Security Leftovers
-
Patch Squid Vulnerabilities Affecting Ubuntu 16.04/18.04
Several security issues were discovered in Squid, a web proxy cache server. These vulnerabilities have a high severity score and could lead to denial of service or exposure of sensitive information. The good news is that they have been addressed in the new version and upgrading Squid package is strongly recommended. Canonical has also released security updates to address Squid vulnerabilities in Ubuntu 16.04 ESM and Ubuntu 18.04 ESM releases.
-
Dark Reading ☛ The Linux Foundation and OpenSSF Release Report on the State of Education in Secure Software Development
Linux Foundation Research and the Open Source Security Foundation (OpenSSF) are pleased to release a new report titled "Secure Software Development Education 2024 Survey: Understanding Current Needs.” Based on a survey of nearly 400 software development professionals, the analysis explores the current state of secure software development and underscores the urgent need for formalized industry education and training programs.
-
NVISO Labs ☛ Punch Card Hacking – Exploring a Mainframe Attack Vector
Mainframes are the unseen workhorses that carry the load for many services we use on a daily basis: Withdrawing money from an ATM, credit card payments, and airline reservations to name just a few of the high volume workloads that are primarily handled by mainframes.
-
LWN ☛ Security updates for Tuesday
Security updates have been issued by Debian (kernel), Fedora (erlang-jose, mingw-python-certifi, and yt-dlp), Mageia (firefox, nss, libreoffice, sendmail, and tomcat), Red Hat (firefox, ghostscript, git-lfs, kernel, kernel-rt, ruby, and skopeo), SUSE (Botan, cockpit, kernel, nodejs18, p7zip, python3, and tomcat), and Ubuntu (ghostscript, linux, linux-azure, linux-azure-5.15, linux-gcp, linux-gke, linux-gkeop, linux-gkeop-5.15, linux-ibm, linux-intel-iotg, linux-intel-iotg-5.15, linux-kvm, linux-nvidia, linux-oracle, linux-azure-6.5, linux-gcp-6.5, and linux-gke, linux-nvidia).
-
Security Week ☛ Hackers Exploit Flaw in Squarespace Migration to Hijack Domains
Hackers exploited a flaw to hijack cryptocurrency domains that were migrated from Surveillance Giant Google Domains to Squarespace.
-
CVE-2024-39908 : DoS in REXML
There is a DoS vulnerability in REXML gem. This vulnerability has been assigned the CVE identifier CVE-2024-39908. We strongly recommend upgrading the REXML gem.
When it parses an XML that has many specific characters such as
<
,0
and%>
. REXML gem may take long time.