Language Selection

English French German Italian Portuguese Spanish

Security

Ubuntu plugs Linux kernel and OpenSSL holes that left users open to attack

Filed under
Security
Ubuntu

Canonical has released several patches addressing flaws in the Linux kernel and OpenSSL that left Ubuntu users open to escalation of privilege and denial-of-service (DoS) attacks.

The most serious of the fixes covers a variety of flaws that could be used to gain elevated or administrative privileges on the victim machine.

"A memory corruption issue was discovered in AES decryption when using the Intel AES-NI accelerated code path. A remote attacker could exploit this flaw to cause a DoS (system crash) or potentially escalate privileges on Intel-based machines," read the Ubuntu security advisory.

Read more

Also: A Couple of CUPS Exploits Have Been Closed in Ubuntu

Ubuntu Releases Security Update

Activity of BillGates Botnet Targeting Linux Systems Surges

Filed under
GNU
Linux
Security

A Trojan designed for distributed denial-of-service (DDoS) functionality and aimed at Linux systems has increased its activity during the month of May, researchers warn.

Read more

Create an encrypted disk image in GNU/Linux

Filed under
Security
HowTos

In my previous article about creating a "mountable" disk image in GNU/Linux, I explained how to create a file that effectively mimics the functionality of a disk: I explained how to create a file which will then be used, in turn, to contain directories and files. In this article I will explain how to make the next natural step: encrypt that file.

Ubuntu Security

Filed under
Security
Ubuntu

OpenSSL Export Cipher Suites Removed from Library in Ubuntu OSes

Filed under
Security
Ubuntu

Canonical has revealed details about an OpenSSL feature that has been disabled in Ubuntu 15.04, Ubuntu 14.10, Ubuntu 14.04 LTS, and Ubuntu 12.04 LTS operating systems.

Read more

Emergency Security Band-Aids with Systemtap

Filed under
Red Hat
Security

Software security vulnerabilities are a fact of life. So is the subsequent publicity, package updates, and suffering service restarts. Administrators are used to it, and users bear it, and it’s a default and traditional method.

On the other hand, in some circumstances the update & restart methods are unacceptable, leading to the development of online fix facilities like kpatch, where code may be surgically replaced in a running system. There is plenty of potential in these systems, but they are still at an early stage of deployment.

Read more

Docker Delivers Security Configuration Checking Tool

Filed under
Server
Security

The Docker Bench for Security script is packaged as a Docker container to make it easier to run and test. One of the CIS Benchmark's recommendations is to limit container privileges to only what is needed to run. Somewhat ironically, the Docker Bench for Security script is a very high-privilege container that has broad access to host resources—usually something a container should not be able to do. That said, as a security testing tool, the container does need the broad access to validate host configuration for container deployment properly.

Read more

Run the Kali Linux Penetration Testing Distro on Any Platform via Docker Images

Filed under
GNU
Linux
Security

At the request of many users, the Kali Linux developers are proud to announce the immediate availability of Docker images for the Kali Linux operating system, helping users run Kali on various OSes.

Read more

IPFire 2.17 Update 90 Gets GeoIP-Based Blocking, Legacy Microsoft Hyper-V Support

Filed under
GNU
Linux
Security

The IPFire team had the pleasure of announcing earlier today, May 28, the immediate availability for download of IPFire 2.17 Core Update 90, a major version that brings a number of new features, updated packages, a new kernel, and various security enhancements.

Read more

Security and Linux

Filed under
Linux
Security
Syndicate content

More in Tux Machines

Second Alpha Build of Liquid Lemur Linux 2.0 Brings LibreOffice 5, Based on Debian 8

Edward Snyder, the creator and maintainer of the Debian-based Liquid Lemur Linux distribution, has announced the release and immediate availability for download of the second Alpha build of the upcoming Liquid Lemur Linux 2.0 distro. Read more

Manjaro Linux 0.8.13.1 Fluxbox Edition Gets Linux Kernel 4.1 LTS, Download Now

The Manjaro Linux team, through Bernhard Landauer, has proudly announced the release of an updated version of the Manjaro Linux Fluxbox Edition, namely 0.8.13.1, which features an updated Linux kernel and numerous improvements. Read more

NVIDIA reveals GPUs for blade servers, Linux desktop support

VMworld 2015 NVIDIA has announced the second version of its Grid desktop virtualisation software, complete with a pair of GPUs for blade servers. NVIDIA is pitching GRID as a hardware offering tuned to the needs of graphically-demanding desktop virtualisation (VDI) workloads. If that sounds a bit exotic, consider environments like the resources industry, where on-site engineers need CAD and modelling tools, but miners are loathe to deploy desktops in the remote sites where stuff gets dug out of the ground. VDI works a treat in such spots. Read more

GNU Linux-libre 4.2-gnu is now available

Many new drivers required cleaning of their blob-requesting-and-loading machinery. Various others needed deblobbing updates due to blob name changes and false positives. Read more Also: