news
Security Leftovers
-
LWN ☛ Security updates for Wednesday
Security updates have been issued by AlmaLinux (coreutils, galera and mariadb11.8, giflib, git-lfs, glibc, httpd, kernel, mariadb10.11, mod_md, perl-Archive-Tar, perl-IO-Compress, perl:5.32, rrdtool, ruby, ruby4.0, and thunderbird), Debian (debian-security-support, librabbitmq, and nginx), Fedora (chromium, collectd, maradns, python-django-haystack, python-jupytext, varnish, varnish-modules, and vmod-querystring), Oracle (firefox, git-lfs, kernel, nginx:1.24, openssl, perl-Archive-Tar, perl-IO-Compress, and uek-kernel), Red Hat (container-tools:rhel8), SUSE (7zip, apache2, buildah, cifs-utils, curl, docker, exiv2-0_26, libonnxruntime1, libsoup, nodejs22, opensc, pacemaker, perl-Config-IniFiles, podman, sg3_utils, socat, tar, tracker, and xdg-desktop-portal), and Ubuntu (curl, hplip, libgd-perl, libssh2, libyang, ruby2.7, ruby3.0, ruby3.2, ruby3.3, and tar).
-
Security Week ☛ Google Patches 382 Chrome Vulnerabilities
Fifteen of the newly patched flaws have been rated ‘critical’ and 67 have been rated ‘high severity’.
-
Security Week ☛ Citrix Patches NetScaler Vulnerabilities, Including New ‘HTTP/2 Bomb’ Attack
Citrix urges customers to patch NetScaler after fixing six vulnerabilities, including the HTTP/2 Bomb flaw and a high-severity CitrixBleed-style information disclosure bug.
-
Support for Istio 1.28 has ended
As previously announced, support for Istio 1.28 has now officially ended.
-
Announcing Istio 1.28.10
This release contains bug fixes to improve robustness. This release note describes what’s different between Istio 1.28.9 and 1.28.10.
-
Security Week ☛ Adobe Patches Critical ColdFusion, Campaign Classic Vulnerabilities
Seven of the security defects have a maximum severity rating of 10/10 and could lead to arbitrary code execution.
-
Federal News Network ☛ Satellites are America’s invisible lifeline. Congress must secure them now.
We don’t need to wait for a major crisis to strengthen SATCOM cybersecurity. Congress already has a bipartisan roadmap in front of it.
-
Security Week ☛ Apple Patches Dozens of Vulnerabilities Across iOS, macOS, and Safari
The updates fix vulnerabilities in WebKit, the kernel, WebRTC, Web Extensions, and other components affecting iPhone, iPad, Mac, and Safari users.
-
Windows TCO / Windows Bot Nets
-
Security Week ☛ Massive Password Spray Campaign Targeting Microsoft trap Azure CLI
Hackers were seen making over 81 million login attempts originating from systems associated with hosting provider LSHIY.
-