Language Selection

English French German Italian Portuguese Spanish

Security Leftovers

Filed under
Security
  • Security updates for Thursday
  • WSL2 and Kali
  • Security service tracks embedded Linux vulnerabilities

    Timesys has launched a Vigiles security monitoring and management platform with CVE tracking for embedded Linux available as free software or as a subscription service.

    Timesys Vigiles automates the identification, tracking, and analysis of vulnerabilities by comparing embedded Linux firmware with NIST’s daily Common Vulnerabilities and Exposures (CVE) notifications. The software helps customers focus on vulnerabilities that pose the biggest threats to a customer’s specific software components, thereby “eliminating the need to manually monitor and analyze thousands of vulnerabilities,” says Timesys.

  • Vim devs fix system-pwning text editor bug [Ed: This requires obtaining and opening malicious files though]

    The attack exploits a vulnerability in a Vim feature called modelines, which lets you set variables specific to a file. As long as these statements are in the first few lines, Vim interprets them as instructions. They might tell Vim to display the file with a text width of 60 characters, for example. Or maybe you want to expand tabs to spaces to avoid another geek’s ire.

  • Mail servers running Exim come under attack

    Mail servers running the Exim mail transport agent are being exploited, with the attackers using a vulnerability disclosed a few days ago to run arbitrary commands as root, a security practitioner has warned.

    Exim, one of the four MTAs commonly used on Unix servers, is developed by Phillip Hazel at the University of Cambridge. It is the default on some Linux distributions, like Debian.

    [...]

    The original post about the vulnerability was released by Qualys Research Labs on 5 June, which said it was trivially exploitable in local and non-default cases, but with the default configuration an attack would take a long time to succeed.

  • Exim email servers are now under attack [Ed: The drama queen that CBS hired (Cimpanu) says "Almost half of the internet's email servers are now being attacked with a new exploit." It sounds a lot worse when in fact many are patched and the "half" refers to number of installs, not attacks. Misreporting. FUD. ZDNet is not a news site but a tech tabloid. It should be regarded as such.]

More in Tux Machines

Type Title Author Replies Last Postsort icon
Story today's leftovers Roy Schestowitz 22/08/2019 - 1:46pm
Story Android Leftovers Rianne Schestowitz 22/08/2019 - 1:06pm
Story GNOME 3.33.91 released Roy Schestowitz 1 22/08/2019 - 1:00pm
Story Linux Foundation Initiatives for or With Involvement of IBM and Intel Roy Schestowitz 2 22/08/2019 - 12:53pm
Story Games: MMO Path of Titans, Steam Play Milestone, Rocket Pass, Stay Safe: Labyrinth, OBS Studio Roy Schestowitz 1 22/08/2019 - 12:51pm
Story Intel SoC, Mesa Driver, and Quad Core Cortex-A35 Roy Schestowitz 22/08/2019 - 12:42pm
Story Red Hat/Fedora: Flock’19 Budapest, Cockpit 201 and Systemd 243 RC2 Roy Schestowitz 22/08/2019 - 12:35pm
Story Announcing Qt for MCUs Roy Schestowitz 22/08/2019 - 12:21pm
Story Games: Rogue State Revolution, No Man's Sky, Two Point Hospital: Close Encounters Roy Schestowitz 22/08/2019 - 12:16pm
Story Introducing the XPS 13 developer edition, 9th generation Rianne Schestowitz 7 22/08/2019 - 12:10pm