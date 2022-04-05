Security Leftovers
Security updates for Thursday
Security updates have been issued by Fedora (microcode_ctl, mingw-SDL2_ttf, seamonkey, and thunderbird), Mageia (cifs-utils, gerbv, golang, libcaca, libxml2, openssl, python-pillow, python-rencode, python-twisted, python-ujson, slurm, and sqlite3), Red Hat (gzip, kernel, kpatch-patch, podman, rsync, subversion:1.10, and zlib), Scientific Linux (gzip), Slackware (curl), SUSE (clamav), and Ubuntu (curl, firefox, linux, linux-aws, linux-aws-5.13, linux-azure, linux-azure-5.13, linux-gcp, linux-gcp-5.13, linux-hwe-5.13, linux-kvm, linux-oracle, linux-raspi, linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-dell300x, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux-snapdragon, linux, linux-aws, linux-azure, linux-azure-5.4, linux-azure-fde, linux-gcp, linux-gcp-5.4, linux-gke, linux-gkeop, linux-gkeop-5.4, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4, linux, linux-aws, linux-kvm, linux-lts-xenial, and linux-oem-5.14).
Malicious rustdecimal package found in crates.io Rust repository
The developers of the Rust language warned about the identification of the rustdecimal package in the crates.io repository , which contains malicious code. The package was based on the legitimate package rust_decimal and used similarity in name ( typesquatting ) for distribution, with the expectation that the user would not notice the absence of an underscore when searching or selecting a module from a list.
Inkscape in Industrial Products [Ed: Massively overhyped. Just don't open malicious files from untrusted sources. This is universally a principle.]
Do not click web links or open unsolicited attachments in email messages.
Siemens JT2GO and Teamcenter Visualization [Ed: Microsoft Windows]
The Tiff_Loader.dll is vulnerable to infinite loop condition while parsing specially crafted TIFF files. An attacker could leverage this vulnerability to crash the application and cause a denial-of-service condition.
BPFdoor: Stealthy Linux malware bypasses firewalls for remote access [Ed: This is not a backdoor. It's something put on already-compromised machines. This is a distraction from actual backdoors and Windows.]
Today in Techrights
