Read Time:12 Second
FEDORA-2023-932b0c86f4
Packages in this update:
python-urllib3-1.26.18-1.fc38
Update description:
Update to 1.26.18. Mitigates CVE-2023-45803 / GHSA-g4mx-q9vg-27p4.
Monthly Archives: October 2023
python-urllib3-1.26.18-1.fc39
Read Time:12 Second
FEDORA-2023-18f03a150d
Packages in this update:
python-urllib3-1.26.18-1.fc39
Update description:
Update to 1.26.18. Mitigates CVE-2023-45803 / GHSA-g4mx-q9vg-27p4.
Analysis of Intellexa’s Predator Spyware
Read Time:17 Second
Amnesty International has published a comprehensive analysis of the Predator government spyware products.
These technologies used to be the exclusive purview of organizations like the NSA. Now they’re available to every country on the planet—democratic, nondemocratic, authoritarian, whatever—for a price. This is the legacy of not securing the Internet when we could have.
Global Economy Could Lose $3.5trn in Systemic Cyber-Attack
Read Time:6 Second
A Lloyd’s research found that the US alone would experience a $1.1trn loss in the “hypothetical but plausible” risk scenario
Five Eyes Warn Deep Tech Start-Ups Against Nation-State Threats
Read Time:6 Second
The Five Eyes intelligence agencies want start-ups dealing with cutting-edge technology to bolster their protections against nation-state threats
redis-7.0.14-1.fc38
Read Time:21 Second
FEDORA-2023-77ed1e26a4
Packages in this update:
redis-7.0.14-1.fc38
Update description:
Redis 7.0.14 Released Wed 18 Oct 2023 10:33:40 IDT
Upgrade urgency SECURITY: See security fixes below.
Security fixes
(CVE-2023-45145) The wrong order of listen(2) and chmod(2) calls creates a
race condition that can be used by another process to bypass desired Unix
socket permissions on startup.
redis-7.0.14-1.fc37
Read Time:21 Second
FEDORA-2023-8a9087f089
Packages in this update:
redis-7.0.14-1.fc37
Update description:
Redis 7.0.14 Released Wed 18 Oct 2023 10:33:40 IDT
Upgrade urgency SECURITY: See security fixes below.
Security fixes
(CVE-2023-45145) The wrong order of listen(2) and chmod(2) calls creates a
race condition that can be used by another process to bypass desired Unix
socket permissions on startup.
redis-7.2.2-1.fc39
Read Time:53 Second
FEDORA-2023-fd75e4f307
Packages in this update:
redis-7.2.2-1.fc39
Update description:
Redis 7.2.2 Released Wed 18 Oct 2023 10:33:40 IDT
Upgrade urgency SECURITY: See security fixes below.
Security fixes
(CVE-2023-45145) The wrong order of listen(2) and chmod(2) calls creates a
race condition that can be used by another process to bypass desired Unix
socket permissions on startup.
Bug fixes
WAITAOF could timeout in the absence of write traffic in case a new AOF is
created and an AOF rewrite can’t immediately start (#12620)
Redis cluster
Fix crash when running rebalance command in a mixed cluster of 7.0 and 7.2
nodes (#12604)
Fix the return type of the slot number in cluster shards to integer, which
makes it consistent with past behavior (#12561)
Fix CLUSTER commands are called from modules or scripts to return TLS info
appropriately (#12569)
Changes in CLI tools
redis-cli, fix crash on reconnect when in SUBSCRIBE mode (#12571)
Module API changes
Fix overflow calculation for next timer event (#12474)
FBI: Hackers Are Extorting Plastic Surgery Patients
Read Time:5 Second
Cybercriminals are harvesting sensitive medical data from plastic surgery offices as leverage for extortion demands
ZDI-23-1559: F5 BIG-IP OS unzip Directory Traversal Remote Code Execution Vulnerability
Read Time:13 Second
This vulnerability allows remote attackers to execute arbitrary code on affected installations of F5 BIG-IP OS. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2023-41373.