Security Leftovers
-
Security updates for Thursday
-
WSL2 and Kali
-
Security service tracks embedded Linux vulnerabilities
Timesys has launched a Vigiles security monitoring and management platform with CVE tracking for embedded Linux available as free software or as a subscription service.
Timesys Vigiles automates the identification, tracking, and analysis of vulnerabilities by comparing embedded Linux firmware with NIST’s daily Common Vulnerabilities and Exposures (CVE) notifications. The software helps customers focus on vulnerabilities that pose the biggest threats to a customer’s specific software components, thereby “eliminating the need to manually monitor and analyze thousands of vulnerabilities,” says Timesys.
-
Vim devs fix system-pwning text editor bug [Ed: This requires obtaining and opening malicious files though]
The attack exploits a vulnerability in a Vim feature called modelines, which lets you set variables specific to a file. As long as these statements are in the first few lines, Vim interprets them as instructions. They might tell Vim to display the file with a text width of 60 characters, for example. Or maybe you want to expand tabs to spaces to avoid another geek’s ire.
-
Mail servers running Exim come under attack
Mail servers running the Exim mail transport agent are being exploited, with the attackers using a vulnerability disclosed a few days ago to run arbitrary commands as root, a security practitioner has warned.
Exim, one of the four MTAs commonly used on Unix servers, is developed by Phillip Hazel at the University of Cambridge. It is the default on some Linux distributions, like Debian.
[...]
The original post about the vulnerability was released by Qualys Research Labs on 5 June, which said it was trivially exploitable in local and non-default cases, but with the default configuration an attack would take a long time to succeed.
-
Exim email servers are now under attack [Ed: The drama queen that CBS hired (Cimpanu) says "Almost half of the internet's email servers are now being attacked with a new exploit." It sounds a lot worse when in fact many are patched and the "half" refers to number of installs, not attacks. Misreporting. FUD. ZDNet is not a news site but a tech tabloid. It should be regarded as such.]
- Login or register to post comments
- Printer-friendly version
- 1820 reads
- PDF version
More in Tux Machines
- Highlights
- Front Page
- Latest Headlines
- Archive
- Recent comments
- All-Time Popular Stories
- Hot Topics
- New Members
digiKam 7.7.0 is releasedAfter three months of active maintenance and another bug triage, the digiKam team is proud to present version 7.7.0 of its open source digital photo manager. See below the list of most important features coming with this release. |
Dilution and Misuse of the "Linux" Brand
|
Samsung, Red Hat to Work on Linux Drivers for Future TechThe metaverse is expected to uproot system design as we know it, and Samsung is one of many hardware vendors re-imagining data center infrastructure in preparation for a parallel 3D world. Samsung is working on new memory technologies that provide faster bandwidth inside hardware for data to travel between CPUs, storage and other computing resources. The company also announced it was partnering with Red Hat to ensure these technologies have Linux compatibility. |
today's howtos
|
Recent comments
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago