FEDORA-2024-c015cf3a38
Packages in this update:
tor-0.4.8.12-1.fc40
Update description:
update to latest upstream release https://forum.torproject.org/t/stable-release-0-4-8-12/13060
tor-0.4.8.12-1.fc40
update to latest upstream release https://forum.torproject.org/t/stable-release-0-4-8-12/13060
tor-0.4.8.12-1.el8
update to latest upstream release https://forum.torproject.org/t/stable-release-0-4-8-12/13060
pypy-7.3.16-2.fc41
Automatic update for pypy-7.3.16-2.fc41.
* Thu Aug 1 2024 Miro Hrončok <miro@hroncok.cz> – 7.3.16-2
– Security fix for CVE-2024-6345 (in bundled setuptools wheel)
– Fixes: rhbz#2298675
neatvnc-0.8.1-1.fc39
new version RHBZ #2302449,2302450
neatvnc-0.8.1-1.fc40
new version RHBZ #2302449,2302450
A newly discovered parasite that attacks squid eggs has been treated.
Here is an overview of the CIS Benchmarks that the Center for Internet Security updated or released for August 2024.
The UK’s ICO has identified children’s privacy concerns in 11 social media and video sharing platforms, warning of regulatory action if these issues are not addressed
The US Government Accountability Office has told the Environmental Protection Agency to urgently develop a strategy to tackle rising cyber-threats to the water industry
Here’s a disaster that didn’t happen:
Cybersecurity researchers from JFrog recently discovered a GitHub Personal Access Token in a public Docker container hosted on Docker Hub, which granted elevated access to the GitHub repositories of the Python language, Python Package Index (PyPI), and the Python Software Foundation (PSF).
JFrog discussed what could have happened:
The implications of someone finding this leaked token could be extremely severe. The holder of such a token would have had administrator access to all of Python’s, PyPI’s and Python Software Foundation’s repositories, supposedly making it possible to carry out an extremely large scale supply chain attack.
Various forms of supply chain attacks were possible in this scenario. One such possible attack would be hiding malicious code in CPython, which is a repository of some of the basic libraries which stand at the core of the Python programming language and are compiled from C code. Due to the popularity of Python, inserting malicious code that would eventually end up in Python’s distributables could mean spreading your backdoor to tens of millions of machines worldwide!