Read Time:37 Second

FEDORA-2024-7908ee39a9

Packages in this update:

aws-24.0.0-3.fc41

Update description:

CVE-2024-41708: Ada Web Server did not use a cryptographically secure pseudorandom number generator.

AWS.Utils.Random and AWS.Utils.Random_String used Ada.Numerics.Discrete_Random, which is not designed to be cryptographically secure. Random_String also introduced a bias in the generated pseudorandom string values, where the values “1” and “2” had a much higher frequency than any other character.

The internal state of the Mersenne Twister PRNG could be revealed, and lead to a session hijacking attack.

This update fixes the problem by using /dev/urandom instead of Discrete_Random.

More details: https://docs.adacore.com/corp/security-advisories/SEC.AWS-0040-v2.pdf

Data Breach at MC2 Data Leaves 100 Million at Risk of Fraud

U.S. Indicts 2 Top Russian Hackers, Sanctions Cryptex

When UK rail stations’ Wi-Fi was defaced by hackers the only casualty was the truth

Over a Third of Employees Secretly Sharing Work Info with AI

CISA warns hackers targeting industrial systems with “unsophisticated methods” as claims made of Lebanon water hack

Cybercriminals Hack UK Rail Network Wi-Fi

First Mobile Crypto Drainer Found on Google Play

An Analysis of the EU’s Cyber Resilience Act

NIST Scraps Passwords Complexity and Mandatory Changes in New Guidelines

aws-24.0.0-3.fc41

FEDORA-2024-7908ee39a9

Packages in this update:

Update description:

USN-7045-1: libppd vulnerability

USN-7044-1: libcupsfilters vulnerability

USN-7043-1: cups-filters vulnerabilities

USN-7042-1: cups-browsed vulnerability

USN-7041-1: CUPS vulnerability

chromium-129.0.6668.70-1.fc41