Read Time:10 Second
FEDORA-2023-b659c62db9
Packages in this update:
drupal7-7.98-1.fc39
Monthly Archives: September 2023
drupal7-7.98-1.el7
Read Time:11 Second
FEDORA-EPEL-2023-ffb6e04eb7
Packages in this update:
drupal7-7.98-1.el7
Update description:
drupal7-7.98-1.fc38
Read Time:10 Second
FEDORA-2023-f4d22f8a92
Packages in this update:
drupal7-7.98-1.fc38
Update description:
drupal7-7.98-1.fc37
Read Time:10 Second
FEDORA-2023-83aeb73043
Packages in this update:
drupal7-7.98-1.fc37
Update description:
USN-6397-1: Linux kernel (BlueField) vulnerabilities
Read Time:3 Minute, 12 Second
Daniel Moghimi discovered that some Intel(R) Processors did not properly
clear microarchitectural state after speculative execution of various
instructions. A local unprivileged user could use this to obtain to
sensitive information. (CVE-2022-40982)
Ruihan Li discovered that the bluetooth subsystem in the Linux kernel did
not properly perform permissions checks when handling HCI sockets. A
physically proximate attacker could use this to cause a denial of service
(bluetooth communication). (CVE-2023-2002)
Tavis Ormandy discovered that some AMD processors did not properly handle
speculative execution of certain vector register instructions. A local
attacker could use this to expose sensitive information. (CVE-2023-20593)
Zi Fan Tan discovered that the binder IPC implementation in the Linux
kernel contained a use-after-free vulnerability. A local attacker could use
this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2023-21255)
Juan Jose Lopez Jaimez, Meador Inge, Simon Scannell, and Nenad Stojanovski
discovered that the BPF verifier in the Linux kernel did not properly mark
registers for precision tracking in certain situations, leading to an out-
of-bounds access vulnerability. A local attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2023-2163)
Zheng Zhang discovered that the device-mapper implementation in the Linux
kernel did not properly handle locking during table_clear() operations. A
local attacker could use this to cause a denial of service (kernel
deadlock). (CVE-2023-2269)
It was discovered that the DVB Core driver in the Linux kernel did not
properly handle locking events in certain situations. A local attacker
could use this to cause a denial of service (kernel deadlock).
(CVE-2023-31084)
It was discovered that the kernel->user space relay implementation in the
Linux kernel did not properly perform certain buffer calculations, leading
to an out-of-bounds read vulnerability. A local attacker could use this to
cause a denial of service (system crash) or expose sensitive information
(kernel memory). (CVE-2023-3268)
It was discovered that the video4linux driver for Philips based TV cards in
the Linux kernel contained a race condition during device removal, leading
to a use-after-free vulnerability. A physically proximate attacker could
use this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2023-35823)
It was discovered that the SDMC DM1105 PCI device driver in the Linux
kernel contained a race condition during device removal, leading to a use-
after-free vulnerability. A physically proximate attacker could use this to
cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2023-35824)
It was discovered that the Renesas USB controller driver in the Linux
kernel contained a race condition during device removal, leading to a use-
after-free vulnerability. A privileged attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2023-35828)
It was discovered that the universal 32bit network packet classifier
implementation in the Linux kernel did not properly perform reference
counting in some situations, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2023-3609)
It was discovered that the Quick Fair Queueing network scheduler
implementation in the Linux kernel contained an out-of-bounds write
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-3611)
It was discovered that the network packet classifier with
netfilter/firewall marks implementation in the Linux kernel did not
properly handle reference counting, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-3776)
Exiled Russian journalist claims “European state” hacked her iPhone with Pegasus spyware
Read Time:15 Second
The founder of a news outlet outlawed in Russia for its independent reporting and stance on the war in Ukraine, believes that a country in the European Union was behind the hacking of her iPhone with military-grade spyware.
Read more in my article on the Hot for Security blog.
More than 30 US Banks Targeted in New Xenomorph Malware Campaign
Read Time:4 Second
ThreatFabric explained the malware relies on deceptive phishing webpages posing as a Chrome update
xen-4.16.5-2.fc37
Read Time:17 Second
FEDORA-2023-948136565a
Packages in this update:
xen-4.16.5-2.fc37
Update description:
arm32: The cache may not be properly cleaned/invalidated [XSA-437,
CVE-2023-34321]
top-level shadow reference dropped too early for 64-bit PV guests
[XSA-438, CVE-2023-34322]
x86/AMD: Divide speculative information leak [XSA-439, CVE-2023-20588]
ZenRAT Malware Uncovered in Bitwarden Impersonation
Read Time:4 Second
Discovered by Proofpoint, ZenRAT is a modular remote access trojan targeting Windows users
xen-4.17.2-2.fc38
Read Time:17 Second
FEDORA-2023-4125279976
Packages in this update:
xen-4.17.2-2.fc38
Update description:
arm32: The cache may not be properly cleaned/invalidated [XSA-437,
CVE-2023-34321]
top-level shadow reference dropped too early for 64-bit PV guests
[XSA-438, CVE-2023-34322]
x86/AMD: Divide speculative information leak [XSA-439, CVE-2023-20588]