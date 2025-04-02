news
Security Leftovers
-
LWN ☛ Security updates for Tuesday
Security updates have been issued by AlmaLinux (freetype, grub2, kernel, kernel-rt, and python-jinja2), Debian (freetype, linux-6.1, suricata, tzdata, and varnish), Fedora (mingw-libxslt and qgis), Mageia (elfutils, mercurial, and zvbi), Oracle (grafana, kernel, libxslt, nginx:1.22, and postgresql:12), Red Hat (opentelemetry-collector), SUSE (corosync, opera, and restic), and Ubuntu (aom, libtar, mariadb, ovn, php7.4, php8.1, php8.3, rabbitmq-server, and webkit2gtk).
-
The New Stack ☛ How Linux Kernel Deals With Tracking CVE Security Issues
Like it or not, we depend on Common Vulnerabilities and Exposures (CVE)s bulletins to track security problems. These, in turn are assigned by CVE Naming Authorities (CNA). Who runs those, you ask? Well, soon, if you, your open-source project, or project will. Ready? Probably not.
CVEs are standardized identifiers for security vulnerabilities, and CNAs are entities authorized to assign these identifiers. Traditionally, companies like Red Hat and Oracle managed CVEs for open-source projects. This approach always has the problem that vendors, of course, focused on the relevant vulnerabilities to their products.
-
Security Week ☛ CrushFTP Blames Security Firms for Fast Exploitation of Vulnerability
Shadowserver has started seeing exploitation attempts aimed at a CrushFTP vulnerability tracked as CVE-2025-2825 and CVE-2025-31161.
-
Security Week ☛ Apple Patches Recent Zero-Days in Older iPhones
Apple has released a hefty round of security updates for its desktop and mobile products, patching two recent zero-days in older iPhone models.
-
Scoop News Group ☛ Apple issues fixes for vulnerabilities in both old and new OS versions
The company released a host of security patches Monday, including ones that address two zero-day vulnerabilities.
-
Security Week ☛ Critical Vulnerability Found in Canon Printer Drivers
Microsoft’s offensive security team warned Canon about a critical code execution vulnerability in printer drivers.