#perl

Developers need to do more than scan code and vet software components, and ops should do more than just defend the deployment pipeline.

Red Hat Security Advisory 2024-7137-03 - An update for the python39:3.9 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4 Telecommunications Update Service.

Ubuntu Security Notice 7036-1 - It was discovered that Rack was not properly parsing data when processing multipart POST requests. If a user or automated system were tricked into sending a specially crafted multipart POST request to an application using Rack, a remote attacker could possibly use this issue to cause a denial of service. It was discovered that Rack was not properly escaping untrusted data when performing logging operations, which could cause shell escaped sequences to be written to a terminal. If a user or automated system were tricked into sending a specially crafted request to an application using Rack, a remote attacker could possibly use this issue to execute arbitrary code in the machine running the application.

Developers need to do more than scan code and vet software components, and ops should do more than just defend the deployment pipeline.

Mozilla has introduced a feature called Privacy Preserving Attribution and turned it on by default, much to the chagrin of a privacy watchdog.

Ubuntu Security Notice 7009-2 - Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial of service.

Ubuntu Security Notice 7033-1 - It was discovered that some Intel Processors did not properly restrict access to the Running Average Power Limit interface. This may allow a local privileged attacker to obtain sensitive information. It was discovered that some Intel Processors did not properly implement finite state machines in hardware logic. This may allow a local privileged attacker to cause a denial of service.

Multi Branch School Management System version 3.5 suffers from a backup disclosure vulnerability.

Complete Multi Hospital Management System version 1.0 suffers from a backup disclosure vulnerability.

The RISC-V chip architecture is gaining popularity worldwide, but the fact that it is easy to modify the processor design means it is also easy to introduce hard-to-patch vulnerabilities in the chips.