FEDORA-2025-19fabb2ca6
Packages in this update:
rust-zincati-0.0.30-1.fc42
Update description:
New upstream release v0.0.30 see: https://github.com/coreos/zincati/releases/tag/v0.0.30
rust-zincati-0.0.30-1.fc42
New upstream release v0.0.30 see: https://github.com/coreos/zincati/releases/tag/v0.0.30
bluez-5.80-1.fc42
iwd-3.4-1.fc42
libell-0.74-1.fc42
bluez 5.80:
Fix issue with handling address type for all types of keys.
Fix issue with handling maximum number of GATT channels.
Fix issue with handling MTU auto-tuning feature.
Fix issue with handling AVRCP volume in reconfigured transports.
Fix issue with handling VCP volume setting requests.
Fix issue with handling VCP connection management.
Fix issue with handling MAP qualification.
Fix issue with handling PBAP qualification.
Fix issue with handling BNEP qualification.
Add support for PreferredBearer device property.
Add support for SupportedTypes Message Access property.
Add support for HFP, A2DP, AVRCP, AVCTP and MAP latest versions.
iwd 3.4:
Add support for the Test Anything Protocol.
libell 0.74:
Add support for NIST P-192 curve usage with ECDH.
Add support for SHA-224 based checksums and HMACs.
libell 0.73:
Fix issue with parsing hwdb.bin child structures.
libell 0.72:
Add support for the Test Anything Protocol.
Cloudflare introduces E2E post-quantum cryptography, enhancing security against quantum threats
From March 17, Ofcom will enforce rules requiring tech platforms operating in the UK to remove illegal content, including child abuse material
dotnet9.0-9.0.104-1.fc40
This is the monthly update for .NET 9 for March 2025.
Release Notes:
SDK: https://github.com/dotnet/core/blob/main/release-notes/9.0/9.0.3/9.0.104.md
Runtime: https://github.com/dotnet/core/blob/main/release-notes/9.0/9.0.3/9.0.3.md
dotnet9.0-9.0.104-1.fc41
This is the monthly update for .NET 9 for March 2025.
Release Notes:
SDK: https://github.com/dotnet/core/blob/main/release-notes/9.0/9.0.3/9.0.104.md
Runtime: https://github.com/dotnet/core/blob/main/release-notes/9.0/9.0.3/9.0.3.md
dotnet9.0-9.0.104-1.fc42
This is the monthly update for .NET 9 for March 2025.
Release Notes:
SDK: https://github.com/dotnet/core/blob/main/release-notes/9.0/9.0.3/9.0.104.md
Runtime: https://github.com/dotnet/core/blob/main/release-notes/9.0/9.0.3/9.0.3.md
DarkAtlas researchers have uncovered a direct link between BlackLock and the Eldorado ransomware group, confirming a rebranded identity of the notorious threat actor
New paper: “GPU Assisted Brute Force Cryptanalysis of GPRS, GSM, RFID, and TETRA: Brute Force Cryptanalysis of KASUMI, SPECK, and TEA3.”
Abstract: Key lengths in symmetric cryptography are determined with respect to the brute force attacks with current technology. While nowadays at least 128-bit keys are recommended, there are many standards and real-world applications that use shorter keys. In order to estimate the actual threat imposed by using those short keys, precise estimates for attacks are crucial.
In this work we provide optimized implementations of several widely used algorithms on GPUs, leading to interesting insights on the cost of brute force attacks on several real-word applications.
In particular, we optimize KASUMI (used in GPRS/GSM),SPECK (used in RFID communication), andTEA3 (used in TETRA). Our best optimizations allow us to try 235.72, 236.72, and 234.71 keys per second on a single RTX 4090 GPU. Those results improve upon previous results significantly, e.g. our KASUMI implementation is more than 15 times faster than the optimizations given in the CRYPTO’24 paper [ACC+24] improving the main results of that paper by the same factor.
With these optimizations, in order to break GPRS/GSM, RFID, and TETRA communications in a year, one needs around 11.22 billion, and 1.36 million RTX 4090GPUs, respectively.
For KASUMI, the time-memory trade-off attacks of [ACC+24] can be performed with142 RTX 4090 GPUs instead of 2400 RTX 3090 GPUs or, when the same amount of GPUs are used, their table creation time can be reduced to 20.6 days from 348 days,crucial improvements for real world cryptanalytic tasks.
Attacks always get better; they never get worse. None of these is practical yet, and they might never be. But there are certainly more optimizations to come.
USN-7352-1 fixed a vulnerability in FreeType. This update provides the
corresponding updates for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. This
update also fixes an additional vulnerability in Ubuntu 14.04 LTS.
Original advisory details:
It was discovered that FreeType incorrectly handled certain memory
operations when parsing font subglyph structures. A remote attacker could
use this issue to cause FreeType to crash, resulting in a denial of
service, or possibly execute arbitrary code. This issue only affected
Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2025-27363)
Additional advisory details:
It was discovered that FreeType incorrectly handled certain memory
operations during typical execution. An attacker could possibly use
this issue to cause FreeType to crash, resulting in a denial of
service. This issue only affected Ubuntu 14.04 LTS. (CVE-2022-27406)