Read Time:4 Second
Researchers discover mobile crypto drainer malware hidden in WalletConnect app garnering 10,000 downloads
USN-7039-1: Linux kernel vulnerabilities
Read Time:42 Second
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– GPU drivers;
– Input Device (Tablet) drivers;
– Modular ISDN driver;
– Multiple devices driver;
– Network drivers;
– Near Field Communication (NFC) drivers;
– SCSI drivers;
– GCT GDM724x LTE driver;
– USB subsystem;
– VFIO drivers;
– GFS2 file system;
– JFS file system;
– NILFS2 file system;
– Networking core;
– IPv4 networking;
– L2TP protocol;
– Netfilter;
– RxRPC session sockets;
(CVE-2024-26651, CVE-2024-38583, CVE-2023-52527, CVE-2024-26880,
CVE-2022-48850, CVE-2024-26733, CVE-2021-47188, CVE-2024-42154,
CVE-2023-52809, CVE-2024-42228, CVE-2022-48863, CVE-2022-48836,
CVE-2022-48838, CVE-2024-26677, CVE-2024-27437, CVE-2022-48857,
CVE-2022-48791, CVE-2021-47181, CVE-2024-26851, CVE-2024-40902,
CVE-2022-48851, CVE-2024-38570)
aws-24.0.0-3.fc41
Read Time:37 Second
FEDORA-2024-7908ee39a9
Packages in this update:
aws-24.0.0-3.fc41
Update description:
CVE-2024-41708: Ada Web Server did not use a cryptographically secure pseudorandom number generator.
AWS.Utils.Random and AWS.Utils.Random_String used Ada.Numerics.Discrete_Random, which is not designed to be cryptographically secure. Random_String also introduced a bias in the generated pseudorandom string values, where the values “1” and “2” had a much higher frequency than any other character.
The internal state of the Mersenne Twister PRNG could be revealed, and lead to a session hijacking attack.
This update fixes the problem by using /dev/urandom instead of Discrete_Random.
More details: https://docs.adacore.com/corp/security-advisories/SEC.AWS-0040-v2.pdf
USN-7021-3: Linux kernel vulnerabilities
Read Time:22 Second
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– GPU drivers;
– BTRFS file system;
– F2FS file system;
– GFS2 file system;
– BPF subsystem;
– Netfilter;
– RxRPC session sockets;
– Integrity Measurement Architecture(IMA) framework;
(CVE-2024-39494, CVE-2024-38570, CVE-2024-27012, CVE-2024-39496,
CVE-2024-42160, CVE-2024-41009, CVE-2024-42228, CVE-2024-26677)
aws-24.0.0-3.fc42
Read Time:18 Second
FEDORA-2024-b87003097a
Packages in this update:
aws-24.0.0-3.fc42
Update description:
Automatic update for aws-24.0.0-3.fc42.
Changelog
* Thu Sep 26 2024 Björn Persson <Bjorn@Rombobjörn.se> – 2:24.0.0-3
– Fixed to use /dev/urandom instead of a non-cryptographic PRNG.
Resolves: CVE-2024-41708 (RHBZ#2314766)
An Analysis of the EU’s Cyber Resilience Act
cjson-1.7.18-1.el9
Read Time:9 Second
FEDORA-EPEL-2024-bd0299dfc8
Packages in this update:
cjson-1.7.18-1.el9
Update description:
Update to new upstream version (closes rhbz#2237124)
Fix rhbz#2277268, closes rhbz#2277269
NIST Scraps Passwords Complexity and Mandatory Changes in New Guidelines
Read Time:4 Second
The institute no longer requires regular password changes unless the authenticator has been compromised
USN-7020-3: Linux kernel vulnerabilities
Read Time:18 Second
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– GPU drivers;
– Network drivers;
– SCSI drivers;
– F2FS file system;
– BPF subsystem;
– IPv4 networking;
(CVE-2024-42160, CVE-2024-42159, CVE-2024-42224, CVE-2024-41009,
CVE-2024-42154, CVE-2024-42228)
USN-7034-2: ca-certificates update
Read Time:16 Second
USN-7034-1 updated ca-certificates. This update provides
the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.
Original advisory details:
The ca-certificates package contained outdated CA certificates.
This update refreshes the included certificates to those contained
in the 2.64 version of the Mozilla certificate authority bundle.