Language Selection

English French German Italian Portuguese Spanish

Security

Security Leftovers

Filed under
Security

Security Leftovers

Filed under
Security

Security Leftovers

Filed under
Security

  • Security updates for Thursday
  • Dormant Linux kernel vulnerability finally slayed

    A recently resolved vulnerability in the Linux kernel that had the potential to allow an attacker to gain privilege escalation or cause denial of service went undiscovered for seven years.

    Positive Technologies expert, Alexander Popov, found a race condition in the n_hdlc driver that leads to double-freeing of kernel memory. This Linux kernel flaw might be exploited for privilege escalation in the operating system. The (CVE-2017-2636) bug was evaluated as dangerous with a CVSS v3 score of 7.8, towards the higher end of the scale which runs from 1-10.

  • Another Years-Old Flaw Fixed in the Linux Kernel

    The Linux team has patched a "dangerous" vulnerability in the Linux kernel that allowed attackers to elevate their access rights and crash affected systems.

    The security issue, tracked as CVE-2017-2636, existed in the Linux kernel for the past seven years, after being introduced in the code in 2009.

How to Choose the Best Linux Distro for SysAdmin Workstation Security

Filed under
GNU
Linux
Security

If you’re a systems administrator choosing a Linux distribution for your workstation, chances are you’ll stick with a fairly widely used distro such as Fedora, Ubuntu, Arch, Debian, or one of their close spin-offs. Still, there are several security considerations you should weigh when picking which distribution is best for your needs.

Read more

Also: Linux Sucks — The Latest And Last From Bryan Lunduke

Security News

Filed under
Security

Security News

Filed under
Security

Security News

Filed under
Security

Security Leftovers

Filed under
Security

Parrot Security OS 3.5 Improves Linux Security Tools Distribution

Filed under
OS
Linux
Security

There seems to be no shortage of Linux distributions specifically designed and built for security researchers. That list includes the Parrot Security OS Linux distribution, which was updated to version 3.5 on March 8. The Parrot Security OS platform is based on the Debian Linux distribution, with the open-source MATE desktop the default choice for new users. As a platform for security researchers, Parrot Security OS provides a wide array of tools that fit into different categories, including information gathering, vulnerability analysis, database assessment, exploitation tools, password attacks, wireless testing, digital forensics, reverse engineering and reporting tools. One of its more interesting tools is the open-source Kayak car hacking tool that can be used to diagnose a car's CAN (Controller Area Network) bus. In addition, version 3.5 includes the CryptKeeper encrypted folder manager tool, as well as the Metasploit penetration testing framework, which is packed full with 1,627 exploits. For users who want to stay somewhat anonymous while using the system, anonymous web surfing tools are also included in the Linux distribution. In this slide show, eWEEK takes a look at some of the highlights of the Parrot Security OS 3.5 release.

Read more

Security Leftovers

Filed under
Security
  • Security updates for Monday
  • How Android and iOS devices really get hacked
  • Security Expert Bruce Schneier on Regulating IoT

    With the Internet of Things already flexing its muscle and showing its potential to be a security nightmare, has the time come for governments to step into the fray and begin regulating the Internet? Security guru Bruce Schneier thinks that may be an inevitability, and says the development community might want to go ahead and start leading the way to assure that regulations aren't put in place by people who don't understand tech.

    "As everything turns into a computer, computer security becomes 'everything security,'" he explained, "and there are two very important ramifications of that. The first is that everything we know about computer security becomes applicable to everything. The second is the restrictions and regulations that the real world puts on itself are going to come into our world, and I think that has profound implications for us in software and especially in open source."

  • Ioquake3 Pushes Out Important Security Update

    All of those running ioquake3-powered games are encouraged to update their engine installation as soon as possible.

    The developers behind this popular fork of the open-source id Tech 3 engine code have pushed a "large security fix" and all users are encouraged to upgrade prior to connecting to any online servers. Unfortunately, ioquake3 currently doesn't have any auto-update system to make it easy to roll out game engine updates.

Syndicate content

More in Tux Machines

6 Reasons Your Favorite Linux OS Is Plagued by Bugs

  • 6 Reasons Your Favorite Linux OS Is Plagued by Bugs
  • I’ve been a long-time GNOME user, but for the past few months, I was in a loving relationship with Elementary OS. I found much to love in the minimalist Linux-based operating system, and I encouraged readers to give it a try. But that has changed. The number of bugs I encountered grew over time, and I’ve recently had enough. As a freelance writer, the only thing I need is a working laptop. If that’s not reliable, then I’m wasting time trying to fix the one tool my job requires.
  • Why do Linux distributions have software bugs?
    Linux is one of the best operating systems around, but no OS is perfect. All operating systems end up having bugs of one kind or another, including your favorite Linux distributions. A writer at MakeUseOf has listed six reasons why Linux distributions often have their share of bugs.

today's howtos

Linux and Linux Foundation

Red Hat and Fedora