Read Time:8 Second
The US government has issued guidance for federal agencies on the use of Traffic Light Protocol, designed to boost intelligence sharing with the cybersecurity community
Daily Archives: October 23, 2024
thunderbird-128.3.3-1.fc41
Read Time:27 Second
FEDORA-2024-a078d86829
Packages in this update:
thunderbird-128.3.3-1.fc41
Update description:
Update to 128.3.3
https://www.thunderbird.net/en-US/thunderbird/128.3.3esr/releasenotes/
Update to 128.3.2
https://www.thunderbird.net/en-US/thunderbird/128.3.2esr/releasenotes/
Update to 128.3.1
https://www.thunderbird.net/en-US/thunderbird/128.3.1esr/releasenotes/
Update to 128.3.0
https://www.mozilla.org/en-US/security/advisories/mfsa2024-49/
https://www.thunderbird.net/en-US/thunderbird/128.3.0esr/releasenotes/
UK Government Weighs Review of Computer Misuse Act to Combat Cybercrime
Read Time:7 Second
The British Minister for Security Dan Jarvis said at Recorded Future’s Predict 2024 that the new government was considering reforming the 1990 legislation
US Energy Sector Vulnerable to Supply Chain Attacks
Read Time:8 Second
45% of security breaches in the energy sector in the past year were third-party related, according to a report by Security Scorecard and KPMG
USN-7082-1: libheif vulnerability
Read Time:16 Second
Gerrard Tai discovered that libheif did not properly validate certain
images, leading to out-of-bounds read and write vulnerability. If a user
or automated system were tricked into opening a specially crafted file, an
attacker could possibly use this issue to cause a denial of service or to
obtain sensitive information.
ZDI-24-1421: VMware HCX listExtensions SQL Injection Remote Code Execution Vulnerability
Read Time:12 Second
This vulnerability allows remote attackers to execute arbitrary code on affected installations of VMware HCX. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2024-38814.
USN-7081-1: Go vulnerabilities
Read Time:47 Second
It was discovered that the Go net/http module did not properly handle
responses to requests with an “Expect: 100-continue” header under certain
circumstances. An attacker could possibly use this issue to cause a denial
of service. (CVE-2024-24791)
It was discovered that the Go parser module did not properly handle deeply
nested literal values. An attacker could possibly use this issue to cause
a panic resulting in a denial of service. (CVE-2024-34155)
It was discovered that the Go encoding/gob module did not properly handle
message decoding under certain circumstances. An attacker could possibly
use this issue to cause a panic resulting in a denial of service.
(CVE-2024-34156)
It was discovered that the Go build module did not properly handle certain
build tag lines with deeply nested expressions. An attacker could possibly
use this issue to cause a panic resulting in a denial of service.
(CVE-2024-34158)