FEDORA-2023-4bb75fa8f2
Packages in this update:
tigervnc-1.13.1-6.fc39
Update description:
Fixes CVEs reported against Xserver.
tigervnc-1.13.1-6.fc39
Fixes CVEs reported against Xserver.
tigervnc-1.13.1-6.fc37
Fixes CVEs reported against Xserver.
Jenny Radcliffe talks to Infosecurity about the changing nature of social engineering scams and the threats posed by AI
Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Successful exploitation of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
The creation of USAISI comes a few days after Biden’s Executive Order on Safe, Secure AI
Top-level discussions on AI safety are not enough – we need to take action now
Apple has warned leaders of the opposition government in India that their phones are being spied on:
Multiple top leaders of India’s opposition parties and several journalists have received a notification from Apple, saying that “Apple believes you are being targeted by state-sponsored attackers who are trying to remotely compromise the iPhone associated with your Apple ID ….”
AccessNow puts this in context:
For India to uphold fundamental rights, authorities must initiate an immediate independent inquiry, implement a ban on the use of rights-abusing commercial spyware, and make a commitment to reform the country’s surveillance laws. These latest warnings build on repeated instances of cyber intrusion and spyware usage, and highlights the surveillance impunity in India that continues to flourish despite the public outcry triggered by the 2019 Pegasus Project revelations.
Ashley Newson discovered that xrdp incorrectly handled memory when
processing certain incoming connections. An attacker could possibly use
this issue to cause a denial of service or arbitrary code execution.