this to cause a
denial of service (system crash) or possibly expose sensitive information
(kernel memory). (CVE-2023-3863)
It was discovered that the bluetooth subsystem in the Linux kernel did not
properly handle L2CAP socket release, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-40283)
It was discovered that some network classifier implementations in the Linux
kernel contained use-after-free vulnerabilities. A local attacker could use
this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2023-4128)
It was discovered that the JFS file system implementation in the Linux
kernel did not properly validate memory allocations in certain situations,
leading to a null pointer dereference vulnerability. An attacker could use
this to construct a malicious JFS image that, when mounted, could cause a
denial of service (system crash). (CVE-2023-4385)
It was discovered that the VMware VMXNET3 ethernet driver in the Linux
kernel contained a use-after-free vulnerability in certain situations. A
local attacker in a guest VM could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-4387)
It was discovered that the VMware VMXNET3 ethernet driver in the Linux
kernel did not properly handle errors in certain situations, leading to a
null pointer dereference vulnerability. A local attacker in a guest VM
could use this to cause a denial of service (system crash). (CVE-2023-4459)
USN-6387-1: Linux kernel vulnerabilities
Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Kopf, and Oleksii
Oleksenko discovered that some AMD processors could leak stale data from
division operations in certain situations. A local attacker could possibly
use this to expose sensitive information. (CVE-2023-20588)
It was discovered that the bluetooth subsystem in the Linux kernel did not
properly handle L2CAP socket release, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-40283)
It was discovered that some network classifier implementations in the Linux
kernel contained use-after-free vulnerabilities. A local attacker could use
this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2023-4128)
USN-6386-1: Linux kernel vulnerabilities
Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Kopf, and Oleksii
Oleksenko discovered that some AMD processors could leak stale data from
division operations in certain situations. A local attacker could possibly
use this to expose sensitive information. (CVE-2023-20588)
It was discovered that the bluetooth subsystem in the Linux kernel did not
properly handle L2CAP socket release, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-40283)
It was discovered that some network classifier implementations in the Linux
kernel contained use-after-free vulnerabilities. A local attacker could use
this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2023-4128)
Lonial Con discovered that the netfilter subsystem in the Linux kernel
contained a memory leak when handling certain element flush operations. A
local attacker could use this to expose sensitive information (kernel
memory). (CVE-2023-4569)
Yikes! My sex video has been uploaded to YouPorn, apparently
Apparently YouPorn’s AI algorithm has detected me in an uploaded sex video.
All I have to do is pay hundreds of dollars worth of Bitcoin to prevent it from being published.
#mWISE: Chinese Cyber Power Bigger Than the Rest of the World Combined
China is rising as a cyber superpower, sponsoring not just ever more highly sophisticated espionage campaigns, but also venturing into cybercrime and disinformation
python-oauthlib-3.2.2-1.fc38
FEDORA-2023-5ab7049a59
Packages in this update:
python-oauthlib-3.2.2-1.fc38
Update description:
Security fix for CVE-2022-36087 https://github.com/advisories/GHSA-3pgj-pg6c-r5p7