FEDORA-2024-d351e7318e
Packages in this update:
c-ares-1.28.1-1.fc38
Update description:
1.28.1 fixes a significant bug in 1.28.0.
Update to 1.28.0. Also fixes CVE-2024-25629.
c-ares-1.28.1-1.fc38
1.28.1 fixes a significant bug in 1.28.0.
Update to 1.28.0. Also fixes CVE-2024-25629.
c-ares-1.28.1-1.fc40
1.28.1 fixes a significant bug in 1.28.0.
Update to 1.28.0. Also fixes CVE-2024-25629.
c-ares-1.28.1-1.fc39
1.28.1 fixes a significant bug in 1.28.0.
Update to 1.28.0. Also fixes CVE-2024-25629.
Two security issues were discovered in MediaWiki, a website engine for
collaborative work, which could result in cross-site scripting or denial
of service.
Skyler Ferrante discovered that the wall tool from util-linux does not
properly handle escape sequences from command line arguments. A local
attacker can take advantage of this flaw for information disclosure.
With this update wall and write are not anymore installed with setgid
tty.
AT&T, one of the largest telecom giants, recently acknowledged a significant data leak that has affected millions of its customers. The leaked dataset, which includes personal information such as names, addresses, phone numbers, and Social Security numbers, has raised concerns about privacy and security. In this blog post, we will provide an overview of the situation, explain the steps AT&T is taking to address the issue, and offer guidance on how you can protect yourself.
The Data Leak: AT&T has confirmed that the leaked dataset contains information from over 7.6 million current customers and 65 million former customers. The compromised data may include full names, email addresses, mailing addresses, phone numbers, Social Security numbers, dates of birth, AT&T account numbers, and passcodes. The company has reset the security passcodes of affected active customers.
AT&T’s Response: AT&T is actively reaching out to affected customers via email or letter to inform them about the data that was included in the leak and the measures being taken to address the situation. The company has also initiated a thorough investigation, working with external cybersecurity experts to analyze the incident. So far, there is no evidence of authorized access to AT&T’s systems resulting in data exfiltration.
Protecting Yourself: If you are an AT&T customer, it is crucial to take steps to protect yourself from potential fraud or identity theft. AT&T recommends setting up free fraud alerts with credit bureaus Equifax, Experian, and TransUnion. These alerts can help notify you of any suspicious activity related to your personal information. Additionally, consider implementing the following measures:
Monitor Your Accounts: Regularly review your bank statements, credit card statements, and other financial accounts for any unauthorized transactions.
Change Passwords: Update your passwords for all online accounts, including your AT&T account. Use strong, unique passwords and consider using a password manager to securely store them.
Enable Two-Factor Authentication: Enable two-factor authentication whenever possible to add an extra layer of security to your accounts.
Be Cautious of Phishing Attempts: Stay vigilant against phishing emails, calls, or texts that may try to trick you into revealing sensitive information. Be skeptical of any unsolicited communications and verify the source before sharing any personal data
Enroll in an Identity Monitoring service. McAfee+ can help keep your personal info safe, with early alerts if your data is found on the dark web. We’ll monitor the dark web for your personal info, including email, government IDs, credit card and bank account numbers, and more
McAfee+ automatically monitors your personal data, including your:
✓ Social Security Number / Government ID
✓ Driver’s license number
✓ Passport number
✓ Tax ID
✓ Date of birth
✓ Credit card numbers
✓ Bank account numbers
✓ Usernames
✓ Insurance ID cards
✓ Email addresses
✓ Phone numbers
AT&T’s data leak is a concerning incident that highlights the importance of safeguarding personal information in the digital age. By staying informed, taking proactive measures to protect yourself, and remaining vigilant against potential threats, you can minimize the risk of falling victim to fraud or identity theft. Remember, your privacy and security are paramount, and it’s crucial to stay one step ahead of cybercriminals.
The post AT&T Data Leak: What You Need to Know and How to Protect Yourself appeared first on McAfee Blog.
libvirt-sandbox-0.8.0-15.fc40
rebuild to ensure vulnerable xz isn’t statically linked
libopenmpt-0.7.6-1.el8
[Sec] Potential heap out-of-bounds read or write past sample end with malformed sustain loops in SymMOD files (r20420).
MED: Transposed samples were playing too low in some files (e.g. mix94.mmd1).
OKT: Some files with garbage at the end were rejected (e.g. katharsis – piano lesson.okta).
Compressor DMO: It was possible that the plugin would not behave as intended at mix rates above 500 kHz.
Avoid re-allocating the loop state map contents on every playthrough of the module.
[Sec] Null-pointer write (32bit platforms) or excessive memory allocation (64bit platforms) when reading close to 4GiB of data from unseekable files (r20336, r20338).
[Sec] Write buffer overflow when reading unseekable files close to 4GiB in size (r20339).
[Sec] Possible out-of-memory (32bit platforms) or excessive memory allocation (64bit platforms) when reading malformed data from unseekable files (r20340).
[Sec] DMF: Possible null-pointer write or excessive memory allocation when reading DMF files (r20323).
IT: In the previous version, Zxx macros in IT files made with older MPT versions were no longer working.
There was a periodic click when playing a module using the Chorus or Flanger DMO plugin at a mix rate exceeding ~136.5 kHz.
An older bugfix for undefined behaviour in the Distortion DMO plugin was incorrect, causing the distorted sound to be different in some situations.
xmp-openmpt: Metadata retrievel for playlist items was broken.
[Bug] Makefile: libopenmpt 0.7.3 broke running the test suite for Emscripten builds.
openmpt123: openmpt123 now uses a narrower layout on terminal windows with a width of less than 72 characters.
Setting all possible load_skip flags resulted in nothing being loaded at all, instead of just not loading the selected module parts.
When playing all subsongs, set_position_seconds didn’t always calculate the correct subsong to jump to.
IT: A few more compatibility flags are now disabled for modules saved with earlier Schism Tracker versions.
IT: MIDI macros were reset in IT 2.14 / 2.15 files that declared to be compatible with older IT versions (fixes spx-visionsofthepast.it).
OKT: Work around missing negative arpeggio implementation by transposing the notes up an octave.
OKT: Channel volume commands were sometimes lost over less important effects.
IMF: Ignore magic bytes in sample header. “Leaving All Behind” by Karsten Koch uses unexpected magic bytes, Orpheus ignores them just like the instrument header magic bytes.
zlib: Update to v1.3.1 (2024-01-22).
mpg123: Update to v1.32.5 (2024-02-17).
pugixml: Update to v1.14 (2023-10-01).
libopenmpt-0.7.6-1.el9
[Sec] Potential heap out-of-bounds read or write past sample end with malformed sustain loops in SymMOD files (r20420).
MED: Transposed samples were playing too low in some files (e.g. mix94.mmd1).
OKT: Some files with garbage at the end were rejected (e.g. katharsis – piano lesson.okta).
Compressor DMO: It was possible that the plugin would not behave as intended at mix rates above 500 kHz.
Avoid re-allocating the loop state map contents on every playthrough of the module.
[Sec] Null-pointer write (32bit platforms) or excessive memory allocation (64bit platforms) when reading close to 4GiB of data from unseekable files (r20336, r20338).
[Sec] Write buffer overflow when reading unseekable files close to 4GiB in size (r20339).
[Sec] Possible out-of-memory (32bit platforms) or excessive memory allocation (64bit platforms) when reading malformed data from unseekable files (r20340).
[Sec] DMF: Possible null-pointer write or excessive memory allocation when reading DMF files (r20323).
IT: In the previous version, Zxx macros in IT files made with older MPT versions were no longer working.
There was a periodic click when playing a module using the Chorus or Flanger DMO plugin at a mix rate exceeding ~136.5 kHz.
An older bugfix for undefined behaviour in the Distortion DMO plugin was incorrect, causing the distorted sound to be different in some situations.
xmp-openmpt: Metadata retrievel for playlist items was broken.
[Bug] Makefile: libopenmpt 0.7.3 broke running the test suite for Emscripten builds.
openmpt123: openmpt123 now uses a narrower layout on terminal windows with a width of less than 72 characters.
Setting all possible load_skip flags resulted in nothing being loaded at all, instead of just not loading the selected module parts.
When playing all subsongs, set_position_seconds didn’t always calculate the correct subsong to jump to.
IT: A few more compatibility flags are now disabled for modules saved with earlier Schism Tracker versions.
IT: MIDI macros were reset in IT 2.14 / 2.15 files that declared to be compatible with older IT versions (fixes spx-visionsofthepast.it).
OKT: Work around missing negative arpeggio implementation by transposing the notes up an octave.
OKT: Channel volume commands were sometimes lost over less important effects.
IMF: Ignore magic bytes in sample header. “Leaving All Behind” by Karsten Koch uses unexpected magic bytes, Orpheus ignores them just like the instrument header magic bytes.
zlib: Update to v1.3.1 (2024-01-22).
mpg123: Update to v1.32.5 (2024-02-17).
pugixml: Update to v1.14 (2023-10-01).
libopenmpt-0.7.6-1.el7
[Sec] Potential heap out-of-bounds read or write past sample end with malformed sustain loops in SymMOD files (r20420).
MED: Transposed samples were playing too low in some files (e.g. mix94.mmd1).
OKT: Some files with garbage at the end were rejected (e.g. katharsis – piano lesson.okta).
Compressor DMO: It was possible that the plugin would not behave as intended at mix rates above 500 kHz.
Avoid re-allocating the loop state map contents on every playthrough of the module.
[Sec] Null-pointer write (32bit platforms) or excessive memory allocation (64bit platforms) when reading close to 4GiB of data from unseekable files (r20336, r20338).
[Sec] Write buffer overflow when reading unseekable files close to 4GiB in size (r20339).
[Sec] Possible out-of-memory (32bit platforms) or excessive memory allocation (64bit platforms) when reading malformed data from unseekable files (r20340).
[Sec] DMF: Possible null-pointer write or excessive memory allocation when reading DMF files (r20323).
IT: In the previous version, Zxx macros in IT files made with older MPT versions were no longer working.
There was a periodic click when playing a module using the Chorus or Flanger DMO plugin at a mix rate exceeding ~136.5 kHz.
An older bugfix for undefined behaviour in the Distortion DMO plugin was incorrect, causing the distorted sound to be different in some situations.
xmp-openmpt: Metadata retrievel for playlist items was broken.
[Bug] Makefile: libopenmpt 0.7.3 broke running the test suite for Emscripten builds.
openmpt123: openmpt123 now uses a narrower layout on terminal windows with a width of less than 72 characters.
Setting all possible load_skip flags resulted in nothing being loaded at all, instead of just not loading the selected module parts.
When playing all subsongs, set_position_seconds didn’t always calculate the correct subsong to jump to.
IT: A few more compatibility flags are now disabled for modules saved with earlier Schism Tracker versions.
IT: MIDI macros were reset in IT 2.14 / 2.15 files that declared to be compatible with older IT versions (fixes spx-visionsofthepast.it).
OKT: Work around missing negative arpeggio implementation by transposing the notes up an octave.
OKT: Channel volume commands were sometimes lost over less important effects.
IMF: Ignore magic bytes in sample header. “Leaving All Behind” by Karsten Koch uses unexpected magic bytes, Orpheus ignores them just like the instrument header magic bytes.
zlib: Update to v1.3.1 (2024-01-22).
mpg123: Update to v1.32.5 (2024-02-17).
pugixml: Update to v1.14 (2023-10-01).