FEDORA-EPEL-2024-599b158d30
Packages in this update:
chromium-129.0.6668.100-1.el8
Update description:
Update to 129.0.6668.100
* CVE-2024-9602: Type Confusion in V8
* CVE-2024-9603: Type Confusion in V
chromium-129.0.6668.100-1.el8
Update to 129.0.6668.100
* CVE-2024-9602: Type Confusion in V8
* CVE-2024-9603: Type Confusion in V
chromium-129.0.6668.100-1.fc41
Update to 129.0.6668.100
* CVE-2024-9602: Type Confusion in V8
* CVE-2024-9603: Type Confusion in V
chromium-129.0.6668.100-1.fc40
Update to 129.0.6668.100
* CVE-2024-9602: Type Confusion in V8
* CVE-2024-9603: Type Confusion in V
chromium-129.0.6668.100-1.fc39
Update to 129.0.6668.100
* CVE-2024-9602: Type Confusion in V8
* CVE-2024-9603: Type Confusion in V
chromium-129.0.6668.100-1.el9
Update to 129.0.6668.100
* CVE-2024-9602: Type Confusion in V8
* CVE-2024-9603: Type Confusion in V
Access Now announced that the US Customs and Border Protection agency released records on its app following the NGO’s lawsuit
After retiring in 2014 from an uncharacteristically long tenure running the NSA (and US CyberCommand), Keith Alexander founded a cybersecurity company called IronNet. At the time, he claimed that it was based on IP he developed on his own time while still in the military. That always troubled me. Whatever ideas he had, they were developed on public time using public resources: he shouldn’t have been able to leave military service with them in his back pocket.
In any case, it was never clear what those ideas were. IronNet never seemed to have any special technology going for it. Near as I could tell, its success was entirely based on Alexander’s name.
Turns out there was nothing there. After some crazy VC investments and an IPO with a $3 billion “unicorn” valuation, the company has shut its doors. It went bankrupt a year ago—ceasing operations and firing everybody—and reemerged as a private company. It now seems to be gone for good, not having found anyone willing to buy it.
And—wow—the recriminations are just starting.
Last September the never-profitable company announced it was shutting down and firing its employees after running out of money, providing yet another example of a tech firm that faltered after failing to deliver on overhyped promises.
The firm’s crash has left behind a trail of bitter investors and former employees who remain angry at the company and believe it misled them about its financial health.
IronNet’s rise and fall also raises questions about the judgment of its well-credentialed leaders, a who’s who of the national security establishment. National security experts, former employees and analysts told The Associated Press that the firm collapsed, in part, because it engaged in questionable business practices, produced subpar products and services, and entered into associations that could have left the firm vulnerable to meddling by the Kremlin.
“I’m honestly ashamed that I was ever an executive at that company,” said Mark Berly, a former IronNet vice president. He said the company’s top leaders cultivated a culture of deceit “just like Theranos,” the once highly touted blood-testing firm that became a symbol of corporate fraud.
There has been one lawsuit. Presumably there will be more. I’m sure Alexander got plenty rich off his NSA career.
yarnpkg-1.22.22-4.fc41
Update bundled elliptic to fix CVE-2024-48949.
yarnpkg-1.22.22-4.fc40
Update bundled elliptic to fix CVE-2024-48949.
A new Sonatype report reveals a 156% surge in open source malware, with over 704,102 malicious packages identified since 2019, as OSS adoption continues to skyrocket