83% of organizations use AI to generate code despite rising concerns from security leaders, found a Venafi survey
Monthly Archives: September 2024
USN-7017-1: Quagga vulnerability
Iggy Frankovic discovered that Quagga incorrectly handled certain BGP
messages. A remote attacker could possibly use this issue to cause Quagga
to crash, resulting in a denial of service.
USN-7016-1: FRR vulnerability
Iggy Frankovic discovered that FRR incorrectly handled certain BGP
messages. A remote attacker could possibly use this issue to cause FRR to
crash, resulting in a denial of service.
USN-7000-2: Expat vulnerabilities
USN-7000-1 fixed vulnerabilities in Expat. This update
provides the corresponding updates for Ubuntu 22.04 LTS.
Original advisory details:
Shang-Hung Wan discovered that Expat did not properly handle certain
function calls when a negative input length was provided. An attacker
could use this issue to cause a denial of service or possibly execute
arbitrary code. (CVE-2024-45490)
Shang-Hung Wan discovered that Expat did not properly handle the
potential for an integer overflow on 32-bit platforms. An attacker
could use this issue to cause a denial of service or possibly execute
arbitrary code. (CVE-2024-45491, CVE-2024-45492)
USN-7001-2: xmltok library vulnerabilities
USN-7001-1 fixed vulnerabilities in xmltol library. This update
provides the corresponding updates for Ubuntu 24.04 LTS.
Original advisory details:
Shang-Hung Wan discovered that Expat, contained within the xmltok library,
did not properly handle certain function calls when a negative input
length was provided. An attacker could use this issue to cause a denial of
service or possibly execute arbitrary code. (CVE-2024-45490)
Shang-Hung Wan discovered that Expat, contained within the xmltok library,
did not properly handle the potential for an integer overflow on 32-bit
platforms. An attacker could use this issue to cause a denial of service
or possibly execute arbitrary code. (CVE-2024-45491)
Singapore Launches Accelerator for International Cybersecurity Startups
The CyberBoost: Catalyse is supported by the Cyber Security Agency of Singapore, the National University of Singapore and UK-based innovation hub Plexal
chisel-1.10.0-1.fc39
FEDORA-2024-9b005962f9
Packages in this update:
chisel-1.10.0-1.fc39
Update description:
Update to new upstream version (closes rhbz#2303131)
Python Developers Targeted with Malware During Fake Job Interviews
Interesting social engineering attack: luring potential job applicants with fake recruiting pitches, trying to convince them to download malware. From a news article
These particular attacks from North Korean state-funded hacking team Lazarus Group are new, but the overall malware campaign against the Python development community has been running since at least August of 2023, when a number of popular open source Python tools were maliciously duplicated with added malware. Now, though, there are also attacks involving “coding tests” that only exist to get the end user to install hidden malware on their system (cleverly hidden with Base64 encoding) that allows remote execution once present. The capacity for exploitation at that point is pretty much unlimited, due to the flexibility of Python and how it interacts with the underlying OS.
chisel-1.10.0-1.fc40
FEDORA-2024-5aad2fda6a
Packages in this update:
chisel-1.10.0-1.fc40
Update description:
Update to new upstream version (closes rhbz#2303131)
chisel-1.10.0-1.fc41
FEDORA-2024-6b9aeecbe8
Packages in this update:
chisel-1.10.0-1.fc41
Update description:
Update to new upstream version (closes rhbz#2303131)