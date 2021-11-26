Proprietary and Security Leftovers
-
Security updates for Thursday
Security updates have been issued by Debian (openjdk-11), Fedora (keepalived and tang), openSUSE (openssh, p11-kit, runc, and thunderbird), Oracle (postgresql:12, postgresql:13, and virt:ol and virt-devel:ol), Red Hat (rh-maven36-log4j12), and SUSE (ansible, chrony, logstash, elasticsearch, kafka, zookeeper, openstack-monasca-agent, openstack-monasca-persister-java, openstack-monasca-thresh, openssh, p11-kit, python-Babel, and thunderbird).
-
Microsoft Teams might have a few serious security issues [Ed: Microsoft is incapable of making software that actually works, as explained by a former insider]
Security researchers have discovered four separate vulnerabilities in Microsoft Teams that could be exploited by an attacker to spoof link previews, leak IP addresses and even access the software giant's internal services.
These discoveries were made by researchers at Positive Security who “stumbled upon” them while looking for a way to bypass the the Same-Origin Policy (SOP) in Teams and Electron according to a new blog post. For those unfamiliar, SOP is a security mechanism found in browsers that helps stop websites from attacking one another.
-
Microsoft informs customers of 'NotLegit' Azure bug
Microsoft's Security Response Center has released a blog post explaining its response to the "NotLegit" bug in Azure that was discovered by cloud security company Wiz.
Wiz said all PHP, Node, Ruby, and Python applications that were deployed using "Local Git" on a clean default application in Azure App Service since September 2017 are affected. They added that all PHP, Node, Ruby, and Python applications that were deployed in Azure App Service from September 2017 onward using any Git source -- after a file was created or modified in the application container -- were also affected.
-
4-Year-Old Bug in Azure App Service Exposed Hundreds of Source Code Repositories
A security flaw has been unearthed in Microsoft's Azure App Service that resulted in the exposure of source code of customer applications written in Java, Node, PHP, Python, and Ruby for at least four years since September 2017.
The vulnerability, codenamed "NotLegit," was reported to the tech giant by Wiz researchers on October 7, 2021, following which mitigations have been undertaken to fix the information disclosure bug in November. Microsoft said a "limited subset of customers" are at risk, adding "Customers who deployed code to App Service Linux via Local Git after files were already created in the application were the only impacted customers."
-
New Linux Patches For AMD i2c Bus Sharing With The PSP [Ed: This is, in effect, a back door in AMD processors, akin to M.E. in all Intel processors]
The newest Linux hardware support patches for the kernel revolve around i2c bus sharing support for newer SoCs where the i2c bus is being shared by AMD's Platform Security Processor (PSP). This i2c controller is based on common DesignWare IP but new kernel code is being crafted for handling that bus sharing between the kernel and the PSP co-processor.
-
Pete Zaitcev: Adventures in tech support
OVH was pestering me about migrating my VPS from its previous range to the new (and more expensive) one. I finally agreed to that. Migrated the VM to the new host, it launches with no networking. Not entirely unexpected, but it gets better.
The root cause is the DHCP server at OVH returning a lease with netmask /32. In that situation, it's not possible to add a default route, because the next hop is outside of the netmask.
Seems like a simple enough problem, so I filed a ticket in OVH support, basically saying "your DHCP server supplies incorrect netmask, please fix it."
-
- Login or register to post comments
- Printer-friendly version
- 164 reads
- PDF version
More in Tux Machines
- Highlights
- Front Page
- Latest Headlines
- Archive
- Recent comments
- All-Time Popular Stories
- Hot Topics
- New Members
Mike Gabriel: MATE 1.26 has finally landed in Debian testing
For those, you haven't realized, yet: MATE 1.26 has now been uploaded to Debian and should be available in Debian testing to all happy testers. [...] The MATE 1.26 DEB package preparations had been done while sitting in bed with my hot water bottle in the back and a pot of honeyed thyme tea next to me on the window sill. Things were getting too boring while being sick, so the monotonous wrapping up of +/- 40 desktop environment DEB packages was a welcome change then (and not too complex for reduced brain activity, either).
Sustainable creativity in a world without copyright
I don’t believe in copyright. I argue that we need to get rid of copyright, or at least dramatically reform it. The public domain has been stolen from us, and I want it back. Everyone reading this post has grown up in a creative world defined by capitalism, in which adapting and remixing works — a fundamental part of the creative process — is illegal. The commons is dead, and we suffer for it. But, this is all we’ve ever known. It can be difficult to imagine a world without copyright. When I present my arguments on the subject, the most frequent argument I hear in response is something like the following: “artists have to eat, too”. The answer to this argument is so mind-bogglingly obvious that, in the absence of understanding, it starkly illuminates just how successful capitalism has been in corrupting a broad human understanding of empathy. So, I will spell the answer out: why do we have a system which will, for any reason, deny someone access to food? How unbelievably cruel is a system which will let someone starve because they cannot be productive within the terms of capitalism? My argument is built on the more fundamental understanding that the access to fundamental human rights such as food, shelter, security, and healthcare are not contingent on their ability to be productive under the terms of capitalism. And I emphasize the “terms of capitalism” here deliberately: how much creativity is stifled because it cannot be expressed profitably? The system is not just cruel, but it also limits the potential of human expression, which is literally the only thing that creative endeavours are concerned with. The fact that the “starving artist” is such a common trope suggests to us that artists aren’t putting food on the table under the copyright regime, either. Like in many industries under capitalism, artists are often not the owners of the products of their labor. Copyright protects the rights holder, not the author. The obscene copyright rules in the United States, for example, are not doing much benefit for the artist when the term ends 70 years after their death. Modern copyright law was bought, paid for, and written by corporate copyright owners, not artists. What use is the public domain to anyone when something published today cannot be legally remixed by even our great-great-grandchildren?
Fedora and IBM/Red Hat Leftovers
End of Year Posts
Recent comments
1 min ago
19 min 57 sec ago
21 min 18 sec ago
1 hour 40 min ago
2 hours 7 min ago
7 hours 3 min ago
8 hours 33 min ago
8 hours 46 min ago
15 hours 18 min ago
22 hours 55 min ago