Security
Headlines
HeadlinesLatestCVEs

Tag

#linux

Linux Kernel Project Drops 11 Russian Developers Amid US Sanctions Concerns

Linux Foundation removes 11 Russian developers from the Linux kernel project due to U.S. sanctions. Linus Torvalds confirms…

HackRead
#linux#git#intel#acer#auth
Red Hat Security Advisory 2024-8461-03

Red Hat Security Advisory 2024-8461-03 - An update for krb5 is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

Red Hat Security Advisory 2024-8455-03

Red Hat Security Advisory 2024-8455-03 - An update for edk2 is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Issues addressed include a buffer overflow vulnerability.

Red Hat Security Advisory 2024-8449-03

Red Hat Security Advisory 2024-8449-03 - An update for edk2 is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include a buffer overflow vulnerability.

Red Hat Security Advisory 2024-8447-03

Red Hat Security Advisory 2024-8447-03 - An update for python3.12 is now available for Red Hat Enterprise Linux 9.4 Extended Update Support.

Red Hat Security Advisory 2024-8446-03

Red Hat Security Advisory 2024-8446-03 - An update for python3.9 is now available for Red Hat Enterprise Linux 9.4 Extended Update Support.

FIPS 140-3 changes for PKCS #12

With the planned release of Red Hat Enterprise Linux (RHEL) 10 in 2025, the PKCS #12 (Public-Key Cryptography Standards #12) files created in FIPS mode now use Federal Information Processing Standard (FIPS) cryptography by default. In other words, PKCS #12 files allow for backup or easy transfer of keying material between RHEL systems using FIPS approved algorithms.What are PKCS #12 files?PKCS #12 is currently defined by RFC 7292 and is a format for storing and transferring private keys, certificates, and miscellaneous secrets. Typically, PKCS #12 is used for transferring private RSA, EdDSA, o

GHSA-3pg4-qwc8-426r: OpenRefine leaks Google API credentials in releases

### Impact OpenRefine releases contain Google API authentication keys ("client id" and "client secret") which can be extracted from released artifacts. For instance, download the package for OpenRefine 3.8.2 on linux. It contains the file `openrefine-3.8.2/webapp/extensions/gdata/module/MOD-INF/lib/openrefine-gdata.jar`, which can be extracted. This archive then contains the file `com/google/refine/extension/gdata/GoogleAPIExtension.java`, which contains the following lines: ```java // For a production release, the second parameter (default value) can be set // for the following three properties (client_id, client_secret, and API key) to // the production values from the Google API console private static final String CLIENT_ID = System.getProperty("ext.gdata.clientid", new String(Base64.getDecoder().decode("ODk1NTU1ODQzNjMwLWhkZWwyN3NxMDM5ZjFwMmZ0aGE2M2VvcWFpY2JwamZoLmFwcHMuZ29vZ2xldXNlcmNvbnRlbnQuY29t"))); private static final String CLIENT_SECRET = System.getPro...

Lazarus Group Exploits Chrome 0-Day for Crypto with Fake NFT Game

North Korean hackers from Lazarus Group exploited a zero-day vulnerability in Google Chrome to target cryptocurrency investors with…

ABB Cylon Aspect 3.08.02 logYumLookup.php Authenticated File Disclosure

ABB Cylon Aspect version 3.08.02 suffers from an authenticated arbitrary file disclosure vulnerability. Input passed through the logFile GET parameter via the logYumLookup.php script is not properly verified before being used to download log files. This can be exploited to disclose the contents of arbitrary and sensitive files via directory traversal attacks.