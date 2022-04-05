Security Patches, Linux FUD, and Apple and Microsoft as the Real Danger/Culprits
Security updates for Wednesday
Security updates have been issued by Debian (openjdk-17), Fedora (chromium and suricata), Oracle (mariadb:10.5), SUSE (amazon-ssm-agent, containerd, docker, java-11-openjdk, libcaca, libwmf, pcp, ruby2.5, rubygem-puma, webkit2gtk3, and xen), and Ubuntu (linux-raspi).
Pixel 6 finally getting a Dirty Pipe patch, one month after the Galaxy S22 [Ed: It was not an issue unless you had installed dodgy, malicious software and then updated it to get a more malicious version]
Android's May security update is out, and that means the Pixel 6 is finally getting a patch for the Dirty Pipe vulnerability. The update comes one month after Samsung shipped Google's patch to the Galaxy S22, but at least it's finally arriving.
Dirty Pipe: What you need to know about the major exploit affecting Pixel 6 and Galaxy S22 devices [Updated] [Ed: Making a huge deal out of privilege escalation while there are many remotely-exploitable zero-days in Windows and other proprietary platforms]
Recently disclosed by Max Kellermann as vulnerability CVE-2022-0847, “Dirty Pipe” is a security exploit in select recent versions of the Linux kernel. (The kernel is the core of an operating system, often acting as the go-between from applications to your actual hardware.) In short, any application that can read files on your phone/computer — a permission many Android apps ask for — can potentially mess with your files or run malicious code. On desktop/laptop versions of Linux, this has already been shown to be easily able to get admin privileges.
CISA Adds Five Known Exploited Vulnerabilities to Catalog [Ed: 40% are Apple and 40% are Microsoft, but CISA is omitting that because it does not wish to admonish proprietary stuff with NSA back doors?]
