Malware-related attacks against global government organizations increased 236% year-on-year in Q1 2024, according to SonicWall
Daily Archives: October 31, 2024
webkitgtk-2.46.3-1.fc40
FEDORA-2024-4d940908db
Packages in this update:
webkitgtk-2.46.3-1.fc40
Update description:
Update to WebKitGTK 2.46.3:
Flatten layers to a plane when preseve-3d style is set.
Fix DuckDuckGo links by adding a user agent quirk.
Fix several crashes and rendering issues.
Fixes: CVE-2024-44244, CVE-2024-44296
Changes from WebKitGTK 2.46.2:
Own well-known bus name on a11y bus.
Improve memory consumption when putImageData is used repeatedly on accelerated canvas.
Disable cached web process suspension for now to prevent leaks.
Improve text kerning with different combinations of antialias and hinting settings.
Destroy all network sessions on process exit.
Fix visible rectangle calculation when there are animations.
Fix the build with ENABLE_NOTIFICATIONS=OFF.
Fix several crashes and rendering issues.
webkitgtk-2.46.3-1.fc41
FEDORA-2024-4e0b4ce6ad
Packages in this update:
webkitgtk-2.46.3-1.fc41
Update description:
Update to WebKitGTK 2.46.3:
Flatten layers to a plane when preseve-3d style is set.
Fix DuckDuckGo links by adding a user agent quirk.
Fix several crashes and rendering issues.
Fixes: CVE-2024-44244, CVE-2024-44296
Changes from WebKitGTK 2.46.2:
Own well-known bus name on a11y bus.
Improve memory consumption when putImageData is used repeatedly on accelerated canvas.
Disable cached web process suspension for now to prevent leaks.
Improve text kerning with different combinations of antialias and hinting settings.
Destroy all network sessions on process exit.
Fix visible rectangle calculation when there are animations.
Fix the build with ENABLE_NOTIFICATIONS=OFF.
Fix several crashes and rendering issues.
webkitgtk-2.46.3-1.fc39
FEDORA-2024-0f8a88da75
Packages in this update:
webkitgtk-2.46.3-1.fc39
Update description:
Update to WebKitGTK 2.46.3:
Flatten layers to a plane when preseve-3d style is set.
Fix DuckDuckGo links by adding a user agent quirk.
Fix several crashes and rendering issues.
Fixes: CVE-2024-44244, CVE-2024-44296
Changes from WebKitGTK 2.46.2:
Own well-known bus name on a11y bus.
Improve memory consumption when putImageData is used repeatedly on accelerated canvas.
Disable cached web process suspension for now to prevent leaks.
Improve text kerning with different combinations of antialias and hinting settings.
Destroy all network sessions on process exit.
Fix visible rectangle calculation when there are animations.
Fix the build with ENABLE_NOTIFICATIONS=OFF.
Fix several crashes and rendering issues.
Smashing Security podcast #391: The secret Strava service, deepfakes, and crocodiles
In this week’s episode your hosts practice standing on one leg, Carole gives Graham a deepfake quiz, and we investigate how Strava may be exposing the movements of world leaders.
All this and more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault.
Over 80% of US Small Businesses Have Been Breached
ITRC data finds 81% of US small businesses have suffered a data or security breach over the past year
USN-7086-1: Firefox vulnerabilities
Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code. (CVE-2024-10458
CVE-2024-10459, CVE-2024-10460, CVE-2024-10461, CVE-2024-10462,
CVE-2024-10463, CVE-2024-10464, CVE-2024-10465, CVE-2024-10466,
CVE-2024-10467, CVE-2024-10468)
USN-7087-1: libarchive vulnerability
It was discovered that libarchive incorrectly handled certain RAR archive
files. If a user or automated system were tricked into processing a
specially crafted RAR archive, an attacker could use this issue to cause
libarchive to crash, resulting in a denial of service, or possibly execute
arbitrary code.
ZDI-CAN-24985: Hewlett Packard Enterprise
A CVSS score 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Anonymous’ was reported to the affected vendor on: 2024-10-31, 0 days ago. The vendor is given until 2025-02-28 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
DSA-5801-1 firefox-esr – security update
Multiple security issues have been found in the Mozilla Firefox web
browser, which could potentially result in the execution of arbitrary
code, cross-site scripting, spoofing or information disclosure.