Language Selection

English French German Italian Portuguese Spanish

Security: Updates, YubiKey, systemd

Filed under
Security
  • Security updates for Thursday
  • A YubiKey for iOS Will Soon Free Your iPhone From Passwords

    The upshot: Yubico has received MFi certification, meaning Apple will officially support it as a hardware partner. To that end, the company will finally be able to make a YubiKey that fits into the iPhone and iPad’s proprietary Lightning port, giving those devices the seamless security that already works so well on PCs. On the opposite side, it will offer a USB-C connector for MacBooks.

  • Stack clashing systemd aka “System Down”

    Qualys yesterday has published new security issues found in systemd-journald called “System Down”, where dynamic stack allocations could be used to cause a “Stack Clash” vulnerability, and so escalate privileges of local attackers to root.

  • A set of systemd-journald exploits

    Qualys has sent out a security advisory describing three stack-overrun vulnerabilities in systemd-journald.

More on systemd and IPFire

New Linux Systemd security holes uncovered

  • New Linux Systemd security holes uncovered

    Many Linux sysadmins and users dislike Systemd, but love it or hate it, the Systemd is the default system and service manager for most Linux distributions. So, security company Qualys's recent revelation of three new Systemd security vulnerabilities isn't going to win Systemd any friends.

    How bad is this trio of trouble? With any of these a local user can gain root privileges. Worse still, Qualys reports that "To the best of our knowledge, all systemd-based Linux distributions are vulnerable."

Overstating the threat

  • High Toxicity Linux Vulnerabilities Could Cause System Down for Red Hat, Debian

    Major Linux distributions, from Red Hat to Debian, are vulnerable to three bugs in systemd, a Linux initialisation system and service manager in widespread use, California-based security company Qualys said late yesterday.

    The systemd vulnerabilities comprise CVE-2018-16864 and CVE-2018-16865, two memory corruptions (attacker-controlled alloca()s) and CVE-2018-16866, an information leak (an out-of-bounds read), Qualys said.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Introducing GNOME Usage’s Storage panel

GNOME Usage is a new GNOME application to visualize system resources such as memory consumption and disk space. It has been developed by Petr Stetka, a high school intern in our Red Hat office in Brno. Petr is an outstanding coder for such a young fellow and has done a great job with Usage! Usage is powered by libgtop, the same library used by GNOME System Monitor. One is not a replacement for the other, they complement our user experience by offering two different use cases: Usage is for the everyday user that wants to check which application is eating their resources, and System Monitor is for the expert that knows a bit of operating system internals and wants more technical information being displayed. Besides, Usage has a bit of Baobab too. It contains a Storage panel that allows for a quick analysis of disk space. Read more

Android Leftovers

4 open source Android apps for writers

While I'm of two minds when it comes to smartphones and tablets, I have to admit they can be useful. Not just for keeping in touch with people or using the web but also to do some work when I'm away from my computer. For me, that work is writing—articles, blog posts, essays for my weekly letter, e-book chapters, and more. I've tried many (probably too many!) writing apps for Android over the years. Some of them were good. Others fell flat. Here are four of my favorite open source Android apps for writers. You might find them as useful as I do. Read more

How a trip to China inspired Endless OS and teaching kids to hack

Last year, I decided to try out Endless OS, a lightweight, Linux-based operating system developed to power inexpensive computers for developing markets. I wrote about installing and setting it up. Endless OS is unique because it uses a read-only root file system managed by OSTree and Flatpak, but the Endless company is unique for its approach to education. Late last year, Endless announced the Hack, a $299 laptop manufactured by Asus that encourages kids to code, and most recently the company revealed The Third Terminal, a group of video games designed to get kids coding while they're having fun. Since I'm so involved in teaching kids to code, I wanted to learn more about Endless Studios, the company behind Endless OS, The Third Terminal, The Endless Mission, a sandbox-style game created in partnership with E-Line Media, and other ventures targeted at expanding digital literacy and agency among children around the world. I reached out to Matt Dalio, Endless' founder, CEO, and chief of product and founder of the China Care Foundation, to ask about Endless and his charitable work supporting orphaned children with special needs in China. Read more