ProHoster > Articles by: ProHoster

Author: ProHoster

Malicious change made to NPM package node-ipc that deletes files on systems in Russia and Belarus

Submitted by

A malicious change was detected in the node-ipc NPM package (CVE-2022-23812), with a 25% probability that the contents of all files that have write access are replaced with the “❤️” character. The malicious code is activated only when launched on systems with IP addresses from Russia or Belarus. The node-ipc package has about a million downloads per week and is used as a dependency on 354 packages, including vue-cli. […]

Results of the legal proceedings related to the Neo4j project and the AGPL license

Submitted by

The US Court of Appeals upheld the district court's earlier decision in a case against PureThink related to Neo4j Inc.'s intellectual property infringement. The lawsuit concerns violation of the Neo4j trademark and the use of false statements in advertising during the distribution of the Neo4j DBMS fork. Initially, the Neo4j DBMS developed as an open project, supplied under the AGPLv3 license. Over time, the product […]

gcobol, a COBOL compiler based on GCC technologies, introduced

Submitted by

The GCC compiler suite developer mailing list features the gcobol project, which aims to create a free compiler for the COBOL programming language. In its current form, gcobol is being developed as a fork of GCC, but after completion of development and stabilization of the project, changes are planned to be proposed for inclusion in the main structure of GCC. The project code is distributed under the GPLv3 license. As a reason for creating a new project [...]

Release of OpenVPN 2.5.6 and 2.4.12 with security fixes

Submitted by

Corrective releases of OpenVPN 2.5.6 and 2.4.12 have been prepared, a package for creating virtual private networks that allows you to organize an encrypted connection between two client machines or provide a centralized VPN server for the simultaneous operation of several clients. The OpenVPN code is distributed under the GPLv2 license, ready-made binary packages are generated for Debian, Ubuntu, CentOS, RHEL and Windows. New versions eliminate a vulnerability that could potentially […]

Remote DoS vulnerability in the Linux kernel exploited by sending ICMPv6 packets

Submitted by

A vulnerability has been identified in the Linux kernel (CVE-2022-0742) that allows you to exhaust available memory and remotely cause a denial of service by sending specially crafted icmp6 packets. The issue is related to a memory leak that occurs when processing ICMPv6 messages with types 130 or 131. The issue has been present since kernel 5.13 and was fixed in releases 5.16.13 and 5.15.27. The problem did not affect the stable branches of Debian, SUSE, […]

Go programming language 1.18 release

Submitted by

The release of the programming language Go 1.18 is presented, which is being developed by Google with the participation of the community as a hybrid solution that combines the high performance of compiled languages ​​with such advantages of scripting languages ​​as ease of writing code, speed of development, and error protection. The project code is distributed under the BSD license. The syntax of Go is based on the familiar elements of the C language with some borrowings from […]

Vulnerability in OpenSSL and LibreSSL leading to a loop when processing invalid certificates

Submitted by

Maintenance releases of the OpenSSL cryptographic library 3.0.2 and 1.1.1n are available. The update fixes a vulnerability (CVE-2022-0778) that can be used to cause denial of service (infinite looping of the handler). To exploit the vulnerability, it is enough to process a specially designed certificate. The problem occurs in both server and client applications that can process user-supplied certificates. The problem is caused by a bug in the […]

Chrome update 99.0.4844.74 fixes critical vulnerability

Submitted by

Google has released Chrome updates 99.0.4844.74 and 98.0.4758.132 (Extended Stable), which fix 11 vulnerabilities, including a critical vulnerability (CVE-2022-0971), which allows you to bypass all levels of browser protection and execute code on the system outside the sandbox -environment. Details have not yet been disclosed, it is only known that the critical vulnerability is associated with accessing already freed memory (use-after-free) in the browser engine […]

Debian's maintainer leaves Debian, disagreeing with new community behavior

Submitted by

The Debian project account management team has terminated Norbert Preining's status for inappropriate behavior on the debian-private mailing list. In response, Norbert decided to stop participating in Debian development and move to the Arch Linux community. Norbert has been involved in Debian development since 2005 and has maintained approximately 150 packages, mostly […]

Red Hat tried to take away the WeMakeFedora.org domain under the guise of trademark infringement

Submitted by

Red Hat has launched a lawsuit against Daniel Pocock for violating the Fedora trademark in the WeMakeFedora.org domain name, which published criticism of Fedora and Red Hat project participants. Representatives of Red Hat demanded that the rights to the domain be transferred to the company, since it violates the registered trademark, but the court sided with the defendant […]

Updating the rating of libraries requiring special security checks

Submitted by

The OpenSSF (Open Source Security Foundation), formed by the Linux Foundation and aimed at improving the security of open source software, has published a new edition of the Census II study, aimed at identifying open source projects that need priority security audits. The study focuses on the analysis of shared open source code that is implicitly used in various enterprise projects in the form of dependencies downloaded from external repositories. IN […]

Initial SMP support implemented for ReactOS

Submitted by

The developers of the ReactOS operating system, aimed at ensuring compatibility with Microsoft Windows programs and drivers, announced the readiness of an initial set of patches for loading the project on multiprocessor systems with SMP mode enabled. Changes to support SMP are not yet included in the main ReactOS codebase and require further work, but the fact that it is possible to boot with SMP mode enabled is noted […]

« back to top 439 440 441 442 443 444 445 446 447 448 In the end "