Ike.ninja

New F32 selinux-policy build

– New upstream version (80.0)

Updates to the latest upstream release of Eclipse. See the upstream release notes for details: https://www.eclipse.org/eclipseide/2020-06/noteworthy/ Also contains security fixes for CVE-2019-17566 and CVE-2019-17638.

Several vulnerabilities have been found in the Apache HTTPD server. CVE-2020-1927

Multiple security issues have been found in Thunderbird which could result in the execution of arbitrary code or the unintended installation of extensions.

Multiple security issues were found in the OpenEXR image library, which could result in denial of service and potentially the execution of arbitrary code when processing malformed EXR image files.

A heap-based buffer overflow flaw was discovered in MuPDF, a lightweight PDF viewer, which may result in denial of service or the execution of arbitrary code if a malformed PDF file is opened.

* The `readUvarint` function would run infinitely given specific input. The function is now terminating if more than 10 bytes of input have been read. Fixes [issue #35](https://github.com/ulikunitz/xz/issues/35) (CVE-2020-16845). * Supports the check-ID None and fixes “Checksum None is invalid” [issue #27](https://github.com/ulikunitz/xz/issues/27).

The Netcraft Browser Extension now
offers credential leak detection for extra protection against
shopping site skimmers.

With brick-and-mortar shops around the world closed due to COVID-19, consumers turned to online businesses to fulfil their shopping needs. According to Adobe’s Digital Economy Index report, US online spending in June was $73 billion, up 76% from $42 billion last year. Even with restrictions lifted, research commissioned by Visa suggests that 74% of Britons who shopped online more often during the lockdown will continue to do so.

Now more than ever it is important to protect against JavaScript skimmers. These are snippets of malicious code which criminals upload to compromised shops. Unbeknownst to the store owner or the user, they transmit entered card details directly to the criminal. Unlike scams such as phishing, which can often be avoided by a vigilant internet user, skimmers are invisible to the human eye without a tool such as the Netcraft Extension to expose them.

Netcraft currently blocks over 6,000 shopping sites which contain skimmers, and even large companies such as British Airways, Ticketmaster and Puma have fallen prey to these attacks in the past.

When you visit a shopping site, the Netcraft extension will
evaluate all requests made by the web page. If a request is found to
be sending credentials to a different domain, the extension
will block the request to prevent your data from being stolen. A block
screen will notify you about the request and provide
information about the malicious behaviour that was detected. Only
card number leaks are currently blocked, but other types of
credentials may be enabled in future updates.

For example, if you check out using your credit card on
exampleshoppingsite.com but your card details are sent to
examplebadsite.com, the extension will block the request. This
checking is done locally and securely in your browser – no sensitive
information is sent to Netcraft.

The extension will also block pages which make requests to
malicious domains that are part of JavaScript attacks.

In addition to shopping site skimmers, the Netcraft Extension also protects against other malicious JavaScript, phishing and fake shops, including those related to coronavirus. The extension is available for Chrome, Firefox, Opera and the new Microsoft Edge based on Chromium.

If you already have the Netcraft Extension installed, your browser
will update it automatically.

Several security issues were fixed in Squid.

An update is now available for CloudForms Management Engine 5.10. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

New version 3.2.6, Security fix for CVE-2020-17498

Chrony could be made to crash or expose sensitive information.

USN-4446-1 introduced a regression in Squid.

Firefox could be made to crash or run programs as your login if it opened a malicious website.