Language Selection

English French German Italian Portuguese Spanish

Critical Linux vulnerability imperils users, even after “silent” fix

Filed under
Linux
Security

For years, the Linux operating system has contained a high-severity vulnerability that gives untrusted users with restricted accounts nearly unfettered "root" access over machines, including servers running in shared Web hosting facilities and other sensitive environments. Surprisingly, most users remain wide open even now, more than a month after maintainers of the open-source OS quietly released an update that patched the gaping hole.

The severity of the bug, which resides in the Linux kernel's "perf," or performance counters subsystem, didn't become clear until Tuesday, when attack code exploiting the vulnerability became publicly available (note: some content on this site is not considered appropriate in many work environments). The new script can be used to take control of servers operated by many shared Web hosting providers, where dozens or hundreds of people have unprivileged accounts on the same machine.

rest here




More in Tux Machines

Tails 2.0

The newest 2.0 release of Tails brings many enhancements to the distribution. Tails is now based on Debian 8 (Jessie), so packages from the 1.x releases of Tails have been updated to much newer versions. The desktop environment is now GNOME 3.14 running in Classic mode, which is a major advancement over the GNOME 3.4. desktop used in Tails 1.x. However, there is one drawback to this update -- Tails' optional Windows 8 look-alike theme is no longer available. While I normally do not like look-alike themes, having the desktop look like Windows 8 was an understandable and helpful feature in Tails. GNOME 3's Classic mode is a nice, clean environment, but it does not look like Windows or Mac OS X, so using Tails in public is bound to attract some attention. Read more

Arduino Yun clone runs OpenWrt, offers Grove I/O

The Arduino Yún- and Grove-compatible Seeeduino Cloud SBC has an AR9331 WiFi chipset that runs Linux via a Dragino HE COM, plus Ethernet and USB ports. The Seeeduino Arduino clone from Seeed Studios has been around for years, adding three onboard Grove sensor interfaces to basic Arduino functionality. Now, Seeed Studios has launched a Seeeduino Cloud version that promises Arduino Yún compatibility, and which like the Yún, provides a Qualcomm Atheros AR9331 WiFi SoC running OpenWrt Linux on a MIPS processor. Read more

Ubuntu Phone Users Will Have to Wait a Little Longer for the Fixes

We've been informed today, February 8, by Mr. Łukasz Zemczak of Canonical about the latest work done in preparation for the upcoming OTA software updates for Ubuntu Phone devices. Read more