Language Selection

English French German Italian Portuguese Spanish

Login

Enter your Tux Machines username.
Enter the password that accompanies your username.

More in Tux Machines

Today in Techrights

How I built and maintain Cantata, an open source music player

This is the third in a series of conversations with developers who build and maintain open source music players. Craig Drummond is the developer and maintainer of Cantata, an open source music player that acts as a frontend (client) to the Music Player Daemon (MPD) music server. I have two small headless computers at home configured as music servers—one connected to our stereo in our living room, one in my upstairs office. I first ran into Cantata while I was looking for a way to control these servers, and wow, it is one impressive piece of work. I was interested in learning more about Cantata, so I was grateful when Craig agreed to do this interview (which has been lightly edited for length and clarity). Without further ado, let’s chat with Craig. Read more

Android Leftovers

Security: Linux, Docker and Guix

  • Unpatched Linux bug may open devices to serious attacks over Wi-Fi

    The flaw is located in the RTLWIFI driver, which is used to support Realtek Wi-Fi chips in Linux devices. The vulnerability triggers a buffer overflow in the Linux kernel when a machine with a Realtek Wi-Fi chip is within radio range of a malicious device. At a minimum, exploits would cause an operating-system crash and could possibly allow a hacker to gain complete control of the computer. The flaw dates back to version 3.10.1 of the Linux kernel released in 2013.

  • Docker Attack Worm Mines for Monero
  • Insecure permissions on profile directory (CVE-2019-18192)

    We have become aware of a security issue for Guix on multi-user systems that we have just fixed (CVE-2019-18192). Anyone running Guix on a multi-user system is encouraged to upgrade guix-daemon—see below for instructions. Context The default user profile, ~/.guix-profile, points to /var/guix/profiles/per-user/$USER. Until now, /var/guix/profiles/per-user was world-writable, allowing the guix command to create the $USER sub-directory. On a multi-user system, this allowed a malicious user to create and populate that $USER sub-directory for another user that had not yet logged in. Since /var/…/$USER is in $PATH, the target user could end up running attacker-provided code. See the bug report for more information. This issue was initially reported by Michael Orlitzky for Nix (CVE-2019-17365).