Language Selection

English French German Italian Portuguese Spanish

Security Leftovers

Filed under
Security
  • Security updates for Thursday
  • WSL2 and Kali
  • Security service tracks embedded Linux vulnerabilities

    Timesys has launched a Vigiles security monitoring and management platform with CVE tracking for embedded Linux available as free software or as a subscription service.

    Timesys Vigiles automates the identification, tracking, and analysis of vulnerabilities by comparing embedded Linux firmware with NIST’s daily Common Vulnerabilities and Exposures (CVE) notifications. The software helps customers focus on vulnerabilities that pose the biggest threats to a customer’s specific software components, thereby “eliminating the need to manually monitor and analyze thousands of vulnerabilities,” says Timesys.

  • Vim devs fix system-pwning text editor bug [Ed: This requires obtaining and opening malicious files though]

    The attack exploits a vulnerability in a Vim feature called modelines, which lets you set variables specific to a file. As long as these statements are in the first few lines, Vim interprets them as instructions. They might tell Vim to display the file with a text width of 60 characters, for example. Or maybe you want to expand tabs to spaces to avoid another geek’s ire.

  • Mail servers running Exim come under attack

    Mail servers running the Exim mail transport agent are being exploited, with the attackers using a vulnerability disclosed a few days ago to run arbitrary commands as root, a security practitioner has warned.

    Exim, one of the four MTAs commonly used on Unix servers, is developed by Phillip Hazel at the University of Cambridge. It is the default on some Linux distributions, like Debian.

    [...]

    The original post about the vulnerability was released by Qualys Research Labs on 5 June, which said it was trivially exploitable in local and non-default cases, but with the default configuration an attack would take a long time to succeed.

  • Exim email servers are now under attack [Ed: The drama queen that CBS hired (Cimpanu) says "Almost half of the internet's email servers are now being attacked with a new exploit." It sounds a lot worse when in fact many are patched and the "half" refers to number of installs, not attacks. Misreporting. FUD. ZDNet is not a news site but a tech tabloid. It should be regarded as such.]

More in Tux Machines

today's howtos

HAT offers hardware watchdog for Raspberry Pi

On Kickstarter: Sequent Microsystems has launched a $15 “Hardware Watchdog HAT & Power Manager for Raspberry Pi” for protecting against software lock-ups. Hardware-based watchdog timers are usually standard equipment on industrial computers, but are rarely seen on Linux hacker boards. Sequent Microsystems, which has previously launched Raspberry Pi add-ons such as the MegaIO-IND home automation board, has now successfully launched a Hardware Watchdog HAT & Power Manager for Raspberry Pi. The HAT is available on Kickstarter through Oct. 17 for $15 for Jan. 2020 delivery or $20 for Nov. 2019 delivery. Read more

KDE Plasma 5.17 Desktop Environment Enters Beta, Final Release Lands October 15

KDE Plasma 5.17 promises some really cool new features and enhancements, among which we can mention multi-screen and HiDPI improvements, fractional scaling on Wayland, support for managing and configuring Thunderbolt hardware in System Settings, Night Color support on X11, and much-improved notifications with automatic Do Not Disturb mode for presentations. Several of the pages in System Settings got redesigned to help you configure your KDE Plasma system easier, the Breeze GTK theme now offers users a better appearance for the Chromium and Google Chrome web browsers and supports system color schemes for GTK and GNOME apps, System Monitor now shows NVidia GPU stats, and Plasma Discover package manager now shows icons for Snap apps. Read more

Best Linux distros of 2019: for beginners and advanced users

Linux is traditionally associated as being an operating system for coders and programmers, but over the years there have been real attempts to make Linux more attractive to general consumers. This is not least due to general consumer dissatisfaction with Windows security issues or even Apple's walled garden. However, Linux comes in many different forms, known as 'flavors' or 'distros'. This is simply because Linux is so incredibly configurable that different forms tend to be developed for different userbase needs or interests. Read more