Several vulnerabilities have been discovered in the OpenJDK Java runtime,
which may result in denial of service or information disclosure.

https://security-tracker.debian.org/tracker/DSA-5671-1

Read More

Multiple security issues were discovered in Thunderbird, which could
result in denial of service or the execution of arbitrary code.

https://security-tracker.debian.org/tracker/DSA-5670-1

Read More

It was discovered that insufficient restriction of unix daemon sockets
in the GNU Guix functional package manager could result in sandbox
bypass.

https://security-tracker.debian.org/tracker/DSA-5669-1

Read More

Several vulnerabilities have been discovered in the OpenJDK Java runtime,
which may result in denial of service or information disclosure.

https://security-tracker.debian.org/tracker/DSA-5672-1

Read More

FEDORA-EPEL-2024-2bf39e0ba4

Packages in this update:

chromium-124.0.6367.60-1.el9

Update description:

update to 124.0.6367.60

High CVE-2024-3832: Object corruption in V8
High CVE-2024-3833: Object corruption in WebAssembly
High CVE-2024-3914: Use after free in V8
High CVE-2024-3834: Use after free in Downloads
Medium CVE-2024-3837: Use after free in QUIC
Medium CVE-2024-3838: Inappropriate implementation in Autofill
Medium CVE-2024-3839: Out of bounds read in Fonts
Medium CVE-2024-3840: Insufficient policy enforcement in Site Isolation
Medium CVE-2024-3841: Insufficient data validation in Browser Switcher
Medium CVE-2024-3843: Insufficient data validation in Downloads
Low CVE-2024-3844: Inappropriate implementation in Extensions
Low CVE-2024-3845: Inappropriate implementation in Network
Low CVE-2024-3846: Inappropriate implementation in Prompts
Low CVE-2024-3847: Insufficient policy enforcement in WebUI

update to 123.0.6312.122

High CVE-2024-3157: Out of bounds write in Compositing
High CVE-2024-3516: Heap buffer overflow in ANGLE
High CVE-2024-3515: Use after free in Dawn

Read More

Security issues were discovered in Chromium, which could result
in the execution of arbitrary code, denial of service or information
disclosure.

https://security-tracker.debian.org/tracker/DSA-5668-1

Read More

What is the Akira Ransomware Attack?

The Akira ransomware attack has actively and widely impacting businesses. According to CISA advisory, the ransomware group has impacted over 250 organizations and claimed approximately $42 million (USD) in ransomware proceeds. The ransomware group gains initial access via either less-secured VPN or Cisco vulnerabilities. Once the network is compromised, the threat actor is able to target a system and encrypt files with .akira extension.

What is the recommended Mitigation?

Review attack surfaces and ensure that all systems are kept up-to-date with the latest patches. Also, maintain general awareness and training about the risk of phishing and social engineering attacks in the organization.

What FortiGuard Coverage is available?

FortiGuard Labs has existing AV signatures (i.e. W64/Akira.C!tr.ransom) to block all the known malware variants used by Ransomware group and has blocked related IoCs via Web filtering service.

Read More

FEDORA-2024-d652859efb

Packages in this update:

golang-gvisor-20240408.0-1.20240418git9e5a99b.fc38

Update description:

Update golang-gvisor to 20240408.0

Read More

FEDORA-2024-9cc0e0c63e

Packages in this update:

golang-gvisor-20240408.0-1.20240418git9e5a99b.fc39

Update description:

Update golang-gvisor to 20240408.0

Read More

FEDORA-2024-80e062d21a

Packages in this update:

golang-gvisor-20240408.0-1.20240418git9e5a99b.fc40

Update description:

Update golang-gvisor to 20240408.0

Read More