Read Time:7 Second
FEDORA-2024-c27e97ca79
Packages in this update:
nextcloud-28.0.3-1.fc38
Update description:
update to 28.0.3
fix CVE-2024-22403
Category Archives: Advisories
DSA-5671-1 openjdk-11 – security update
Read Time:9 Second
Several vulnerabilities have been discovered in the OpenJDK Java runtime,
which may result in denial of service or information disclosure.
DSA-5670-1 thunderbird – security update
Read Time:9 Second
Multiple security issues were discovered in Thunderbird, which could
result in denial of service or the execution of arbitrary code.
DSA-5669-1 guix – security update
Read Time:9 Second
It was discovered that insufficient restriction of unix daemon sockets
in the GNU Guix functional package manager could result in sandbox
bypass.
DSA-5672-1 openjdk-17 – security update
Read Time:9 Second
Several vulnerabilities have been discovered in the OpenJDK Java runtime,
which may result in denial of service or information disclosure.
chromium-124.0.6367.60-1.el9
Read Time:54 Second
FEDORA-EPEL-2024-2bf39e0ba4
Packages in this update:
chromium-124.0.6367.60-1.el9
Update description:
update to 124.0.6367.60
High CVE-2024-3832: Object corruption in V8
High CVE-2024-3833: Object corruption in WebAssembly
High CVE-2024-3914: Use after free in V8
High CVE-2024-3834: Use after free in Downloads
Medium CVE-2024-3837: Use after free in QUIC
Medium CVE-2024-3838: Inappropriate implementation in Autofill
Medium CVE-2024-3839: Out of bounds read in Fonts
Medium CVE-2024-3840: Insufficient policy enforcement in Site Isolation
Medium CVE-2024-3841: Insufficient data validation in Browser Switcher
Medium CVE-2024-3843: Insufficient data validation in Downloads
Low CVE-2024-3844: Inappropriate implementation in Extensions
Low CVE-2024-3845: Inappropriate implementation in Network
Low CVE-2024-3846: Inappropriate implementation in Prompts
Low CVE-2024-3847: Insufficient policy enforcement in WebUI
update to 123.0.6312.122
High CVE-2024-3157: Out of bounds write in Compositing
High CVE-2024-3516: Heap buffer overflow in ANGLE
High CVE-2024-3515: Use after free in Dawn
DSA-5668-1 chromium – security update
Read Time:9 Second
Security issues were discovered in Chromium, which could result
in the execution of arbitrary code, denial of service or information
disclosure.
Akira Ransomware Attack
Read Time:45 Second
What is the Akira Ransomware Attack?
The Akira ransomware attack has actively and widely impacting businesses. According to CISA advisory, the ransomware group has impacted over 250 organizations and claimed approximately $42 million (USD) in ransomware proceeds. The ransomware group gains initial access via either less-secured VPN or Cisco vulnerabilities. Once the network is compromised, the threat actor is able to target a system and encrypt files with .akira extension.
What is the recommended Mitigation?
Review attack surfaces and ensure that all systems are kept up-to-date with the latest patches. Also, maintain general awareness and training about the risk of phishing and social engineering attacks in the organization.
What FortiGuard Coverage is available?
FortiGuard Labs has existing AV signatures (i.e. W64/Akira.C!tr.ransom) to block all the known malware variants used by Ransomware group and has blocked related IoCs via Web filtering service.
golang-gvisor-20240408.0-1.20240418git9e5a99b.fc38
Read Time:7 Second
FEDORA-2024-d652859efb
Packages in this update:
golang-gvisor-20240408.0-1.20240418git9e5a99b.fc38
Update description:
Update golang-gvisor to 20240408.0
golang-gvisor-20240408.0-1.20240418git9e5a99b.fc39
Read Time:7 Second
FEDORA-2024-9cc0e0c63e
Packages in this update:
golang-gvisor-20240408.0-1.20240418git9e5a99b.fc39
Update description:
Update golang-gvisor to 20240408.0