Read Time:10 Second
FEDORA-2025-19fabb2ca6
Packages in this update:
rust-zincati-0.0.30-1.fc42
Update description:
New upstream release v0.0.30 see: https://github.com/coreos/zincati/releases/tag/v0.0.30
bluez-5.80-1.fc42 iwd-3.4-1.fc42 libell-0.74-1.fc42
Read Time:52 Second
FEDORA-2025-35347bf9f0
Packages in this update:
bluez-5.80-1.fc42
iwd-3.4-1.fc42
libell-0.74-1.fc42
Update description:
bluez 5.80:
Fix issue with handling address type for all types of keys.
Fix issue with handling maximum number of GATT channels.
Fix issue with handling MTU auto-tuning feature.
Fix issue with handling AVRCP volume in reconfigured transports.
Fix issue with handling VCP volume setting requests.
Fix issue with handling VCP connection management.
Fix issue with handling MAP qualification.
Fix issue with handling PBAP qualification.
Fix issue with handling BNEP qualification.
Add support for PreferredBearer device property.
Add support for SupportedTypes Message Access property.
Add support for HFP, A2DP, AVRCP, AVCTP and MAP latest versions.
iwd 3.4:
Add support for the Test Anything Protocol.
libell 0.74:
Add support for NIST P-192 curve usage with ECDH.
Add support for SHA-224 based checksums and HMACs.
libell 0.73:
Fix issue with parsing hwdb.bin child structures.
libell 0.72:
Add support for the Test Anything Protocol.
Cloudflare Introduces E2E Post-Quantum Cryptography Protections
Read Time:3 Second
Cloudflare introduces E2E post-quantum cryptography, enhancing security against quantum threats
UK’s Online Safety Act: Ofcom Can Now Issue Sanctions
Read Time:7 Second
From March 17, Ofcom will enforce rules requiring tech platforms operating in the UK to remove illegal content, including child abuse material
dotnet9.0-9.0.104-1.fc40
Read Time:20 Second
FEDORA-2025-78dcffbaa1
Packages in this update:
dotnet9.0-9.0.104-1.fc40
Update description:
This is the monthly update for .NET 9 for March 2025.
Release Notes:
SDK: https://github.com/dotnet/core/blob/main/release-notes/9.0/9.0.3/9.0.104.md
Runtime: https://github.com/dotnet/core/blob/main/release-notes/9.0/9.0.3/9.0.3.md
dotnet9.0-9.0.104-1.fc41
Read Time:20 Second
FEDORA-2025-2edd9dc83b
Packages in this update:
dotnet9.0-9.0.104-1.fc41
Update description:
This is the monthly update for .NET 9 for March 2025.
Release Notes:
SDK: https://github.com/dotnet/core/blob/main/release-notes/9.0/9.0.3/9.0.104.md
Runtime: https://github.com/dotnet/core/blob/main/release-notes/9.0/9.0.3/9.0.3.md
dotnet9.0-9.0.104-1.fc42
Read Time:20 Second
FEDORA-2025-a4aedd0b23
Packages in this update:
dotnet9.0-9.0.104-1.fc42
Update description:
This is the monthly update for .NET 9 for March 2025.
Release Notes:
SDK: https://github.com/dotnet/core/blob/main/release-notes/9.0/9.0.3/9.0.104.md
Runtime: https://github.com/dotnet/core/blob/main/release-notes/9.0/9.0.3/9.0.3.md
Researchers Confirm BlackLock as Eldorado Rebrand
Read Time:7 Second
DarkAtlas researchers have uncovered a direct link between BlackLock and the Eldorado ransomware group, confirming a rebranded identity of the notorious threat actor
Improvements in Brute Force Attacks
Read Time:1 Minute, 30 Second
New paper: “GPU Assisted Brute Force Cryptanalysis of GPRS, GSM, RFID, and TETRA: Brute Force Cryptanalysis of KASUMI, SPECK, and TEA3.”
Abstract: Key lengths in symmetric cryptography are determined with respect to the brute force attacks with current technology. While nowadays at least 128-bit keys are recommended, there are many standards and real-world applications that use shorter keys. In order to estimate the actual threat imposed by using those short keys, precise estimates for attacks are crucial.
In this work we provide optimized implementations of several widely used algorithms on GPUs, leading to interesting insights on the cost of brute force attacks on several real-word applications.
In particular, we optimize KASUMI (used in GPRS/GSM),SPECK (used in RFID communication), andTEA3 (used in TETRA). Our best optimizations allow us to try 235.72, 236.72, and 234.71 keys per second on a single RTX 4090 GPU. Those results improve upon previous results significantly, e.g. our KASUMI implementation is more than 15 times faster than the optimizations given in the CRYPTO’24 paper [ACC+24] improving the main results of that paper by the same factor.
With these optimizations, in order to break GPRS/GSM, RFID, and TETRA communications in a year, one needs around 11.22 billion, and 1.36 million RTX 4090GPUs, respectively.
For KASUMI, the time-memory trade-off attacks of [ACC+24] can be performed with142 RTX 4090 GPUs instead of 2400 RTX 3090 GPUs or, when the same amount of GPUs are used, their table creation time can be reduced to 20.6 days from 348 days,crucial improvements for real world cryptanalytic tasks.
Attacks always get better; they never get worse. None of these is practical yet, and they might never be. But there are certainly more optimizations to come.
USN-7352-2: FreeType vulnerabilities
Read Time:42 Second
USN-7352-1 fixed a vulnerability in FreeType. This update provides the
corresponding updates for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. This
update also fixes an additional vulnerability in Ubuntu 14.04 LTS.
Original advisory details:
It was discovered that FreeType incorrectly handled certain memory
operations when parsing font subglyph structures. A remote attacker could
use this issue to cause FreeType to crash, resulting in a denial of
service, or possibly execute arbitrary code. This issue only affected
Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2025-27363)
Additional advisory details:
It was discovered that FreeType incorrectly handled certain memory
operations during typical execution. An attacker could possibly use
this issue to cause FreeType to crash, resulting in a denial of
service. This issue only affected Ubuntu 14.04 LTS. (CVE-2022-27406)