Secret government requests for Android and iOS push notification data should be made public, argues Ron Wyden
Daily Archives: December 7, 2023
Cambridge Hospitals Admit Two Excel-Based Data Breaches
Information on cancer and maternity patients was accidentally disclosed by Cambridge University Hospitals NHS Foundation Trust
See me talking about “Future-proofing enterprise cybersecurity for AI, vulnerabilities, and business risks”
Using real-life examples of organisations who have been hacked, I’ll be discussing with experts from Skybox Security the importance of adopting a resilient strategy for dealing with vulnerabilities inside your organisation.
curl-8.2.1-4.fc39
FEDORA-2023-9de8973300
Packages in this update:
curl-8.2.1-4.fc39
Update description:
fix HSTS long file name clears contents (CVE-2023-46219)
fix cookie mixed case PSL bypass (CVE-2023-46218)
chromium-120.0.6099.62-2.fc38
FEDORA-2023-a32ad3e643
Packages in this update:
chromium-120.0.6099.62-2.fc38
Update description:
Update to 120.0.6099.62, upstream release fixes follow security issues:
High CVE-2023-6508: Use after free in Media Stream
High CVE-2023-6509: Use after free in Side Panel Search
Medium CVE-2023-6510: Use after free in Media Capture
Low CVE-2023-6511: Inappropriate implementation in Autofill
Low CVE-2023-6512: Inappropriate implementation in Web Browser UI
chromium-120.0.6099.62-1.el7
FEDORA-EPEL-2023-259055935d
Packages in this update:
chromium-120.0.6099.62-1.el7
Update description:
Update to 120.0.6099.62, upstream release fixes follow security issues:
High CVE-2023-6508: Use after free in Media Stream
High CVE-2023-6509: Use after free in Side Panel Search
Medium CVE-2023-6510: Use after free in Media Capture
Low CVE-2023-6511: Inappropriate implementation in Autofill
Low CVE-2023-6512: Inappropriate implementation in Web Browser UI
update to 119.0.6045.199, upstream security release
High CVE-2023-6348: Type Confusion in Spellcheck
High CVE-2023-6347: Use after free in Mojo
High CVE-2023-6346: Use after free in WebAudio
High CVE-2023-6350: Out of bounds memory access in libavif
High CVE-2023-6351: Use after free in libavif
High CVE-2023-6345: Integer overflow in Skia
chromium-120.0.6099.62-2.el9
FEDORA-EPEL-2023-8d617060ef
Packages in this update:
chromium-120.0.6099.62-2.el9
Update description:
Update to 120.0.6099.62, upstream release fixes follow security issues:
High CVE-2023-6508: Use after free in Media Stream
High CVE-2023-6509: Use after free in Side Panel Search
Medium CVE-2023-6510: Use after free in Media Capture
Low CVE-2023-6511: Inappropriate implementation in Autofill
Low CVE-2023-6512: Inappropriate implementation in Web Browser UI
update to 119.0.6045.199, upstream security release
High CVE-2023-6348: Type Confusion in Spellcheck
High CVE-2023-6347: Use after free in Mojo
High CVE-2023-6346: Use after free in WebAudio
High CVE-2023-6350: Out of bounds memory access in libavif
High CVE-2023-6351: Use after free in libavif
High CVE-2023-6345: Integer overflow in Skia
chromium-120.0.6099.62-2.el8
FEDORA-EPEL-2023-d0b9bcb64f
Packages in this update:
chromium-120.0.6099.62-2.el8
Update description:
Update to 120.0.6099.62, upstream release fixes follow security issues:
High CVE-2023-6508: Use after free in Media Stream
High CVE-2023-6509: Use after free in Side Panel Search
Medium CVE-2023-6510: Use after free in Media Capture
Low CVE-2023-6511: Inappropriate implementation in Autofill
Low CVE-2023-6512: Inappropriate implementation in Web Browser UI
update to 119.0.6045.199, upstream security release
High CVE-2023-6348: Type Confusion in Spellcheck
High CVE-2023-6347: Use after free in Mojo
High CVE-2023-6346: Use after free in WebAudio
High CVE-2023-6350: Out of bounds memory access in libavif
High CVE-2023-6351: Use after free in libavif
High CVE-2023-6345: Integer overflow in Skia
ZDI-23-1763: Apple macOS Hydra Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. Interaction with the Hydra library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2023-42826.
USN-6540-1: BlueZ vulnerability
It was discovered that BlueZ did not properly restrict non-bonded devices
from injecting HID events into the input subsystem. This could allow a
physically proximate attacker to inject keystrokes and execute arbitrary
commands whilst the device is discoverable.