Language Selection

English French German Italian Portuguese Spanish

Security Leftovers

Filed under
Security
  • A local root kernel vulnerability

    Commit 8cae8cd89f05 went into the mainline kernel repository on July 19; it puts a limit on the size of buffers allocated in the seq_file mechanism and mentions "int overflow pitfalls".

  • [oss-security] CVE-2021-33909: size_t-to-int vulnerability in Linux's filesystem layer
  • Security updates for Tuesday

    Security updates have been issued by Debian (kernel, libjdom1-java, rabbitmq-server, and systemd), Fedora (glibc), Gentoo (libpano13, libslirp, mpv, pjproject, pycharm-community, and rpm), Mageia (glibc, libuv, mbedtls, rvxt-unicode, mxrvt, eterm, tomcat, and zziplib), openSUSE (dbus-1, firefox, go1.15, lasso, nodejs10, nodejs12, nodejs14, and sqlite3), SUSE (go1.15), and Ubuntu (containerd).

  • Netgate® Releases TNSR® High Performance Router Version 21.07

    During this development period, Netgate also began the effort to move the underlying OS base from CentOS to Ubuntu, in response to the recently announced shift from CentOS Linux to CentOS Stream. The company expects to have TNSR on Ubuntu commercially ready for users in November.

Nasty Linux systemd security bug revealed

  • Nasty Linux systemd security bug revealed

    Qualsys has found an ugly Linux systemd security hole that can enable any unprivileged user to crash a Linux system. The patch is available, and you should deploy it as soon as possible.

SystemD

Conflating "Linux" with systemd

Dan Goodin

  • Two-for-Tuesday vulnerabilities send Windows and Linux users scrambling [Ed: Dan Goodin interjecting extra drama, comparing an OS with back doors to this systemd bug]

    The world woke up on Tuesday to two new vulnerabilities—one in Windows and the other in Linux—that allow hackers with a toehold in a vulnerable system to bypass OS security restrictions and access sensitive resources.

More hysteria

  • Patch now: Linux file system security hole, dubbed Sequoia, can take over systems

    Some days, it doesn't rain, it pours. That's the case with Linux today. Not one, but two serious security holes have recently been exposed. First, there was a systemd bug which could easily knock out systems. Now there's this security hole in the Linux kernel's file system, which any user could use to take over a computer. Like I said, some days it just pours.

  • New Windows and Linux Flaws Give Attackers Highest System Privileges

    Microsoft's Windows 10 and the upcoming Windows 11 versions have been found vulnerable to a new local privilege escalation vulnerability that permits users with low-level permissions access Windows system files, in turn, enabling them to unmask the operating system installation password and even decrypt private keys.

Root kernel vulnerability threatens many Linux distributions

The Terrible Tuesday For Both Linux And Windows Sysadmins

  • The Terrible Tuesday For Both Linux And Windows Sysadmins

    There are a pair of newly discovered vulnerabilities to add to the nightmares of sysadmins everywhere, both those running Windows and Linux infrastructures. In one case it is an issue with the security of system passwords while the other is an odd way to gain escalated privileges and sadly both are still currently exploitable.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Software: Matrix, Ktube, and Monero P2Pool

  • Chat Bubbles on Element and Several Matrix Apps

    This simple comparison wants to help everyone adopt alternative messaging technology, Matrix, with suitable user interface to them. We call Matrix Apps to instant messengers like Element, Fluffy, Nheko, Schildi and Spectral as they are created based upon the said technology. We will start by setting up criteria first that includes chat bubbles, then going through these messengers one by one, and you will see their pictures here along with a little comments from me. I hope you can pick up the messenger with UI you love the most from here.

  • Ktube Media Downloader lets you download YouTube videos easily on Linux

    I always like to tell people about how I have been using Linux as my primary operating system for over ten years. I love Linux, I understand it, it’s free and above all, it fits my workflow in a way Microsoft’s Windows (with all its goodness) probably never will. That also means I love and am a command-line ninja but I also know one thing, a lot of people out there fear and hate the command line.

  • Monero P2Pool V1.0 Is Released

    The latest version of P2Pool, a decentralized Monero mining pool has released. This is the first official release, signaling an invitation for more users to try out the new software.

Better Support & Performance For OpenACC Kernels Is Coming To GCC

While the GNU Compiler Collection has supported OpenACC for a few years now as this parallel programming standard popular with GPUs/accelerators, the current implementation has been found to be inadequate for many real-world HPC workloads leveraging OpenACC. Fortunately, Siemens has been working to improve GCC's OpenACC kernels support. GCC's existing OpenACC kernels construct has been found to be "unable to cope with many language constructs found in real HPC codes which generally leads to very bad performance." Fortunately, improvements are on the way and could potentially be mainlined in time for next year's GCC 12 stable release. Read more

Security Leftovers

  • Database containing 106m Thailand travelers' details leaked • The Register

    A database containing personal information on 106 million international travelers to Thailand was exposed to the public internet this year, a Brit biz claimed this week. Bob Diachenko, head of cybersecurity research at product-comparison website Comparitech, said the Elasticsearch data store contained visitors' full names, passport numbers, arrival dates, visa types, residency status, and more. It was indexed by search engine Censys on August 20, and spotted by Diachenko two days later. There were no credentials in the database, which is said to have held records dating back a decade. “There are many people who would prefer their travel history and residency status not be publicized, so for them there are obvious privacy issues,” wrote Comparitech editor Paul Bischoff on the company’s blog.

  • Break out your emergency change process and patch this ransomware-friendly bug ASAP, says VMware

    VMware has disclosed a critical bug in its flagship vSphere and vCenter products and urged users to drop everything and patch it. The virtualization giant also offered a workaround.

  • Reproducible Builds (diffoscope): diffoscope 185 released

    The diffoscope maintainers are pleased to announce the release of diffoscope version 185. This version includes the following changes:

    [ Mattia Rizzolo ]
    * Fix the autopkgtest in order to fix testing migration: the androguard
      Python module is not in the python3-androguard Debian package
    * Ignore a warning in the tests from the h5py package that doesn't concern
      diffoscope.
    
    [ Chris Lamb ]
    * Bump Standards-Version to 4.6.0.
    

GNOME 41 Released. This is What's New.

GNOME team announced the release of GNOME 41 with some exceptional changes and updates. We wrap up the release in this post. Read more