Security Leftovers
-
Ars Technica ☛ Hackers can unlock over 3 million hotel doors in seconds | Ars Technica
Saflok has a fix for the vulnerability, but patching may take a long time.
-
Ghacks ☛ Brave no longer installs VPN Services on Windows for everyone - gHacks Tech News
Brave Browser 1.64 does not install VPN services for all Windows users anymore, only for those who use the VPN.
-
Security updates for Thursday
Security updates have been issued by Debian (pdns-recursor and php-dompdf-svg-lib), Fedora (grub2, libreswan, rubygem-yard, and thunderbird), Mageia (libtiff and python-scipy), Red Hat (golang, nodejs, and nodejs:16), Slackware (python3), and Ubuntu (linux, linux-azure, linux-azure-5.15, linux-azure-fde, linux-gkeop-5.15, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux, linux-azure, linux-gcp, linux-gcp-6.5, linux-hwe-6.5, linux-lowlatency, linux-lowlatency-hwe-6.5, linux-oem-6.5, linux-oracle, linux-oracle-6.5, linux-raspi, linux-starfive, linux-starfive-6.5, linux-aws, linux-aws-5.15, linux-aws, linux-aws-5.4, linux-gcp-5.4, linux-raspi, linux-raspi-5.4, linux-xilinx-zynqmp, linux-gcp, linux-gcp-4.15, linux-kvm, linux-laptop, linux-oem-6.1, and linux-raspi).
-
Security Week ☛ Microsoft Patches Xbox Vulnerability Following Public Disclosure
Microsoft patches Xbox Gaming Services vulnerability CVE-2024-28916 after initially saying it was not a security issue.
-
CVE-2024-27281: RCE vulnerability with .rdoc_options in RDoc
We have released the RDoc gem version 6.3.4.1, 6.4.1.1, 6.5.1.1 and 6.6.3.1 that have a security fix for a RCE vulnerability. This vulnerability has been assigned the CVE identifier CVE-2024-27281.
-
CVE-2024-27280: Buffer overread vulnerability in StringIO
We have released the StringIO gem version 3.0.1.1 and 3.0.1.2 that have a security fix for a buffer overread vulnerability. This vulnerability has been assigned the CVE identifier CVE-2024-27280.
-
Silicon Angle ☛ Enhancing open-source security: Collaborative strategies from OpenSSF
The issue of vulnerabilities in open-source components within software supply chains is increasingly attracting attention. For cybersecurity professionals, open source is often the supply chain segment where confidence in security measures is at its lowest.