Security Leftovers

posted by Roy Schestowitz on Nov 23, 2024

• PCLOS Official ☛ PCLinuxOS Recent Updates

  inkscape-1.4-2mtools-4.0.46cmake-3.31.1chromium-browser-130.0.6723.116chromium-ungoogled-browser-131.0.6778.85microsoft-edge-browser-131.0.2903.51opera-browser-114.0.5282.185vivaldi-browser-7.0.3495.18

• Linux Magazine ☛ New Linux Kernel Patch Allows Forcing a CPU Mitigation

  Even when CPU mitigations can consume precious CPU cycles, it might not be a bad idea to allow users to enable them, even if your machine isn't vulnerable.

• LWN ☛ Security updates for Friday

  Security updates have been issued by Debian (postgresql-13, postgresql-15, and webkit2gtk), Fedora (libsndfile, microcode_ctl, and trafficserver), Mageia (kanboard, kernel, kmod-xtables-addons, kmod-virtualbox, and bluez, kernel-linus, opendmarc, and radare2), Oracle (.NET 9.0, bubblewrap and flatpak, buildah, expat, firefox, grafana, grafana-pcp, kernel, krb5, libsoup, libvpx, NetworkManager-libreswan, openexr, pcp, python3.11, python3.11-urllib3, python3.12, python3.9, squid, thunderbird, tigervnc, and webkit2gtk3), Red Hat (.NET 9.0, binutils, expat, grafana-pcp, kernel, libsoup, NetworkManager-libreswan, openexr, python3.11, python3.12, python39:3.9, squid, tigervnc, and webkit2gtk3), SUSE (chromedriver, cobbler, govulncheck-vulndb, and icinga2), and Ubuntu (linux-lowlatency, linux-lowlatency-hwe-6.8, python2.7, and zbar).

• New York Times ☛ China’s Hacking Reached Deep Into U.S. Telecoms

  The chairman of the Senate Intelligence Committee said hackers listened to phone calls and read texts by exploiting aging equipment and seams in the networks that connect systems.

• Scoop News Group ☛ Stronger cyber protections in health care targeted in new Senate bill

  The bipartisan legislation from four senators is aimed at strengthening providers’ cyber defenses and protecting Americans’ health data.

• Federal News Network ☛ How should software producers be held accountable for shoddy cybersecurity products?

  Richard Beutel, a senior researcher for the Baroni Center for Government Contracting, explains the concerns about a new White House cyber proposal.

• Federal News Network ☛ Risk and Compliance Exchange 2024: DoD’ Stacy Bostjanick, DCMA’s Jennifer Henderson on finding ‘any means possible’ to help small biz with CMMC

  As the Cybersecurity Maturity Model Certification program inches closer to reality, DoD prepares defense industrial base for compliance requirements.

• Cyber Security News ☛ Multiple Linux Kernel Vulnerabilities In Defer Partition Scanning Patched

  The Linux kernel development team has recently addressed two significant vulnerabilities affecting various versions of the Linux operating system.

  These security issues, discovered in the kernel’s handling of NVMe multipath (CVE-2024-53093) and RDMA/siw (CVE-2024-53094) functionality, have been patched to prevent potential system instabilities and security risks.