| 3:00p |
Security updates for Tuesday
Security updates have been issued by Debian (klibc and libjdom2-java), Mageia (bash, glibc, gnutls, java-openjdk, kernel, kernel-linus, leptonica, libgcrypt, openjpeg2, tor, and trousers), openSUSE (bouncycastle, chromium, go1.16, and kernel), Oracle (docker-engine docker-cli and qemu), Red Hat (kpatch-patch), and SUSE (arpwatch, go1.16, kernel, libsolv, microcode_ctl, and python-urllib3, python-requests). |
| 11:43p |
[$] An unpleasant surprise for My Book Live owners
Embedded devices need regular software updates in order to even be
minimally safe on today's internet. Products that have reached their "end
of life", thus are no longer being updated, are essentially ticking time
bombs—it is only a matter of time before they are vulnerable to
attack. That situation played out in June for owners of Western
Digital (WD) My Book Live network-attached storage (NAS) devices; what was
meant to be a disk for home users
accessible via the internet turned into a black hole when a remote
command-execution flaw was used to delete all of the data stored there. Or
so it seemed at first. |