Security Leftovers
Ars Technica ☛ Hackers can unlock over 3 million hotel doors in seconds | Ars Technica
Saflok has a fix for the vulnerability, but patching may take a long time.
Ghacks ☛ Brave no longer installs VPN Services on Windows for everyone - gHacks Tech News
Brave Browser 1.64 does not install VPN services for all Windows users anymore, only for those who use the VPN.
Security updates for Thursday
Security updates have been issued by Debian (pdns-recursor and php-dompdf-svg-lib), Fedora (grub2, libreswan, rubygem-yard, and thunderbird), Mageia (libtiff and python-scipy), Red Hat (golang, nodejs, and nodejs:16), Slackware (python3), and Ubuntu (linux, linux-azure, linux-azure-5.15, linux-azure-fde, linux-gkeop-5.15, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux, linux-azure, linux-gcp, linux-gcp-6.5, linux-hwe-6.5, linux-lowlatency, linux-lowlatency-hwe-6.5, linux-oem-6.5, linux-oracle, linux-oracle-6.5, linux-raspi, linux-starfive, linux-starfive-6.5, linux-aws, linux-aws-5.15, linux-aws, linux-aws-5.4, linux-gcp-5.4, linux-raspi, linux-raspi-5.4, linux-xilinx-zynqmp, linux-gcp, linux-gcp-4.15, linux-kvm, linux-laptop, linux-oem-6.1, and linux-raspi).
Security Week ☛ Microsoft Patches Xbox Vulnerability Following Public Disclosure
Microsoft patches Xbox Gaming Services vulnerability CVE-2024-28916 after initially saying it was not a security issue.
CVE-2024-27281: RCE vulnerability with .rdoc_options in RDoc
We have released the RDoc gem version 6.3.4.1, 6.4.1.1, 6.5.1.1 and 6.6.3.1 that have a security fix for a RCE vulnerability. This vulnerability has been assigned the CVE identifier CVE-2024-27281.
CVE-2024-27280: Buffer overread vulnerability in StringIO
We have released the StringIO gem version 3.0.1.1 and 3.0.1.2 that have a security fix for a buffer overread vulnerability. This vulnerability has been assigned the CVE identifier CVE-2024-27280.
Silicon Angle ☛ Enhancing open-source security: Collaborative strategies from OpenSSF
The issue of vulnerabilities in open-source components within software supply chains is increasingly attracting attention. For cybersecurity professionals, open source is often the supply chain segment where confidence in security measures is at its lowest.