Security Leftovers
-
Reproducible Builds (diffoscope): diffoscope 224 released
The diffoscope maintainers are pleased to announce the release of diffoscope version 224. This version includes the following changes:
[ Mattia Rizzolo ] * Fix rlib test failure with LLVM 15. Thanks to Gianfranco Costamagna (locutusofborg) for the patch.
-
iTWire - New firm aims to help Huawei avoid US sanctions: claim
A chip start-up known as Pengxinwei IC Manufacturing based in Shenzhen is allegedly aiming to help Huawei Technologies get around American sanctions that have crippled its smartphone business, the Bloomberg news agency claims.
The start-up is run by a former Huawei employee, Bloomberg said on Thursday, adding that the firm was receiving support from Huawei to order chipmaking gear which it hopes to obtain by the first half of 2023.
However, as Bloomberg admitted, Pengxinwei had not yet got off the ground, making a great deal of its extremely lengthy report speculative.
-
Hackers exploiting unpatched RCE bug in Zimbra Collaboration Suite [Ed: A patch has been out for ages]
Hackers are actively exploiting an unpatched remote code execution (RCE) vulnerability in Zimbra Collaboration Suite (ZCS), a widely deployed web client and email server.
-
Researchers Warn of Unpatched, Actively Exploited Zimbra Flaw | Decipher [Ed: Patched ages ago]
A critical-severity, remote code execution vulnerability in Zimbra’s enterprise collaboration software and email platform is being actively exploited, with no patch currently available for the issue, warn researchers.
-
Security updates for Friday
Security updates have been issued by Debian (dbus, isc-dhcp, and strongswan), Fedora (booth, php, php-twig, php-twig2, and php-twig3), Oracle (expat, prometheus-jmx-exporter, and squid), Red Hat (expat, openvswitch2.11, and squid), Scientific Linux (expat and squid), SUSE (exiv2, LibVNCServer, postgresql-jdbc, protobuf, python-PyJWT, python3, slurm, squid, and webkit2gtk3), and Ubuntu (libreoffice).
-
FBI and CISA Publish a PSA on Information Manipulation Tactics for 2022 Midterm Elections [Ed: Country that engages in election meddling all around the world claims to be protecting integrity of elections]
The PSA also describes the extensive safeguards in place to protect election infrastructure and includes recommendations to assist the public in understanding how to find trustworthy sources of election-related information.
-
Spectro Cloud Strengthens Kubernetes Security at the Network Edge