Felix Wilhelm reported that several buffer handling functions in
libxml2, a library providing support to read, modify and write XML and
HTML files, don’t check for integer overflows, resulting in
out-of-bounds memory writes if specially crafted, multi-gigabyte XML
files are processed. An attacker can take advantage of this flaw for
denial of service or execution of arbitrary code.
Manfred Paul discovered two security issues in the Mozilla Firefox web
browser, which could result in the execution of arbitrary code.
Several flaws have been discovered in HTCondor, a distributed workload
management system, which allow users with only READ access to any daemon to use
a different authentication method than the administrator has specified. If the
administrator has configured the READ or WRITE methods to include CLAIMTOBE,
then it is possible to impersonate another user and submit or remove jobs.
mingw-pcre2-10.40-1.fc36
Update to pcre2-10.40, see https://github.com/PCRE2Project/pcre2/blob/pcre2-10.40/NEWS for details.
mingw-pcre2-10.40-1.fc35
Update to pcre2-10.40, see https://github.com/PCRE2Project/pcre2/blob/pcre2-10.40/NEWS for details.
“Google Maps Adds Shortcuts through Houses of People Google Knows Aren’t Home Right Now.”
Excellent satire.
For the past week and a half, Greenland’s health service has reportedly been struggling to recover from a cyber attack that has crippled its IT systems, causing long waiting times and forcing doctors to resort to using pen and paper instead of computers.
Read more in my article on the Hot for Security blog.
Ottawa government’s move follows similar bans in other English-speaking countries, citing potential security risks to 5G communications networks.
Enterprises can use CIS RAM v2.1 for IG3 to demonstrate that a risk is reasonable upon experiencing a breach.
