Language Selection

English French German Italian Portuguese Spanish

Security: Systemd and X.Org

Filed under
Security
  • Systemd is bad parsing and should feel bad

     

    Systemd has a remotely exploitable bug in its DHCPv6 client. That means anybody on the local network can send you a packet and take control of your computer. The flaw is a typical buffer-overflow. Several news stories have pointed out that this client was rewritten from scratch, as if that were the moral failing, instead of reusing existing code. That's not the problem.
     

    The problem is that it was rewritten from scratch without taking advantage of the lessons of the past. It makes the same mistakes all over again.

  • Linux systems vulnerable to privilege escalation and file overwrite exploit in X.Org server

    An "incorrect command-line parameter validation" vulnerability in X.Org server makes it possible to escalate privileges as well as overwrite files. The problem affects Linux and BSD distributions using the open source X Window System implementation.

    The vulnerability has been present for a couple of years, but has been brought to light by security researcher Narendra Shinde. Unpatched system can be exploited by non-root users if X server is running with elevated privileges.

More in Tux Machines

today's howtos

Shows: mintCast 307 and LINUX Unplugged 298

  • mintCast 307 – Encryption Part 1
    This is Leo and with me I have Joe, Moss, and the return of Rob for this episode! We’re recording on Sunday April 21st 2019. First up, in our Wanderings, I talk Kernel 5.0 and transfer speed, Joe reformats and loses Windows but gains NVidia peace of mind, and finally Moss digests more distros and has some success with migrating Kodi Then, our news is filled with updates from top to bottom. In our Innards section, we dive into file and disk encryption.
  • Blame Joe | LINUX Unplugged 298
    This week we discover the good word of Xfce and admit Joe was right all along. And share our tips for making Xfce more modern. Plus a new Debian leader, the end of Scientific Linux, and behind the scenes of Librem 5 apps.

Android Leftovers

Today in Techrights