Post Content
GLSA 202408-04: Levenshtein: Remote Code Execution
GLSA 202408-05: Redis: Multiple Vulnerabilities
GLSA 202408-03: libXpm: Multiple Vulnerabilities
thunderbird-115.14.0-1.fc39
FEDORA-2024-7fe5206574
Packages in this update:
thunderbird-115.14.0-1.fc39
Update description:
Update to 115.14.0
https://www.thunderbird.net/en-US/thunderbird/115.14.0esr/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2024-38/
thunderbird-115.14.0-1.fc40
FEDORA-2024-a060f26e22
Packages in this update:
thunderbird-115.14.0-1.fc40
Update description:
Update to 115.14.0
https://www.thunderbird.net/en-US/thunderbird/115.14.0esr/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2024-38/
FTC warns consumers of scammers offering to remove all negative information from credit reports
Are you eager for your credit report to be “cleaned-up” so lenders and landlords will have a better opinion of your financial responsibility and creditworthiness?
You might be wise to read my article on the Hot for Security blog.
USN-6946-1: Django vulnerabilities
It was discovered that Django incorrectly handled certain strings in
floatformat function. An attacker could possibly use this issue to
cause a memory exhaustion. (CVE-2024-41989)
It was discovered that Django incorrectly handled very large inputs.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2024-41990)
It was discovered that Django in AdminURLFieldWidget incorrectly
handled certain inputs with a very large number of Unicode characters.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2024-41991)
It was discovered that Django incorrectly handled certain JSON objects.
An attacker could possibly use this issue to cause a potential SQL
injection. This issue only affected Ubuntu 22.04 LTS, and Ubuntu 24.04
LTS. (CVE-2024-42005)
USN-6945-1: wpa_supplicant and hostapd vulnerability
Rory McNamara discovered that wpa_supplicant could be made to load
arbitrary shared objects by unprivileged users that have access to
the control interface. An attacker could use this to escalate privileges
to root.
The AI Fix #10: An AI cookery dumpster fire, the ARC prize, and a creepy new AI friend
In episode ten of “The AI Fix” podcast, Graham attempts to say “quinoa”, Mark draws a line in the amper-sand, ChatGPT becomes an expert in solar panels and bomb disposal, and our hosts watch a terrifying tailer for a creepy new AI friend.
Graham discovers that the world of AI cookery is a soggy, limey mess, and learns an unusual trick for making a great mojito, while Mark pits his co-host against the cleverest AI brains in the world.