Security Leftovers
Security updates for Wednesday
Security updates have been issued by Debian (cairo, dovecot, and minidlna), Oracle (ImageMagick), Scientific Linux (ImageMagick), SUSE (clamav, dovecot23, java-1_8_0-ibm, and tomcat), and Ubuntu (linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-gke-5.4, linux-hwe-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4, linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-gke-4.15, linux-hwe, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon, linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-oracle, linux-raspi, linux, linux-aws, linux-kvm, linux-lts-xenial, linux-raspi2, linux-snapdragon, p11-kit, and wavpack).
Microsoft: SolarWinds Attackers Viewed Our Source Code [Ed: More like Microsoft PR than news]
Microsoft has revealed that the nation state group behind a recent global cyber-espionage campaign managed to view some of the firm’s source code.
Fix for key could not be looked up remotely
The HKP protocol uses 11371/tcp for communication. In order to get the signed keys from the servers (using pacman-key), this port is required for communication.
RCE 'Bug' Found and Disputed in Popular PHP Scripting Framework | Threatpost
Impacted are PHP-based websites running a vulnerable version of the web-app creation tool Zend Framework and some Laminas Project releases.
Versions of the popular developer tool Zend Framework and its successor Laminas Project can be abused by an attacker to execute remote code on PHP-based websites, if they are running web-based applications that are vulnerable to attack.
IBM/Red Hat/Fedora Leftovers
Programming Leftovers
Linux Mint 20.1 “Ulyssa” Is Now Available for Download, This Is What’s New
Linux Mint 20.1 is based on the Ubuntu 20.04.1 LTS point release in the Focal Fossa series and comes with the long-term supported Linux 5.4 kernel series. It comes as an update to the Linux Mint 20 “Ulyana” release, which is based on Ubuntu 20.04 LTS and supported until 2025. As expected, Linux Mint 20.1 includes various refinements, updated packages, as well as some new features to make your Linux Mint experience more enjoyable. But if you’re already using Linux Mint 20 and you have all the updates installed on your system, there’s no need to download the new ISO images.
