A cruise ship is searching for the colossal squid.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Read my blog posting guidelines here.
CISA’s RVWP program sent 1754 ransomware vulnerability notifications to government and critical infrastructure entities in 2023, leading to 852 devices being secured
gdcm-3.0.23-5.fc39
TALOS-2024-1924, CVE-2024-22391: heap overflow
TALOS-2024-1935, CVE-2024-22373: out-of-bounds write
TALOS-2024-1944, CVE-2024-25569: out-of-bounds read
Replace deprecated PyEval_CallObject for compatibility with Python 3.13
gdcm-3.0.12-7.el9
TALOS-2024-1924, CVE-2024-22391: heap overflow
TALOS-2024-1935, CVE-2024-22373: out-of-bounds write
TALOS-2024-1944, CVE-2024-25569: out-of-bounds read
Replace deprecated PyEval_CallObject for compatibility with Python 3.13
gdcm-3.0.21-4.fc38
TALOS-2024-1924, CVE-2024-22391: heap overflow
TALOS-2024-1935, CVE-2024-22373: out-of-bounds write
TALOS-2024-1944, CVE-2024-25569: out-of-bounds read
Replace deprecated PyEval_CallObject for compatibility with Python 3.13
gdcm-3.0.23-5.fc40
TALOS-2024-1924, CVE-2024-22391: heap overflow
TALOS-2024-1935, CVE-2024-22373: out-of-bounds write
TALOS-2024-1944, CVE-2024-25569: out-of-bounds read
Replace deprecated PyEval_CallObject for compatibility with Python 3.13
gdcm-3.0.23-5.fc41
Automatic update for gdcm-3.0.23-5.fc41.
* Fri Apr 26 2024 Sandro <devel@penguinpee.nl> – 3.0.23-5
– Apply security patches
– Fix TALOS-2024-1924, CVE-2024-22391 (RHBZ#2277288)
– Fix TALOS-2024-1935, CVE-2024-22373 (RHBZ#2277292)
– Fix TALOS-2024-1944, CVE-2024-25569 (RHBZ#2277296)
* Fri Apr 19 2024 Sandro <devel@penguinpee.nl> – 3.0.23-4
– Replace deprecated PyEval_CallObject() (RHBZ#2245816)
* Fri Mar 22 2024 Sérgio M. Basto <sergio@serjux.com> – 3.0.23-3
– Update URL
Kashmir Hill has a really good article on how GM tricked its drivers into letting it spy on them—and then sold that data to insurance companies.
The US Federal Trade Commission will send $5.6m worth of refunds to the spied-on customers of the Amazon-owned home camera company
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lexmark CX331adwe printers. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2023-50739.