Tux Machines

Security Leftovers

Posted by Roy Schestowitz on May 10, 2023

WebKitGTK Arbitrary Code Execution, Info Disclosure Bugs Fixed - Update Now

Several high-severity vulnerabilities have been found in the WebKitGTK web engine, including a use after free issue that may have been actively exploited (CVE-2023-28205).

These bugs could result in the exposure of sensitive information and the execution of arbitrary code.

Chromium 111.0.5563.147 compiled in OE

Compiled Chromium in OpenEmbedded, bumping from 111.0.5563.64. Did an rsync with the EasyOS package repository, uploaded these:

I posted recently about the need to recompile 'p11-kit' (fix for flatpaks): [...]

‘Don’t Copy That Floppy’: The Untold History of Apple II Software Piracy

A computer historian tells the story of one of the earliest copy protection battles of the personal computer era.

PHP Vuln Threatens Confidentiality of Impacted Systems

It was recently discovered that PHP could be made to bypass password checking if a specially crafted input was provided (CVE-2023-0567).

This flaw could possibly allow applications to accept any password as valid, contrary to expectations, potentially leading to the compromise of critical systems and sensitive information.

How to hack a smart fridge [Ed: Nobody needs a fridge that connected to WiFi]

Do you know how many internet-connected devices there are inside your home? I certainly don’t.