USN-7014-2: nginx vulnerability

Read Time:21 Second

USN-7014-1 fixed a vulnerability in nginx. This update provides the
corresponding updates for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.

Original advisory details:

It was discovered that the nginx ngx_http_mp4 module incorrectly handled
certain malformed mp4 files. In environments where the mp4 directive is in
use, a remote attacker could possibly use this issue to cause nginx to
crash, resulting in a denial of service.

Read More

The AI Fix #19: AI spy specs, robot dogs with ladders, and is it AI or the climate?

Read Time:31 Second

In episode 19 of “The AI Fix” podcast, Graham and Mark discover some AI podcast hosts having an existential crisis, a robot dog climbs another step towards world domination, Mark makes a gift for anyone working in tech support, and William Shatner chews through Lucy in the Sky with Diamonds.

Things can take a terrible turn when a pair of bored students think they’re Ethan Hunt, and Mark thinks that an underwater IKEA might be the silver lining to the climate crisis.

All this and much more is discussed in the latest edition of “The AI Fix” podcast by Graham Cluley and Mark Stockley.

Read More

China Possibly Hacking US “Lawful Access” Backdoor

Read Time:45 Second

The Wall Street Journal is reporting that Chinese hackers (Salt Typhoon) penetrated the networks of US broadband providers, and might have accessed the backdoors that the federal government uses to execute court-authorized wiretap requests. Those backdoors have been mandated by law—CALEA—since 1994.

It’s a weird story. The first line of the article is: “A cyberattack tied to the Chinese government penetrated the networks of a swath of U.S. broadband providers.” This implies that the attack wasn’t against the broadband providers directly, but against one of the intermediary companies that sit between the government CALEA requests and the broadband providers.

For years, the security community has pushed back against these backdoors, pointing out that the technical capability cannot differentiate between good guys and bad guys. And here is one more example of a backdoor access mechanism being targeted by the “wrong” eavesdroppers.

Other news stories.

Read More

buildah-1.37.4-1.fc41 podman-5.2.4-1.fc41

Read Time:28 Second

FEDORA-2024-2e8c63e8bf

Packages in this update:

buildah-1.37.4-1.fc41
podman-5.2.4-1.fc41

Update description:

Automatic update for buildah-1.37.4-1.fc41, podman-5.2.4-1.fc41.

Changelog for buildah

* Mon Oct 07 2024 Packit <hello@packit.dev> – 2:1.37.4-1
– Update to 1.37.4 upstream release

Changelog for podman

* Mon Oct 07 2024 Packit <hello@packit.dev> – 5:5.2.4-1
– Update to 5.2.4 upstream release

Fixes CVE-2024-9341 and CVE-2024-9407.

Read More