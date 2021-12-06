Security Leftovers
Security updates for Monday [LWN.net]
Security updates have been issued by Debian (asterisk, qemu, and zlib), Fedora (389-ds-base, ghc-cmark-gfm, ghc-hakyll, gitit, libkiwix, openssl, pandoc, pandoc-citeproc, patat, phoronix-test-suite, seamonkey, and skopeo), Mageia (libtiff, openjpeg2, and php-smarty), openSUSE (python), Oracle (httpd), Red Hat (httpd), and SUSE (libreoffice, python, and python36).
Security advisory: Recently reported Chromium "Type confusion" issue impacts Qt WebEngine
Google has recently reported that Chromium has a security issue - Type confusion in the V8 JavaScript engine - which is reported in a bit more detail here: https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_25.html. This has been assigned the CVE id CVE-2022-1096.
Enterprise Linux Security Episode 24 - The Latest on Lapsus$ - Invidious
The situation surrounding Lapsus$ is becoming more and more interesting, and in this episode of Enterprise Linux Security Jay and Joao discuss the latest developments regarding the group that has caused quite a ruckus recently.
Wyze Camera Vulnerability - Schneier on Security
Wyze ignored a vulnerability in its home security cameras for three years. Bitdefender, who discovered the vulnerability, let the company get away with it.
I’m done with Wyze
I just threw my Wyze home security cameras in the trash. I’m done with this company.
I just learned that for the past three years, Wyze has been fully aware of a vulnerability in its home security cameras that could have theoretically let hackers access your video feeds over the internet — but chose to sweep it under the rug. And the security firm that found the vulnerability largely let them do it.
IBM/Red Hat/Fedora
Android Leftovers
Collision: An Open-Source App to Check if Your Files Were Tampered With
Someone sends you a file, how do you verify that it’s the original one meant for you? How can you be certain that it hasn’t been tampered with? Moreover, how can you verify that the file comes from an original source? That’s where cryptographic hash functions come in. A hash function (such as SHA-1) is a checksum if it is used to verify a file. This helps you confirm whether the file has been modified or not.
Claws Mail 4.1.0 released
Version 4.1.0 of the Claws Mail email client is out. New features include text zooming in the message view, improvements to a number of preferences, a "keyword warner" plugin to give a warning before sending a message containing any (user-defined) keywords, and more. Claws Mail is a GTK+ based, user-friendly, lightweight, and fast email client.
