Tavis Ormandy discovered that under specific microarchitectural circumstances, a vector register in “Zen 2” CPUs may not be written to 0 correctly. This flaw allows an attacker to leak register contents across concurrent processes, hyper threads and virtualized guests.
Archive for July 25th, 2023
Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in bypass of sandbox restrictions, information disclosure, reduced cryptographic strength of the AES implementation, directory traversal or denial of service.
WordPress 6.3 RC2 is ready for download and testing. Reaching this part of the release cycle is a key milestone. While release candidates are considered ready for final release, additional testing and use by the community can only make it better.
Avahi could be made to crash if it received specially crafted DBus traffic.
Django could be made to consume resources if it received specially crafted network traffic.
An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
An update for edk2 is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.