#linux

Red Hat Security Advisory 2024-1678-03 - An update for nodejs is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a denial of service vulnerability.

With versions of the whoami crate >= 0.5.3 and < 1.5.0, calling any of these functions leads to an immediate stack buffer overflow on illumos and Solaris: - `whoami::username` - `whoami::realname` - `whoami::username_os` - `whoami::realname_os` With versions of the whoami crate >= 0.5.3 and < 1.0.1, calling any of the above functions also leads to a stack buffer overflow on these platforms: - Bitrig - DragonFlyBSD - FreeBSD - NetBSD - OpenBSD This occurs because of an incorrect definition of the `passwd` struct on those platforms. As a result of this issue, denial of service and data corruption have both been observed in the wild. The issue is possibly exploitable as well. This vulnerability also affects other Unix platforms that aren't Linux or macOS. This issue has been addressed in whoami 1.5.0. For more information, see [this GitHub issue](https://github.com/ardaku/whoami/issues/91).

Improving security in the applications that drive the digital economy is a necessary undertaking, requiring ongoing collaboration between the public and private sectors.

A Babuk variant has been involved in at least four attacks on VMware EXSi servers in the last six weeks, in one case demanding $140 million from a Chilean data center company.

By Waqas Another day, another malware threat! This is a post from HackRead.com Read the original post: New Latrodectus Downloader Malware Linked to IcedID and Qbot Creators

An April 2023 study from Kent State University found that remote workers are more likely to be vigilant of security threats and take actions to ward them off than their in-office counterparts.

Debian Linux Security Advisory 5654-1 - Security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

User Registration and Login and User Management System version 3.2 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

WordPress Membership for WooCommerce plugin versions prior to 2.1.7 suffer from a remote shell upload vulnerability.

Red Hat Security Advisory 2024-1653-03 - An update for kernel is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include a use-after-free vulnerability.