The Bastion 安全漏洞

The Bastion is an open source authentication system from OVHcloud. A security vulnerability exists in The Bastion that stems from a script that fails to properly sign a file, potentially leading to data integrity issues...

[SECURITY] Fedora 40 Update: keyring-ima-signer-0.1.0-17.fc40

The IMA Integrity Measurement Architecture is a key component of the Linux integrity subsystem designed to ensure integrity, authenticity, and confidentiality of systems including hardware root of trusts TPM. This tool allows signing of files in userspace, inclusding options of including the...

[SECURITY] Fedora 41 Update: keyring-ima-signer-0.1.0-17.fc41

The IMA Integrity Measurement Architecture is a key component of the Linux integrity subsystem designed to ensure integrity, authenticity, and confidentiality of systems including hardware root of trusts TPM. This tool allows signing of files in userspace, inclusding options of including the...

[SECURITY] Fedora 37 Update: keyring-ima-signer-0.1.0-9.fc37

The IMA Integrity Measurement Architecture is a key component of the Linux integrity subsystem designed to ensure integrity, authenticity, and confidentiality of systems including hardware root of trusts TPM. This tool allows signing of files in userspace, inclusding options of including the...

New Threat Actor Fraudulently Buys Digital Certificates to Spread Malware

Researchers have identified a new threat actor that is using impersonation fraud to purchase digital certificates that are then used for the spread of malware. Security firm ReversingLabs identified a bad actor that deceives certificate authorities into selling them legitimate digital certificate...

Microsoft Windows - CiSetFileCache TOCTOU Incomplete Fix

Microsoft Windows - CiSetFileCache TOCTOU Incomplete Fix Windows: CiSetFileCache TOCTOU CVE-2017-11830 Incomplete Fix Platform: Windows 10 1709 including Win10S Class: Security Feature Bypass Summary: The fix for CVE-2017-11830 is insufficient to prevent a normal user application adding a cached...

Kaspersky 17.0.0 - Local CA Root Incorrectly Protected

/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=989 When Kaspersky generate a private key for the local root, they store the private key in %ProgramData%. Obviously this file cannot be shared, because it's the private key for a trusted local root certificate and users can use ...

Mandrake Linux Security Advisory : gnupg (MDKSA-2000:063-1)

A problem exists in all versions of GnuPG prior to and including 1.0.3. Because of this problem, GnuPG may report files which have been signed with multiple keys one or more of which may be incorrect to be valid even if one of the signatures is in fact valid. Update : The previous packages...