Read Time:6 Second
Two Woffice theme vulnerabilities have been identified that allow attackers to gain unauthorized access and control of unpatched websites
USN-7154-1: Linux kernel vulnerabilities
Read Time:8 Minute, 5 Second
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– ARM64 architecture;
– MIPS architecture;
– PowerPC architecture;
– RISC-V architecture;
– S390 architecture;
– User-Mode Linux (UML);
– x86 architecture;
– Block layer subsystem;
– Android drivers;
– ATM drivers;
– Drivers core;
– Ublk userspace block driver;
– Bluetooth drivers;
– Character device driver;
– Hardware crypto device drivers;
– Buffer Sharing and Synchronization framework;
– DMA engine subsystem;
– Qualcomm firmware drivers;
– GPIO subsystem;
– GPU drivers;
– HID subsystem;
– Hardware monitoring drivers;
– I2C subsystem;
– I3C subsystem;
– IIO subsystem;
– InfiniBand drivers;
– Input Device core drivers;
– Input Device (Miscellaneous) drivers;
– IOMMU subsystem;
– IRQ chip drivers;
– LED subsystem;
– Mailbox framework;
– Multiple devices driver;
– Media drivers;
– Fastrpc Driver;
– VMware VMCI Driver;
– MMC subsystem;
– Ethernet bonding driver;
– Network drivers;
– Mellanox network drivers;
– Microsoft Azure Network Adapter (MANA) driver;
– Near Field Communication (NFC) drivers;
– NVME drivers;
– Device tree and open firmware driver;
– Parport drivers;
– PCI subsystem;
– Pin controllers subsystem;
– x86 platform drivers;
– Power supply drivers;
– Remote Processor subsystem;
– S/390 drivers;
– SCSI subsystem;
– QCOM SoC drivers;
– SPI subsystem;
– Direct Digital Synthesis drivers;
– Thunderbolt and USB4 drivers;
– TTY drivers;
– UFS subsystem;
– Userspace I/O drivers;
– DesignWare USB3 driver;
– USB Gadget drivers;
– USB Host Controller drivers;
– USB Type-C Connector System Software Interface driver;
– USB over IP driver;
– Virtio Host (VHOST) subsystem;
– Framebuffer layer;
– Xen hypervisor drivers;
– File systems infrastructure;
– BTRFS file system;
– Ext4 file system;
– F2FS file system;
– JFS file system;
– Network file systems library;
– Network file system (NFS) client;
– Network file system (NFS) server daemon;
– NILFS2 file system;
– File system notification infrastructure;
– NTFS3 file system;
– Proc file system;
– SMB network file system;
– Tracing file system;
– Bitmap API;
– BPF subsystem;
– Memory Management;
– Objagg library;
– Perf events;
– Virtio network driver;
– VMware vSockets driver;
– KCM (Kernel Connection Multiplexor) sockets driver;
– Control group (cgroup);
– DMA mapping infrastructure;
– Locking primitives;
– Padata parallel execution mechanism;
– Scheduler infrastructure;
– Tracing infrastructure;
– Radix Tree data structure library;
– Kernel userspace event delivery library;
– KUnit for arithmetic overflow checks;
– Memory management;
– Bluetooth subsystem;
– Ethernet bridge;
– CAN network layer;
– Networking core;
– Ethtool driver;
– IPv4 networking;
– IPv6 networking;
– MAC80211 subsystem;
– Multipath TCP;
– Netfilter;
– Network traffic control;
– SCTP protocol;
– TIPC protocol;
– Wireless networking;
– AppArmor security module;
– Landlock security;
– SELinux security module;
– Simplified Mandatory Access Control Kernel framework;
– FireWire sound drivers;
– AMD SoC Alsa drivers;
– Texas InstrumentS Audio (ASoC/HDA) drivers;
– SoC Audio for Freescale CPUs drivers;
– Intel ASoC drivers;
– Amlogic Meson SoC drivers;
– SoC audio core drivers;
– USB sound devices;
– Real-Time Linux Analysis tools;
(CVE-2024-46783, CVE-2024-44960, CVE-2024-46743, CVE-2024-45009,
CVE-2024-43820, CVE-2024-43888, CVE-2024-45010, CVE-2024-43839,
CVE-2024-42304, CVE-2024-43846, CVE-2024-42258, CVE-2024-45005,
CVE-2024-46709, CVE-2024-46774, CVE-2024-43883, CVE-2024-43859,
CVE-2024-46721, CVE-2024-44944, CVE-2024-43913, CVE-2024-43843,
CVE-2024-43845, CVE-2024-45018, CVE-2024-43909, CVE-2024-46755,
CVE-2024-42284, CVE-2024-42301, CVE-2024-46779, CVE-2024-44971,
CVE-2024-46711, CVE-2024-43889, CVE-2024-46842, CVE-2024-44978,
CVE-2024-46803, CVE-2024-42277, CVE-2024-43892, CVE-2024-45019,
CVE-2024-44988, CVE-2024-46798, CVE-2024-44995, CVE-2024-43860,
CVE-2024-46762, CVE-2024-43831, CVE-2024-44990, CVE-2024-46845,
CVE-2024-46765, CVE-2024-45012, CVE-2024-44975, CVE-2024-46770,
CVE-2024-46802, CVE-2024-44970, CVE-2024-46691, CVE-2024-43833,
CVE-2024-43876, CVE-2024-42292, CVE-2024-42291, CVE-2024-43891,
CVE-2024-46788, CVE-2024-44938, CVE-2024-46710, CVE-2024-42272,
CVE-2024-43868, CVE-2024-43875, CVE-2024-45030, CVE-2024-46689,
CVE-2024-46859, CVE-2024-46795, CVE-2024-46683, CVE-2024-44999,
CVE-2024-44942, CVE-2024-47669, CVE-2024-42318, CVE-2024-43911,
CVE-2024-46693, CVE-2024-42296, CVE-2024-43894, CVE-2024-45002,
CVE-2024-46673, CVE-2024-46852, CVE-2024-45001, CVE-2024-43907,
CVE-2024-42319, CVE-2024-44972, CVE-2024-43905, CVE-2024-45028,
CVE-2024-46816, CVE-2024-46847, CVE-2024-46834, CVE-2024-44982,
CVE-2024-46807, CVE-2024-44948, CVE-2024-46685, CVE-2024-46811,
CVE-2024-42317, CVE-2024-43818, CVE-2024-46786, CVE-2024-43881,
CVE-2024-42294, CVE-2024-46708, CVE-2024-42285, CVE-2024-44941,
CVE-2024-43823, CVE-2024-46694, CVE-2024-46730, CVE-2024-42259,
CVE-2024-42270, CVE-2024-47658, CVE-2024-46718, CVE-2024-44947,
CVE-2024-46701, CVE-2024-43895, CVE-2024-43890, CVE-2024-46826,
CVE-2024-46687, CVE-2024-46768, CVE-2024-45025, CVE-2024-42267,
CVE-2024-42263, CVE-2024-44958, CVE-2024-44989, CVE-2024-43906,
CVE-2024-43869, CVE-2024-43887, CVE-2024-42297, CVE-2024-46702,
CVE-2024-42320, CVE-2024-42322, CVE-2024-46857, CVE-2024-43861,
CVE-2024-45008, CVE-2024-44969, CVE-2024-46821, CVE-2024-44967,
CVE-2024-43914, CVE-2024-46870, CVE-2024-46781, CVE-2024-43842,
CVE-2024-47665, CVE-2024-46753, CVE-2024-43866, CVE-2024-43886,
CVE-2024-44939, CVE-2024-42312, CVE-2024-46864, CVE-2024-46695,
CVE-2024-46818, CVE-2024-45006, CVE-2024-43841, CVE-2024-46703,
CVE-2024-46749, CVE-2024-44986, CVE-2024-46717, CVE-2024-42273,
CVE-2024-43856, CVE-2024-46777, CVE-2024-44984, CVE-2024-46719,
CVE-2024-46858, CVE-2024-43821, CVE-2024-46750, CVE-2024-43829,
CVE-2024-43817, CVE-2024-42281, CVE-2024-42287, CVE-2024-45007,
CVE-2024-46793, CVE-2024-45003, CVE-2024-45011, CVE-2024-47683,
CVE-2024-44934, CVE-2024-46722, CVE-2024-46860, CVE-2024-42314,
CVE-2024-46675, CVE-2024-43899, CVE-2024-46752, CVE-2024-46851,
CVE-2024-42310, CVE-2024-46853, CVE-2024-39472, CVE-2024-43837,
CVE-2024-45021, CVE-2024-46713, CVE-2024-44943, CVE-2024-46787,
CVE-2024-43893, CVE-2024-44946, CVE-2024-45026, CVE-2024-44996,
CVE-2024-46761, CVE-2024-46723, CVE-2024-42311, CVE-2024-42316,
CVE-2024-47663, CVE-2024-44940, CVE-2024-43867, CVE-2024-42265,
CVE-2024-44950, CVE-2024-46867, CVE-2024-45020, CVE-2024-46707,
CVE-2024-44966, CVE-2024-42309, CVE-2024-46767, CVE-2024-46758,
CVE-2024-46732, CVE-2024-42262, CVE-2024-46778, CVE-2024-43884,
CVE-2024-44991, CVE-2024-47668, CVE-2024-46698, CVE-2024-46825,
CVE-2024-42302, CVE-2024-46716, CVE-2024-46726, CVE-2024-43870,
CVE-2024-42307, CVE-2024-46830, CVE-2024-43910, CVE-2024-46735,
CVE-2024-43828, CVE-2024-43904, CVE-2024-44965, CVE-2024-46831,
CVE-2024-44979, CVE-2024-44961, CVE-2024-46771, CVE-2024-46844,
CVE-2024-46871, CVE-2024-43877, CVE-2024-46746, CVE-2024-44987,
CVE-2024-46676, CVE-2024-46766, CVE-2024-46731, CVE-2024-46810,
CVE-2024-46806, CVE-2024-45000, CVE-2024-42313, CVE-2024-45015,
CVE-2024-46784, CVE-2024-43834, CVE-2024-46737, CVE-2024-46797,
CVE-2024-43908, CVE-2024-46724, CVE-2024-44980, CVE-2024-43847,
CVE-2024-46679, CVE-2024-46681, CVE-2024-43819, CVE-2024-46776,
CVE-2024-44954, CVE-2024-45022, CVE-2024-46819, CVE-2024-46775,
CVE-2024-43824, CVE-2024-44953, CVE-2024-46759, CVE-2024-43873,
CVE-2024-46756, CVE-2024-42303, CVE-2024-46738, CVE-2024-42290,
CVE-2024-42295, CVE-2024-43849, CVE-2024-44931, CVE-2024-46741,
CVE-2024-43863, CVE-2024-44974, CVE-2024-46829, CVE-2024-44959,
CVE-2024-42315, CVE-2024-44983, CVE-2024-46715, CVE-2024-46697,
CVE-2024-43850, CVE-2024-46728, CVE-2024-44963, CVE-2024-46823,
CVE-2024-46692, CVE-2024-46760, CVE-2024-46705, CVE-2024-42261,
CVE-2024-42321, CVE-2024-46785, CVE-2024-46686, CVE-2024-49984,
CVE-2024-46706, CVE-2024-45029, CVE-2024-46809, CVE-2024-43827,
CVE-2024-44998, CVE-2024-47667, CVE-2024-43835, CVE-2024-46866,
CVE-2024-46841, CVE-2024-42286, CVE-2024-43852, CVE-2024-43832,
CVE-2024-46773, CVE-2024-46817, CVE-2024-46868, CVE-2024-46812,
CVE-2024-47660, CVE-2024-46725, CVE-2024-42288, CVE-2024-46824,
CVE-2024-42269, CVE-2024-44957, CVE-2024-45017, CVE-2024-46747,
CVE-2024-47662, CVE-2024-46843, CVE-2024-46849, CVE-2024-43879,
CVE-2024-46751, CVE-2024-42298, CVE-2024-46861, CVE-2024-44993,
CVE-2024-46729, CVE-2024-46846, CVE-2024-46794, CVE-2024-43826,
CVE-2024-44973, CVE-2024-46672, CVE-2024-44985, CVE-2024-46815,
CVE-2024-46822, CVE-2024-46754, CVE-2024-43854, CVE-2024-42278,
CVE-2024-46720, CVE-2024-46677, CVE-2024-46854, CVE-2024-43840,
CVE-2024-43830, CVE-2024-46804, CVE-2024-45013, CVE-2024-46782,
CVE-2024-46840, CVE-2024-44977, CVE-2024-46838, CVE-2024-42264,
CVE-2024-47661, CVE-2024-43857, CVE-2023-52918, CVE-2024-44935,
CVE-2024-46739, CVE-2024-43825, CVE-2024-43864, CVE-2024-47659,
CVE-2024-42260, CVE-2024-44962, CVE-2024-46835, CVE-2024-43871,
CVE-2024-47674, CVE-2024-46827, CVE-2024-42283, CVE-2024-42299,
CVE-2024-46714, CVE-2024-46740, CVE-2024-46680, CVE-2024-46791,
CVE-2024-43912, CVE-2024-46813, CVE-2024-46733, CVE-2024-47664,
CVE-2024-42279, CVE-2024-46850, CVE-2024-42289, CVE-2024-46808,
CVE-2024-43880, CVE-2024-46832, CVE-2024-42276, CVE-2024-44937,
CVE-2024-42274, CVE-2024-46772, CVE-2024-47666, CVE-2024-44956,
CVE-2024-46763, CVE-2024-46805, CVE-2023-52889, CVE-2024-46678,
CVE-2024-43902, CVE-2024-46757, CVE-2024-46792, CVE-2024-42268,
CVE-2024-43853, CVE-2024-45027, CVE-2024-42305, CVE-2024-46828,
CVE-2024-43900, CVE-2024-46848, CVE-2024-46814, CVE-2024-46855,
CVE-2024-46727, CVE-2024-46836, CVE-2024-46744, CVE-2024-46780,
CVE-2024-46745, CVE-2024-42306)
subversion-1.14.5-1.fc41
Read Time:22 Second
FEDORA-2024-93e88b1c0d
Packages in this update:
subversion-1.14.5-1.fc41
Update description:
This release contains a fix for a security issue: CVE-2024-46901
See https://subversion.apache.org/security/CVE-2024-46901-advisory.txt for more information.
Changes in this release are:
Fix printf-format build warnings in swig-rb (r1921264)
Add a regression test for CVE-2024-45720 (r1921266)
Make swig-py compatible with SWIG 4.3.0 (r1921505)
Remcos RAT Malware Evolves with New Techniques
Read Time:7 Second
Cyber-attacks involving Remcos RAT surged in Q3 2024, enabling attackers to control victim machines remotely, steal data and carry out espionage
USN-7153-1: PHP vulnerability
Read Time:11 Second
It was discovered that PHP incorrectly handled long string inputs
in two database drivers. An attacker could possibly use this
issue to write files in locations they would not normally have
access to. (CVE-2024-11236)
Doughnut orders disrupted! Krispy Kreme suffers hack attack
Read Time:15 Second
Krispy Kreme, the dispenser of delectable doughnuts, says that it suffered a cyber attack at the end of last month which saw its IT systems compromised and has disrupted online orders in parts of the United States.
Read more in my article on the Hot for Security blog.
27 DDoS-for-hire services disrupted in run-up to holiday season
Read Time:13 Second
Operation PowerOFF has disrupted what was anticipated to be a surge of distributed denial-of-service (DDoS) attacks over the Christmas period by taking over two dozen “booter” or “stresser” websites offline.
Read more in my article on the Tripwire State of Security blog.
retsnoop-0.10.1-1.el8
Read Time:9 Second
FEDORA-EPEL-2024-d21693152c
Packages in this update:
retsnoop-0.10.1-1.el8
Update description:
Update retsnoop to the latest version and build against the fixed ruzstd
Lookout Discovers New Spyware Deployed by Russia and China
Read Time:7 Second
Russian-made spyware BoneSpy and PlainGnome target former Soviet states, while public security bureaus in mainland China use Chinese surveillance tool EagleMsgSpy
Insurance Worker Sentenced After Illegally Accessing Claimants’ Data
Read Time:4 Second
An insurance employee has been handed a suspended sentence after illegally accessing personal information