#linux

Gentoo Linux Security Advisory 202406-1 - A vulnerability has been discovered in GLib, which can lead to privilege escalation. Versions greater than or equal to 2.78.6 are affected.

Red Hat Security Advisory 2024-4058-03 - An update for python3.11 is now available for Red Hat Enterprise Linux 8. Issues addressed include denial of service and traversal vulnerabilities.

Red Hat Security Advisory 2024-4052-03 - An update for dnsmasq is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

Red Hat Security Advisory 2024-4051-03 - An update for pki-core is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2024-4050-03 - An update for libreswan is now available for Red Hat Enterprise Linux 9.

A likely China-linked state-sponsored threat actor has been linked to a cyber espionage campaign targeting government, academic, technology, and diplomatic organizations in Taiwan between November 2023 and April 2024. Recorded Future's Insikt Group is tracking the activity under the name RedJuliett, describing it as a cluster that operates Fuzhou, China, to support Beijing's intelligence

Red Hat Enterprise Linux 9.4 introduces the ability for centrally managed users to authenticate through passwordless authentication with a passkey, meaning it's an enterprise Linux distribution with Fast Identity Online 2 (FIDO2) authentication for centrally managed users! This is all built on the Identity Management solution already in Red Hat Enterprise Linux, but enhances product security by enabling passwordless, Multi-Factor Authentication (MFA), and Single Sign-On (SSO).What is Passkey?A passkey is a FIDO2 compatible device that can be used for user authentication. FIDO2 is an open authe

The Marvin Attack is a new side-channel attack on cryptographic implementations of RSA in which the attacker decrypts previously captured ciphertext by measuring, over a network, server response times to specially crafted messages. The attacker also may forge signatures with the same key as the one used for decryption. Red Hat published the principles and technical background of the Marvin Attack in September of 2023.Since that time, we have identified lots of other vulnerable implementations and have shipped fixes. Note that most of the CVEs in applications that use OpenSSL have only received

Russian organizations have been targeted by a cybercrime gang called ExCobalt using a previously unknown Golang-based backdoor known as GoRed. "ExCobalt focuses on cyber espionage and includes several members active since at least 2016 and presumably once part of the notorious Cobalt Gang," Positive Technologies researchers Vladislav Lunin and Alexander Badayev said in a technical report

Red Hat Security Advisory 2024-4036-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 8. Issues addressed include bypass and use-after-free vulnerabilities.