Language Selection

English French German Italian Portuguese Spanish

Security Leftovers

Filed under
Security
  • Security updates for Wednesday

    Security updates have been issued by Debian (cairo, dovecot, and minidlna), Oracle (ImageMagick), Scientific Linux (ImageMagick), SUSE (clamav, dovecot23, java-1_8_0-ibm, and tomcat), and Ubuntu (linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-gke-5.4, linux-hwe-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4, linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-gke-4.15, linux-hwe, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon, linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-oracle, linux-raspi, linux, linux-aws, linux-kvm, linux-lts-xenial, linux-raspi2, linux-snapdragon, p11-kit, and wavpack).

  • Microsoft: SolarWinds Attackers Viewed Our Source Code [Ed: More like Microsoft PR than news]

    Microsoft has revealed that the nation state group behind a recent global cyber-espionage campaign managed to view some of the firm’s source code.

  • Fix for key could not be looked up remotely

    The HKP protocol uses 11371/tcp for communication. In order to get the signed keys from the servers (using pacman-key), this port is required for communication.

  • RCE 'Bug' Found and Disputed in Popular PHP Scripting Framework | Threatpost

    Impacted are PHP-based websites running a vulnerable version of the web-app creation tool Zend Framework and some Laminas Project releases.

    Versions of the popular developer tool Zend Framework and its successor Laminas Project can be abused by an attacker to execute remote code on PHP-based websites, if they are running web-based applications that are vulnerable to attack.