Here’s a fantastic video of Taonius Borealis, a glass squid, from NOAA.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Read my blog posting guidelines here.
Tavis Ormandy discovered that some AMD processors did not properly handle
speculative execution of certain vector register instructions. A local
attacker could use this to expose sensitive information. (CVE-2023-20593)
Zheng Zhang discovered that the device-mapper implementation in the Linux
kernel did not properly handle locking during table_clear() operations. A
local attacker could use this to cause a denial of service (kernel
deadlock). (CVE-2023-2269)
It was discovered that a use-after-free vulnerability existed in the HFS+
file system implementation in the Linux kernel. A local attacker could
possibly use this to cause a denial of service (system crash).
(CVE-2023-2985)
It was discovered that the DVB Core driver in the Linux kernel did not
properly handle locking events in certain situations. A local attacker
could use this to cause a denial of service (kernel deadlock).
(CVE-2023-31084)
It was discovered that the Quick Fair Queueing network scheduler
implementation in the Linux kernel contained an out-of-bounds write
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-3611)
It was discovered that the network packet classifier with
netfilter/firewall marks implementation in the Linux kernel did not
properly handle reference counting, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-3776)
Posted by Apple Product Security via Fulldisclosure on Sep 08
APPLE-SA-2023-09-07-3 watchOS 9.6.2
watchOS 9.6.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT213907.
Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.
Wallet
Available for: Apple Watch Series 4 and later
Impact: A maliciously crafted attachment may result in arbitrary code…
Posted by Apple Product Security via Fulldisclosure on Sep 08
APPLE-SA-2023-09-07-2 iOS 16.6.1 and iPadOS 16.6.1
iOS 16.6.1 and iPadOS 16.6.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT213905.
Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.
ImageIO
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd
generation and…
Posted by Apple Product Security via Fulldisclosure on Sep 08
APPLE-SA-2023-09-07-1 macOS Ventura 13.5.2
macOS Ventura 13.5.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT213906.
Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.
ImageIO
Available for: macOS Ventura
Impact: Processing a maliciously crafted image may lead to arbitrary
code…
What comes next after you’ve achieved compliance? We’ve got seven things for your consideration. A CIS SecureSuite Membership can help.
golang-1.21.1-1.fc39
This release includes fixes to the go command, the crypto/tls, net/http packages, and several more.
golang-1.19.13-1.fc37
This release includes fixes to the go command, the crypto/tls, net/http packages, and several more.
golang-1.20.8-1.fc38
This release includes fixes to the go command, the crypto/tls, net/http packages, and several more.
The findings come from a new report released by Microsoft Threat Analysis Center on Thursday
