-
According to [this thread](https://lists.mindrot.org/pipermail/openssh-unix-dev/2014-November/033177.html), compression can be vulnerable to CRIME/BREACH attacks (if the encrypted data carries public …
lpirl updated
5 years ago
-
Much of the security of an implementation of a spec will revolve around rejecting badly formed models, and rejecting changes to tensors that might result in out of bounds accesses.
A suite of failu…
-
Recent versions of D-Bus adds the `--disable-traditional-activation` configure flag: https://gitlab.freedesktop.org/dbus/dbus/-/merge_requests/107.
This seems to allow hardening of D-Bus systemd un…
-
For the following Fedora 40 change, we should take a look at all our systemd units and make sure they are as hardened as possible: https://fedoraproject.org/wiki/Changes/SystemdSecurityHardening
Li…
-
While updating the BBS+ benchmark I'm encountering some issues that need hardening, will list them here:
- [ ] disclosure indexes should not contain duplicate numbers
- [ ] disclosure indexes should…
-
Now that the Arkenfox user.js is used, wouldn't it be more beneficial to use default Firefox, or is there a reason for sticking with Librewolf? As far as I know, Firefox with the user.js should have a…
-
I created some very preliminary and basic Debian packaging for Open
Dylan. This packaging can be found at https://bitbucket.org/faheem/opendylan-debian.
Unfortunately, the build using this Debian pac…
-
Certain linux distributions, like Fedora, require that all the native code in the distribution gets built with some distribution-standard compiler options.
Debian has [a Release goal for supporting…
-
## Description
Having enabled a few hardening options in sysctl i now find not few chromium related application to crash, among which also Brave Browser 94.1.30.86
## Steps to Reproduce
1…
-
G'day Harry,
Again thx for writing this role. There is an issue with RHEL8.2: I have a work-around in my Ansible playbook, but thought you should know...
TASK [Ansible-RHEL8-CIS-Benchmarks : 2.2…