| jeffv via plug on 22 Sep 2022 06:26:29 -0700 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| [PLUG] Python bug, NGINX, CA trust |
Unpatched 15-year old Python bug allows code execution in 350k projects https://www.bleepingcomputer.com/news/security/unpatched-15-year-old-python-bug-allows-code-execution-in-350k-projects/The vulnerability is in the Python tarfile package, in code that uses un-sanitized tarfile.extract() function or the built-in defaults of tarfile.extractall(). It is a path traversal bug that enables an attacker to overwrite arbitrary files.
How to configure your CA trust list in Linux https://www.redhat.com/sysadmin/configure-ca-trust-list How to Limit the HTTP Bandwidth in NGINX https://trendoceans.com/limit-http-bandwidth-in-nginx/ SIM Swapper Abducted, Beaten, Held for $200k Ransom https://krebsonsecurity.com/2022/09/sim-swapper-abducted-beaten-held-for-200k-ransom/ I think we're nearing a malware solution.... Kia, Hyundai sued after viral TikTok causes rise in thefts https://techcrunch.com/2022/09/21/kia-hyundai-sued-after-viral-tiktok-causes-rise-in-thefts/ [groan] ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug