Arch Linux ASA-201704-6
CVE-2017-5429 CVE-2017-5430 CVE-2017-5432 CVE-2017-5433
CVE-2017-5434 CVE-2017-5435 CVE-2017-5436 CVE-2017-5437
CVE-2017-5438 CVE-2017-5439 CVE-2017-5440 CVE-2017-5441
CVE-2017-5442 CVE-2017-5443 CVE-2017-5444 CVE-2017-5445
CVE-2017-5446 CVE-2017-5447 CVE-2017-5448 CVE-2017-5449
CVE-2017-5451 CVE-2017-5453 CVE-2017-5454 CVE-2017-5455
CVE-2017-5456 CVE-2017-5458 CVE-2017-5459 CVE-2017-5460
CVE-2017-5461 CVE-2017-5464 CVE-2017-5465 CVE-2017-5466
CVE-2017-5467 CVE-2017-5468 CVE-2017-5469
Firefox versions before 53.0-1 vulnerable to multiple issues including arbitrary code execution, cross-site scripting, access restriction bypass, file system access, denial service, information disclosure, and content spoofing.
pacman -Syu firefox>=53.0-1
Ubuntu has released a similar advisory.
Arch Linux Security Advisory ASA-201704-4
CVE ID: CVE-2017-5461
The package nss (Network Security Services) before version 3.30.1-1 is vulnerable to arbitrary code
Date: April 17, 2017
CVE ID: CVE-2017-3136, CVE-2017-3137, CVE-2017-3138
Several security issues have been fixed on the bind9 Internet Domain Name Server package on affected Ubuntu versions.
Link:Ubuntu Bind Security Notice
Pegasus Spyware Found on Android Devices
A variant of the pegasus spyware is being found on some Android devices.
Link:Pegasus Spyware on Android
WordPress 4.7.4 Update
Released April 20th 2017
Link:WordPress Change Log
Ubuntu 18.04 Default Desktop
In a post on the 5th of April, Canonical and Ubuntu founder Mark Shuttleworth announced the end of investments in Unity8, the phone and convergence shell, as well as Ubuntu 18.04 to ship out with GNOME desktop by default.
Further in the post, it states, Canonical’s focus will be IoT and the cloud.
Mark Shuttleworth:Growing Ubuntu for cloud and IoT, rather than phone and convergence
Millions of Apple and Android devices, which carry the Broadcom wifi chip, are vulnerable to over the air hacking.
Described as a stack buffer overflow, the vulnerability was discovered by Google’s project zero and is said to allow the execution of remote code on the affected devices.
TheHackerNews:Smart Phones Broadcom Wifi Chip Vulnerabilities
Brickerbot Malware Kills IoT Devices
Similar to Miria, the botnet malware that targets vulnerable IoT devices, Brickerbot uses the same TELNET bruteforce attack vector.
Brickerbot targets Linux based IoT devices running the BusyBox toolkit. Once inside the operating system, the code scrambles onboard memory, flushes IP and NAT tables, sets the outbound firewall rule to drop, and for the final nail in the coffin; tries to wipe all code on the affected devices.
TheRegister:Forget Miria, Here’s Brickerbot