Language Selection

English French German Italian Portuguese Spanish

Security: Updates, YubiKey, systemd

Filed under
Security
  • Security updates for Thursday
  • A YubiKey for iOS Will Soon Free Your iPhone From Passwords

    The upshot: Yubico has received MFi certification, meaning Apple will officially support it as a hardware partner. To that end, the company will finally be able to make a YubiKey that fits into the iPhone and iPad’s proprietary Lightning port, giving those devices the seamless security that already works so well on PCs. On the opposite side, it will offer a USB-C connector for MacBooks.

  • Stack clashing systemd aka “System Down”

    Qualys yesterday has published new security issues found in systemd-journald called “System Down”, where dynamic stack allocations could be used to cause a “Stack Clash” vulnerability, and so escalate privileges of local attackers to root.

  • A set of systemd-journald exploits

    Qualys has sent out a security advisory describing three stack-overrun vulnerabilities in systemd-journald.

More on systemd and IPFire

New Linux Systemd security holes uncovered

  • New Linux Systemd security holes uncovered

    Many Linux sysadmins and users dislike Systemd, but love it or hate it, the Systemd is the default system and service manager for most Linux distributions. So, security company Qualys's recent revelation of three new Systemd security vulnerabilities isn't going to win Systemd any friends.

    How bad is this trio of trouble? With any of these a local user can gain root privileges. Worse still, Qualys reports that "To the best of our knowledge, all systemd-based Linux distributions are vulnerable."

Overstating the threat

  • High Toxicity Linux Vulnerabilities Could Cause System Down for Red Hat, Debian

    Major Linux distributions, from Red Hat to Debian, are vulnerable to three bugs in systemd, a Linux initialisation system and service manager in widespread use, California-based security company Qualys said late yesterday.

    The systemd vulnerabilities comprise CVE-2018-16864 and CVE-2018-16865, two memory corruptions (attacker-controlled alloca()s) and CVE-2018-16866, an information leak (an out-of-bounds read), Qualys said.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Release of HardenedBSD 1200058.4 and BSD Now 290

Announcing CrossOver 18.5.0 and Games for GNU/Linux

  • Announcing CrossOver 18.5.0
    CrossOver 18.5 includes the FAudio library to provide superior audio support for games. FAudio is a reimplementation of XAudio2, a low-level audio library for Windows. This improvement broadens CrossOver’s game compatibility and resolves a wide variety of audio bugs on both macOS and Linux. CrossOver 18.5 resolves several Office 2010 bugs related to activation and licensing. The first involves a change which disrupted the activation status of Office 2010 bottles upgraded from CrossOver 17.x and earlier to CrossOver 18.x. Users who experienced persistent activation requests on earlier releases of CrossOver 18 should be able to successfully activate Office 2010 on CrossOver 18.5. We have also resolved a bug which caused Office 2010 to attempt and fail configuration on every launch for some users. On Linux, CrossOver 18.5 supports the very latest release of Office 365 and resolves a sign-in bug impacting Office 365 Home users. Finally, CrossOver 18.5 includes preliminary support for OneNote 2016 on Linux.
  • CrossOver 18.5 Released - Based On Wine 4.0 While Pulling In FAudio
    CodeWeavers, the main sponsor/contributor to the Wine project, announced the release today of their commercial CrossOver 18.5 software for more easily running Windows games and applications on Linux and macOS.
  • The GOG Spring Sale is now live, tons of titles discounted with flash deals each day
    Someone please lock away my wallet, as the GOG Spring Sale is live and it's full of discounted Linux games. For this huge sale, GOG are also doing Flash Deals so every 24 hours a couple of games will get a higher than usual discount so you will need to keep going back for the best.
  • Valve show off their new Steam Library design and a new Events page
    At GDC today, Valve did their presentation and they finally showed off the new design coming for the Library page and more. For those with a growing backlog of games, the Steam Library as it is right now is so basic it's just incredibly unhelpful. Going by what they've shown off, it's actually looking a serious amount better. Firstly, it has a home page for your Steam Library, to go over some recent games and recently updated titles, as well as show a slice of your friends list. That's a pretty handy feature, especially if you have a game you play regularly enough it will probably be quicker and easier to get going the next time.
  • You can now try XCOM 2 free until March 25th, also on a big sale
    Firaxis Games have put their strategy game XCOM 2 up to play for free between now and March 25th, so if you've been on the fence this is a great opportunity. It's quite easily my absolute favourite strategy game on Linux, much more interesting than the first of the newer XCOM games (although that's still damn fun too). It does have a few niggles and some performance issues here and there but that's not down to Feral Interactive's port as it's not much different on Windows.
  • Humble Store are giving away Tacoma during their Indie Mega Week sale
    Humble Store has another free game from you to grab with Tacoma, along with their Indie Mega Week sale now live. I enjoyed my Tacoma play-through, done in a single sitting and I think it's worth grabbing and actually playing. You can see my previous thoughts here. You can grab your free copy here, which requires subbing to their newsletter.

PHP and Python Programming Leftovers

Availability of GNOME 3.32 on GNU/Linux Distros

Following my Plasma 5.15 distros list, this is a list of GNOME 3.32 distros which are available as installation LiveCD. GNOME 3.32 has been released recently at 13 March 2019 and rapidly being made available into several GNU/Linux distros for desktop, either within the ISO or in the repository. At this moment, you can download any of Ubuntu 19.04 and Fedora Rawhide (for installable LiveCD), followed by openSUSE Tumbleweed, Debian Experimental, Manjaro GNOME, and Mageia 7 (by manually upgrading from respective repositories) in order to quickly test GNOME 3.32. However, please note that this is based on today's data and can be changed rapidly over time. I wish this list helps you. Go ahead, happy downloading, happy testing! Read more