A report by the Canadian Centre for Cyber Security described China as the most sophisticated cyber threat to Canada, also identified India as an emerging threat
Daily Archives: October 31, 2024
polkit-125-1.fc41.1
FEDORA-2024-d2e583eab4
Packages in this update:
polkit-125-1.fc41.1
Update description:
Setting loglevels and target via LogControl now allowed to root only
https://github.com/polkit-org/polkit/issues/506
https://github.com/polkit-org/polkit/issues/507
USN-7076-2: Linux kernel vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– Microsoft Azure Network Adapter (MANA) driver;
– Watchdog drivers;
– Netfilter;
– Network traffic control;
(CVE-2024-45016, CVE-2024-38630, CVE-2024-45001, CVE-2024-27397)
North Korean Hackers Collaborate with Play Ransomware
Palo Alto Networks’ Unit 42 has observed the first-ever collaboration between North Korean-backed Jumpy Pisces and Play ransomware
USN-7021-5: Linux kernel vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– GPU drivers;
– BTRFS file system;
– F2FS file system;
– GFS2 file system;
– BPF subsystem;
– Netfilter;
– RxRPC session sockets;
– Integrity Measurement Architecture(IMA) framework;
(CVE-2024-27012, CVE-2024-38570, CVE-2024-42228, CVE-2024-41009,
CVE-2024-39494, CVE-2024-42160, CVE-2024-39496, CVE-2024-26677)
Government Sector Suffers 236% Surge in Malware Attacks
Malware-related attacks against global government organizations increased 236% year-on-year in Q1 2024, according to SonicWall
webkitgtk-2.46.3-1.fc40
FEDORA-2024-4d940908db
Packages in this update:
webkitgtk-2.46.3-1.fc40
Update description:
Update to WebKitGTK 2.46.3:
Flatten layers to a plane when preseve-3d style is set.
Fix DuckDuckGo links by adding a user agent quirk.
Fix several crashes and rendering issues.
Fixes: CVE-2024-44244, CVE-2024-44296
Changes from WebKitGTK 2.46.2:
Own well-known bus name on a11y bus.
Improve memory consumption when putImageData is used repeatedly on accelerated canvas.
Disable cached web process suspension for now to prevent leaks.
Improve text kerning with different combinations of antialias and hinting settings.
Destroy all network sessions on process exit.
Fix visible rectangle calculation when there are animations.
Fix the build with ENABLE_NOTIFICATIONS=OFF.
Fix several crashes and rendering issues.
webkitgtk-2.46.3-1.fc41
FEDORA-2024-4e0b4ce6ad
Packages in this update:
webkitgtk-2.46.3-1.fc41
Update description:
Update to WebKitGTK 2.46.3:
Flatten layers to a plane when preseve-3d style is set.
Fix DuckDuckGo links by adding a user agent quirk.
Fix several crashes and rendering issues.
Fixes: CVE-2024-44244, CVE-2024-44296
Changes from WebKitGTK 2.46.2:
Own well-known bus name on a11y bus.
Improve memory consumption when putImageData is used repeatedly on accelerated canvas.
Disable cached web process suspension for now to prevent leaks.
Improve text kerning with different combinations of antialias and hinting settings.
Destroy all network sessions on process exit.
Fix visible rectangle calculation when there are animations.
Fix the build with ENABLE_NOTIFICATIONS=OFF.
Fix several crashes and rendering issues.
webkitgtk-2.46.3-1.fc39
FEDORA-2024-0f8a88da75
Packages in this update:
webkitgtk-2.46.3-1.fc39
Update description:
Update to WebKitGTK 2.46.3:
Flatten layers to a plane when preseve-3d style is set.
Fix DuckDuckGo links by adding a user agent quirk.
Fix several crashes and rendering issues.
Fixes: CVE-2024-44244, CVE-2024-44296
Changes from WebKitGTK 2.46.2:
Own well-known bus name on a11y bus.
Improve memory consumption when putImageData is used repeatedly on accelerated canvas.
Disable cached web process suspension for now to prevent leaks.
Improve text kerning with different combinations of antialias and hinting settings.
Destroy all network sessions on process exit.
Fix visible rectangle calculation when there are animations.
Fix the build with ENABLE_NOTIFICATIONS=OFF.
Fix several crashes and rendering issues.
Smashing Security podcast #391: The secret Strava service, deepfakes, and crocodiles
In this week’s episode your hosts practice standing on one leg, Carole gives Graham a deepfake quiz, and we investigate how Strava may be exposing the movements of world leaders.
All this and more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault.