Security Leftovers

posted by Roy Schestowitz on May 10, 2023

• WebKitGTK Arbitrary Code Execution, Info Disclosure Bugs Fixed - Update Now

  Several high-severity vulnerabilities have been found in the WebKitGTK web engine, including a use after free issue that may have been actively exploited (CVE-2023-28205).

  These bugs could result in the exposure of sensitive information and the execution of arbitrary code.

• Chromium 111.0.5563.147 compiled in OE

  Compiled Chromium in OpenEmbedded, bumping from 111.0.5563.64. Did an rsync with the EasyOS package repository, uploaded these:

  chromium-x11-111.0.5563.147-r1-nocona-64.tar.xz
  p11-kit-0.24.1-r2-nocona-64.tar.xz
  limine-4.20230503.0-r1-nocona-64.tar.xz
  

  I posted recently about the need to recompile 'p11-kit' (fix for flatpaks): [...]

• ‘Don’t Copy That Floppy’: The Untold History of Apple II Software Piracy

  A computer historian tells the story of one of the earliest copy protection battles of the personal computer era.

• PHP Vuln Threatens Confidentiality of Impacted Systems

  It was recently discovered that PHP could be made to bypass password checking if a specially crafted input was provided (CVE-2023-0567).

  This flaw could possibly allow applications to accept any password as valid, contrary to expectations, potentially leading to the compromise of critical systems and sensitive information.

• How to hack a smart fridge [Ed: Nobody needs a fridge that connected to WiFi]

  Do you know how many internet-connected devices there are inside your home? I certainly don’t.