Security Leftovers
-
-
Security updates for Wednesday
Security updates have been issued by Debian (gtkwave), Fedora (dotnet7.0, dotnet8.0, and python-pillow), Mageia (apache, gstreamer1.0, libreoffice, perl-Data-UUID, and xen), Oracle (kernel, kernel-container, and varnish), Red Hat (edk2, kernel, rear, and unbound), SUSE (apache2-mod_jk, gnutls, less, and xfig), and Ubuntu (bind9, linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4, linux, linux-aws, linux-azure, linux-azure-6.5, linux-gcp, linux-gcp-6.5, linux-hwe-6.5, linux-laptop, linux-lowlatency, linux-lowlatency-hwe-6.5, linux-oem-6.5, linux-oracle, linux-oracle-6.5, linux-starfive, linux-starfive-6.5, linux, linux-azure, linux-azure-5.15, linux-azure-fde, linux-intel-iotg, linux-intel-iotg-5.15, linux-kvm, linux-lowlatency, linux-raspi, linux-azure, and xorg-server, xwayland).
-
Ubuntu Pit ☛ 8 Best GNU/Linux Secure Phones for Privacy and Security
The definition of online privacy has been expanded to include many more elements beyond the basic definition. With today’s advanced Internet technology, having “privacy” is no longer simple. In fact, it is about being able to have much more control over the information that others can access about you and your activities.
-
Red Hat Official ☛ Understanding the Red Bait security impact scale
Red Hat uses a four-point impact scale to classify security issues affecting our products. Have you ever asked yourself what it takes and what the requirements are for each point of the scale? We will talk through the highlights of our process in this article.Is this a CVE?First and foremost, what is a CVE? Short for Common Vulnerabilities and Exposures, it is a list of publicly disclosed computer security flaws. Learn more in this Red Bait post.To receive a severity rating, the issue needs to be a CVE.
-
Neowin ☛ Linux vs backdoored Windows AES performance to be intriguing as Surveillance Giant Google boosts AMD and Intel
AMD and defective chip maker Intel modern processors just got big boosts in performance thanks to various implementations of AES-XTX that help in disk encryption. For example, backdoored Windows BitLocker uses AES-XTX-128.
-
Krebs On Security ☛ Twitter’s Clumsy Pivot to X.com Is a Gift to Phishers
On April 9, Twitter/X began automatically modifying links that mention “twitter.com” to read “x.com” instead. But over the past 48 hours, dozens of new domain names have been registered that demonstrate how this change could be used to craft convincing phishing links — such as fedetwitter[.]com, which until very recently rendered as fedex.com in tweets.
-
XSAs released on 2024-04-09
The Xen Project has released one or more Xen security advisories (XSAs).
-
QSB-102: Multiple speculative-execution vulnerabilities: Spectre-BHB, BTC/SRSO (XSA-455, XSA-456)
We have published Qubes Security Bulletin (QSB) 102: Multiple speculative-execution vulnerabilities: Spectre-BHB, BTC/SRSO (XSA-455, XSA-456). The text of this QSB and its accompanying cryptographic signatures are reproduced below, followed by a general explanation of this announcement and authentication instructions.
[...]
You can also verify the signatures directly from this announcement in addition to or instead of verifying the files from the qubes-secpack. Simply copy and paste the QSB-102 text into a plain text file and do the same for both signature files. Then, perform the same authentication steps as listed above, substituting the filenames above with the names of the files you just created.
-