Tux Machines

Security Bugs and Patches

Posted by Roy Schestowitz on Oct 10, 2022

Programming Leftovers

Nitrux 2.4.1 overview

Security updates for Monday

↺ Security updates for Monday

> Security updates have been issued by Debian (knot-resolver and libpgjava), Fedora (booth, dotnet3.1, expat, nheko, php-twig, php-twig2, php-twig3, poppler, python-joblib, and seamonkey), Mageia (colord, dbus, enlightenment, kitty, libvncserver, php, python3, and unbound), Slackware (libksba), SUSE (cyrus-sasl, ImageMagick, and xmlgraphics-commons), and Ubuntu (nginx and thunderbird).

Critical vm2 sandbox escape flaw uncovered, patch ASAP! (CVE-2022-36067) [Ed: It would be better to just avoid JavaScript]

↺ Critical vm2 sandbox escape flaw uncovered, patch ASAP! (CVE-2022-36067)

> Oxeye researchers discovered a severe vm2 vulnerability (CVE-2022-36067) that has received the maximum CVSS score of 10.0. Called SandBreak, this new vulnerability requires R&D leaders, AppSec engineers, and security professionals to ensure they immediately patch the vm2 sandbox if they use it in their applications.

Zimbra remote code execution vulnerability actively exploited in the wild

↺ Zimbra remote code execution vulnerability actively exploited in the wild

Unpatched Zimbra RCE bug exploited by attackers (CVE-2022-41352) [Ed: Way to distract from Exchange getting cracked by the thousands or millions (of accounts) due to Microsoft letting bug doors just stay there for ages]

↺ Unpatched Zimbra RCE bug exploited by attackers (CVE-2022-41352)

gemini.tuxmachines.org