Felix Wilhelm reported that several buffer handling functions in
libxml2, a library providing support to read, modify and write XML and
HTML files, don’t check for integer overflows, resulting in
out-of-bounds memory writes if specially crafted, multi-gigabyte XML
files are processed. An attacker can take advantage of this flaw for
denial of service or execution of arbitrary code.
DSA-5143 firefox-esr – security update
Manfred Paul discovered two security issues in the Mozilla Firefox web
browser, which could result in the execution of arbitrary code.
DSA-5144 condor – security update
Several flaws have been discovered in HTCondor, a distributed workload
management system, which allow users with only READ access to any daemon to use
a different authentication method than the administrator has specified. If the
administrator has configured the READ or WRITE methods to include CLAIMTOBE,
then it is possible to impersonate another user and submit or remove jobs.
mingw-pcre2-10.40-1.fc36
FEDORA-2022-9c9691d058
Packages in this update:
mingw-pcre2-10.40-1.fc36
Update description:
Update to pcre2-10.40, see https://github.com/PCRE2Project/pcre2/blob/pcre2-10.40/NEWS for details.
mingw-pcre2-10.40-1.fc35
FEDORA-2022-19f4c34184
Packages in this update:
mingw-pcre2-10.40-1.fc35
Update description:
Update to pcre2-10.40, see https://github.com/PCRE2Project/pcre2/blob/pcre2-10.40/NEWS for details.
Friday Squid Blogging: Squid Street Art
The Onion on Google Map Surveillance
“Google Maps Adds Shortcuts through Houses of People Google Knows Aren’t Home Right Now.”
Excellent satire.
Greenland hit by cyber attack, finds its health service crippled
For the past week and a half, Greenland’s health service has reportedly been struggling to recover from a cyber attack that has crippled its IT systems, causing long waiting times and forcing doctors to resort to using pen and paper instead of computers.
Read more in my article on the Hot for Security blog.
Canada bans Huawei, ZTE in 5G networks
Ottawa government’s move follows similar bans in other English-speaking countries, citing potential security risks to 5G communications networks.
Defining “Reasonable” Security with a Risk Assessment Method
Enterprises can use CIS RAM v2.1 for IG3 to demonstrate that a risk is reasonable upon experiencing a breach.