Latest News

Red Hat Security Advisory 2024-8315-03 - Logging for Red Hat OpenShift - 5.9.8.

Red Hat Security Advisory 2024-8314-03 - Logging for Red Hat OpenShift - 6.0.1.

### Impact A remote client may send a request that is exactly `recv_bytes` (defaults to 8192) long, followed by a secondary request using HTTP pipelining. When request lookahead is disabled (default) we won't read any more requests, and when the first request fails due to a parsing error, we simply close the connection. However when request lookahead is enabled, it is possible to process and receive the first request, start sending the error message back to the client while we read the next request and queue it. This will allow the secondary request to be serviced by the worker thread while the connection should be closed. ### Patches Waitress 3.0.1 fixes the race condition. ### Workarounds Disable `channel_request_lookahead`, this is set to `0` by default disabling this feature. For this vulnerability this value is required to be changed from the default. ### For more information If you have any questions or comments about this advisory: * Open an issue in https://github.com...

### Summary A kyverno ClusterPolicy, ie. "disallow-privileged-containers," can be overridden by the creation of a PolicyException in a random namespace. ### Details By design, PolicyExceptions are consumed from any namespace. Administrators may not recognize that this allows users with privileges to non-kyverno namespaces to create exceptions. ### PoC 1. Administrator creates "disallow-privileged-containers" ClusterPolicy that applies to resources in the namespace "ubuntu-restricted" 2. Cluster user creates a PolicyException object for "disallow-privileged-containers" in namespace "ubuntu-restricted" 3. Cluster user creates a pod with a privileged container in "ubuntu-restricted" 4. Cluster user escalates to root on the node from the privileged container ### Impact Administrators attempting to enforce cluster security through kyverno policies, but that allow less privileged users to create resources

A collaboration with the FBI and law-enforcement agencies in Europe, the UK, and Australia, Operation Magnus has seized servers and source code related to the two malware families, which have stolen data from millions of victims worldwide.

### Impact When a remote client closes the connection before waitress has had the opportunity to call `getpeername()` waitress won't correctly clean up the connection leading to the main thread attempting to write to a socket that no longer exists, but not removing it from the list of sockets to attempt to process. This leads to a busy-loop calling the write function. A remote attacker could run waitress out of available sockets with very little resources required. ### Patches Waitress 3.0.1 contains fixes that remove the race condition. ### Workarounds No work-around. ### References - https://github.com/Pylons/waitress/issues/418 - https://github.com/Pylons/waitress/pull/435

Great CISOs are in short supply, so choose wisely. Here are five ways to make sure you've made the right pick.

Apple has issued patches for several of its operating systems. The ones for iOS and iPadOS deserve your immediate attention.

Custom generative AI solutions have the potential to transform industries, equipping businesses to reach their goals with exceptional…

A little over three dozen security vulnerabilities have been disclosed in various open-source artificial intelligence (AI) and machine learning (ML) models, some of which could lead to remote code execution and information theft. The flaws, identified in tools like ChuanhuChatGPT, Lunary, and LocalAI, have been reported as part of Protect AI's Huntr bug bounty platform. The most severe of the