Tux Machines

Security Leftovers

Posted by Roy Schestowitz on Jan 09, 2023

=> Kdenlive 22.12.1 released | Devices: Arduino, Jetson, RISC-V, and Open Firmware

Security updates for Monday [LWN.net]

=> ↺ Security updates for Monday [LWN.net]

Security updates have been issued by Fedora (python2.7), SUSE (ca-certificates-mozilla, libksba, and ovmf), and Ubuntu (linux, linux-aws, linux-aws-5.4, linux-gcp, linux-gcp-5.4, linux-gke, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4, linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-dell300x, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon, linux, linux-aws, linux-kvm, linux-lowlatency, linux-raspi, linux, linux-gcp, linux-gke, linux-gkeop, linux-hwe-5.15, linux-ibm, linux-kvm, linux-lowlatency, linux-oracle, linux-raspi,, and linux-aws).

Fixed security issue that affected tsp.opensuse.org - openSUSE admin - openSUSE Project Management Tool

=> ↺ Fixed security issue that affected tsp.opensuse.org - openSUSE admin - openSUSE Project Management Tool

We were contacted by Lukas Euler from Positive Security, to inform us that Travel Support Program (TSP), the application we use to reimburse the costs of traveling to events where you can promote or are organized by the project, had a significant security flaw that impacted our and others' production systems. We have since patched the vulnerability, contacted other organizations that also use the software, and have spent some time and wrote a script to parse logs, in order to asses the impact. Over the span of the last 2 years, the flaw has not been abused, outside of a script written by Lukas, which read contents of the production database via brute force.

Microsoft ends Windows 7 extended security updates on Tuesday

=> ↺ Microsoft ends Windows 7 extended security updates on Tuesday

=> gemini.tuxmachines.org