Tux Machines
Posted by Roy Schestowitz on Jan 12, 2023
=> Standard Notes might be the best note-taking app on the market | Videos: Nitrux, ArchCraft, and More
=> ↺ Security updates for Thursday
Security updates have been issued by Debian (emacs, libxstream-java, and netty), Fedora (mingw-binutils, pgadmin4, phoronix-test-suite, vim, and yarnpkg), Red Hat (.NET 6.0, dbus, expat, java-1.8.0-ibm, kernel, kernel-rt, kpatch-patch, libreoffice, libtasn1, libtiff, postgresql:10, sqlite, systemd, usbguard, and virt:rhel and virt-devel:rhel), and SUSE (net-snmp, openstack-barbican, openstack-barbican, openstack-heat-gbp, openstack-horizon-plugin-gbp-ui, openstack-neutron, openstack-neutron-gbp, php7, php74, php8, python-future, python3, samba, SDL2, and w3m).
=> ↺ Alert: Hackers Actively Exploiting Critical "Control Web Panel" RCE Vulnerability
Malicious actors are actively attempting to exploit a recently patched critical vulnerability in Control Web Panel (CWP) that enables elevated privileges and unauthenticated remote code execution (RCE) on susceptible servers.
Tracked as CVE-2022-44877 (CVSS score: 9.8), the bug impacts all versions of the software before 0.9.8.1147 and was patched by its maintainers on October 25, 2022.
=> ↺ Drupal Releases Security Update to Address Vulnerability in Private Taxonomy Terms | CISA
Drupal has released a security update to address a vulnerability affecting private vocabulary modules for Drupal 8.x. An unauthorized user could exploit this vulnerability to bypass access permissions to create, modify, and delete private vocabulary terms.
=> ↺ CISA Releases Twelve Industrial Control Systems Advisories | CISA
CISA released twelve Industrial Control Systems (ICS) advisories on January 12, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.
=> gemini.tuxmachines.org This content has been proxied by September (ba2dc).Proxy Information
text/gemini;lang=en-GB