Read Time:9 Second
FEDORA-2024-5f84678c08
Packages in this update:
chromium-124.0.6367.201-1.fc40
Update description:
update to 124.0.6367.201
* High CVE-2024-4671: Use after free in Visuals
Monthly Archives: May 2024
unbound-1.20.0-1.fc39
Read Time:10 Second
FEDORA-2024-9df760819c
Packages in this update:
unbound-1.20.0-1.fc39
Update description:
Unbound 1.20.0
https://github.com/NLnetLabs/unbound/releases/tag/release-1.20.0
DNSBomb limitation fixes
unbound-1.20.0-1.fc40
Read Time:10 Second
FEDORA-2024-68626e0eb5
Packages in this update:
unbound-1.20.0-1.fc40
Update description:
Unbound 1.20.0
https://github.com/NLnetLabs/unbound/releases/tag/release-1.20.0
DNSBomb limitation fixes
Friday Squid Blogging: Squid Mating Strategies
Read Time:14 Second
Some squids are “consorts,” others are “sneakers.” The species is healthiest when individuals have different strategies randomly.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Read my blog posting guidelines here.
podman-5.0.3-1.fc40
Read Time:6 Second
FEDORA-2024-20393c122f
Packages in this update:
podman-5.0.3-1.fc40
Update description:
Security fix for CVE-2024-3727
New Attack Against Self-Driving Car AI
Read Time:1 Minute, 22 Second
This is another attack that convinces the AI to ignore road signs:
Due to the way CMOS cameras operate, rapidly changing light from fast flashing diodes can be used to vary the color. For example, the shade of red on a stop sign could look different on each line depending on the time between the diode flash and the line capture.
The result is the camera capturing an image full of lines that don’t quite match each other. The information is cropped and sent to the classifier, usually based on deep neural networks, for interpretation. Because it’s full of lines that don’t match, the classifier doesn’t recognize the image as a traffic sign.
So far, all of this has been demonstrated before.
Yet these researchers not only executed on the distortion of light, they did it repeatedly, elongating the length of the interference. This meant an unrecognizable image wasn’t just a single anomaly among many accurate images, but rather a constant unrecognizable image the classifier couldn’t assess, and a serious security concern.
[…]
The researchers developed two versions of a stable attack. The first was GhostStripe1, which is not targeted and does not require access to the vehicle, we’re told. It employs a vehicle tracker to monitor the victim’s real-time location and dynamically adjust the LED flickering accordingly.
GhostStripe2 is targeted and does require access to the vehicle, which could perhaps be covertly done by a hacker while the vehicle is undergoing maintenance. It involves placing a transducer on the power wire of the camera to detect framing moments and refine timing control.
Research paper.
buildah-1.35.4-1.fc39
Read Time:16 Second
FEDORA-2024-c56e6ff1b5
Packages in this update:
buildah-1.35.4-1.fc39
Update description:
Security fix for CVE-2024-3727
Automatic update for buildah-1.35.4-1.fc39.
Changelog for buildah
* Fri May 10 2024 Packit <hello@packit.dev> – 1.35.4-1
– Update to 1.35.4 upstream release
buildah-1.35.4-1.fc40
Read Time:16 Second
FEDORA-2024-77a0ab280f
Packages in this update:
buildah-1.35.4-1.fc40
Update description:
Security fix for CVE-2024-3727
Automatic update for buildah-1.35.4-1.fc40.
Changelog for buildah
* Fri May 10 2024 Packit <hello@packit.dev> – 1.35.4-1
– Update to 1.35.4 upstream release
UK’s AI Safety Institute Unveils Platform to Accelerate Safe AI Development
Read Time:6 Second
The UK’s open source AI safety evaluation platform, Inspect, is set to empower global collaboration for safer AI development
suricata-6.0.19-1.el9
Read Time:7 Second
FEDORA-EPEL-2024-e29578804c
Packages in this update:
suricata-6.0.19-1.el9
Update description:
This is a security and bug fix release.