News

Digital resurrections of deceased individuals are emerging as the next commercial frontier in AI, with the digital afterlife industry projected to reach $80 billion within a decade. Companies developing these AI avatars are exploring revenue models ranging from interstitial advertising during conversations to data collection about users' preferences. StoryFile CEO Alex Quinn confirmed his company is exploring methods to monetize interactions between users and deceased relatives' digital replicas, including probing for consumer information during conversations. The technology has already demonstrated persuasive capabilities in legal proceedings, where an AI recreation of road rage victim Chris Pelkey delivered testimony that contributed to a maximum sentence. Current implementations operate through subscription models, though no federal regulations govern commercial applications of posthumous AI representations despite state-level protections for deceased individuals' likeness rights.

Read more of this story at Slashdot.

A security issues was discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.

https://security-tracker.debian.org/tracker/DSA-5988-1

Multiple security issues were discovered in Unbound, a validating, recursive, caching DNS resolver, which may result in denial of service or cache poisoning via the "rebirthday attack".

https://security-tracker.debian.org/tracker/DSA-5987-1

Nikita Skorovoda discovered that Node cipher-base, an abstract base class for crypto-streams, performed incomplete type checks.

https://security-tracker.debian.org/tracker/DSA-5986-1

Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/streams are processed.

https://security-tracker.debian.org/tracker/DSA-5985-1

Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code.

https://security-tracker.debian.org/tracker/DSA-5984-1

This update removes the usage of the C (Credential) flag for the binfmt_misc registration within the qemu-user package, as it allowed for privilege escalation when running a suid/sgid binary under qemu-user. This means suid/sgid foreign-architecture binaries are not running with elevated privileges under qemu-user anymore. If you relied on this behavior of qemu-user in the past (running suid/sgid foreign-arch binaries), this will require changes to your deployment.

In Bookworm the affected packages are qemu-user-static (and qemu-user-binfmt) instead of qemu-user.

Additionally, two security issues were fixed the in SR-IOV support of QEMU system emulation.

https://security-tracker.debian.org/tracker/DSA-5983-1