Language Selection

English French German Italian Portuguese Spanish

Security Leftovers

Filed under
Security
  • Door 02: Marketing department or selection bias? - Open Source Security

    Josh and Kurt talk about cybersecurity statistics and the value of the data we have.

  • Security updates for Tuesday

    Security updates have been issued by Debian (libxstream-java, musl, mutt, pdfresurrect, vips, and zsh), Fedora (libuv, nodejs, thunderbird, and xen), openSUSE (libssh2_org, mutt, neomutt, and thunderbird), Oracle (firefox and thunderbird), Red Hat (firefox, rh-nodejs12-nodejs, rh-php73-php, and thunderbird), Scientific Linux (thunderbird), SUSE (libX11, mariadb, mutt, python-pip, python-setuptools, and python36), and Ubuntu (containerd, php-pear, and sniffit).

  • Two More X.Org Server Security Advisories Issued - Possible Privilege Escalation - Phoronix

    Trend Micro's Zero Day Initiative has uncovered two more security issues with the aging X.Org Server that as we roll into 2021 is still powering most of the Linux desktops.

    The security researchers found multiple input validation failures with the X.Org Server's XKB keyboard extension. Insufficient checks on different checks could lead to out-of-bounds memory accesses or buffer overflows.

  • X.Org server security advisory: December 1, 2020
    X.Org server security advisory: December 1, 2020
    
    
    Multiple input validation failures in X server XKB extension
    ============================================================
    
    These issues can lead to privileges elevations for authorized clients
    on systems where the X server is running privileged.
    
    * CVE-2020-14360 / ZDI CAN 11572 XkbSetMap Out-Of-Bounds Access
    
    Insufficient checks on the lengths of the XkbSetMap request can lead to
    out of bounds memory accesses in the X server.
    
    * CVE-2020-25712 / ZDI-CAN-11839 XkbSetDeviceInfo Heap-based Buffer Overflow
    
    Insufficient checks on input of the XkbSetDeviceInfo request can lead
    to a buffer overflow on the head in the X server.
    
  • xorg-server 1.20.10

    Xorg-server 1.20.10 has been released. This version fixes security issues that could lead to privilege escalation, or other problems.

More in Tux Machines

Chafa 1.6.0: Wider

Here’s another one from the terminal graphics extravaganza dept: Chafa 1.6.0 brings fullwidth character support, so in addition to the usual block elements and ASCII art, you now get some mean CJK art too. Or grab as many fonts as you can and combine all of the Unicode into one big glorious mess. Chafa can efficiently distinguish between thousands of symbols, so it also runs fast enough for animations — up to a point. Since some users want this in environments where it’s not practical to build from source or even to have nice things like GLib, I’ve started adding statically linked builds. These are pretty bare-bones (fewer image loaders, no man page), so look to your steadfast distribution first. Speaking of distributions, a big thank you to the packagers. Special thanks go to Florian Viehweger for getting in touch re. adding it to OpenBSD ports, and Mo Zhou (Debian), Michael Vetter (openSUSE), Herby Gillot (MacPorts), @chenrui and Carlo Cabrera (Homebrew) for getting 1.6 out there before I could even finish this post. Read more

ClusBerry 9500-CM4 – A Raspberry Pi CM4 cluster, industrial style

Raspberry Pi cluster boards / solutions pop-up from time to time. But so far, I think we’ve seen only one based on Raspberry Pi CM4 modules with the upcoming Turing Pi 2 mini-ITX cluster board supporting four of those. TECHBASE has now unveiled a different kind of Raspberry Pi CM4 cluster with ClusBerry 9500-CM4 integrating up to eight Raspberry Pi Computer Module 4 in a DIN-Rail housing for industrial applications. Read more

Rotary Un-Smartphone is a rotary dial phone based on Arduino, 4G LTE module

If you feel nostalgic and misses the days of the rotary dial phone, Sky’s Edge “Rotary Un-Smartphone” is an open-source hardware rotary dial phone controlled by an Arduino board and equipped with a multi-mode 4G/3G/2G module. It’s a bit more advanced that you old rotary phone with recent cellular technology, ePaper & OLED displays, quick dialing buttons, and the rotary dial can both be used to dial full phone number or quickly access your contact list. Read more Also: 42Gears SureMDM Simplifies Setting up Kiosk Mode on Linux Devices

today's howtos

  • How to kill all user sessions on Linux using shell script

    There are multiple ways to automate the system administrator task on Linux. It drastically reduces human efforts and saves reasonable time. shell script is one of the methods to automate frequent jobs. For a scenario, you want to run a weekly job or EOD job to populate some data for reporting purposes. To do so, you need to kill all ssh sessions that are currently accessing the application on the system before beginning the job.

  • How to install GSnap in Audacity on a Chromebook - VST Plugins

    Today we are looking at how to install GSnap, a free VST plugin, in Audacity on a Chromebook. Please follow the video/audio guide as a tutorial where we explain the process step by step and use the commands below. If you have any questions, please contact us via a YouTube comment and we would be happy to assist you!

  • How to Install GitLab on Debian 10 (Buster)

    GitLab is a free and opensource front-end Git repository that features a Wiki and an issue tracking feature. It allows you to host Git repositories on your own server and setup DevOps platform. In this guide, we are going to install GitLab CE (Community Edition) on Debian 10 (Buster) system.

  • Unix Tutorial - Annual Digest - 2020

    Wow, 2020 just flew by! With one lockdown after another, most of the year was spent working from home and checking local government websites for guidance around when schools and after-schools would re-open. I didn’t blog as much as I hoped but stayed sane and otherwise productive - so can’t complain much about 2020.