Security Bugs and Patches
-
Security updates for Monday
Security updates have been issued by Debian (knot-resolver and libpgjava), Fedora (booth, dotnet3.1, expat, nheko, php-twig, php-twig2, php-twig3, poppler, python-joblib, and seamonkey), Mageia (colord, dbus, enlightenment, kitty, libvncserver, php, python3, and unbound), Slackware (libksba), SUSE (cyrus-sasl, ImageMagick, and xmlgraphics-commons), and Ubuntu (nginx and thunderbird).
-
Critical vm2 sandbox escape flaw uncovered, patch ASAP! (CVE-2022-36067) [Ed: It would be better to just avoid JavaScript]
Oxeye researchers discovered a severe vm2 vulnerability (CVE-2022-36067) that has received the maximum CVSS score of 10.0. Called SandBreak, this new vulnerability requires R&D leaders, AppSec engineers, and security professionals to ensure they immediately patch the vm2 sandbox if they use it in their applications.
-
Zimbra remote code execution vulnerability actively exploited in the wild
-
Unpatched Zimbra RCE bug exploited by attackers (CVE-2022-41352) [Ed: Way to distract from Exchange getting cracked by the thousands or millions (of accounts) due to Microsoft letting bug doors just stay there for ages]