Post Content
Yearly Archives: 2023
GLSA 202311-04: Zeppelin: Multiple Vulnerabilities
GLSA 202311-03: SQLite: Multiple Vulnerabilities
USN-6513-1: Python vulnerabilities
It was discovered that Python incorrectly handled certain plist files.
If a user or an automated system were tricked into processing a specially
crafted plist file, an attacker could possibly use this issue to consume
resources, resulting in a denial of service. (CVE-2022-48564)
It was discovered that Python instances of ssl.SSLSocket were vulnerable
to a bypass of the TLS handshake. An attacker could possibly use this
issue to cause applications to treat unauthenticated received data before
TLS handshake as authenticated data after TLS handshake. (CVE-2023-40217)
USN-6512-1: LibTIFF vulnerabilities
It was discovered that LibTIFF could be made to run into an infinite loop.
If a user or an automated system were tricked into opening a specially
crafted image file, an attacker could possibly use this issue to cause a
denial of service. (CVE-2022-40090)
It was discovered that LibTIFF could be made leak memory. If a user or an
automated system were tricked into opening a specially crafted image file,
an attacker could possibly use this issue to cause a denial of service.
(CVE-2023-3576)
libcap-2.48-8.fc39
FEDORA-2023-ad944c2d34
Packages in this update:
libcap-2.48-8.fc39
Update description:
Backport fix for CVE-2023-2602 and CVE-2023-2603
$9 million seized from “pig butchering” scammers who preyed on lonely hearts
US authorities have seized almost $9 million worth of cryptocurrency linked to a gang engaged in cryptocurrency investment fraud and romance scams.
Read more in my article on the Tripwire State of Security blog.
libcap-2.48-7.fc38
FEDORA-2023-5911638116
Packages in this update:
libcap-2.48-7.fc38
Update description:
Backport fix for CVE-2023-2602 and CVE-2023-2603
InfectedSlurs Botnet Resurrects Mirai With Zero-Days
The investigation conducted by Akamai in late October 2023 revealed a specific HTTP exploit path
Rug Pull Schemes: Crypto Investor Losses Near $1M
New scam identified by Check Point Threat Intelligence Blockchain system