Language Selection

English French German Italian Portuguese Spanish

Security: Updates, YubiKey, systemd

Filed under
Security
  • Security updates for Thursday
  • A YubiKey for iOS Will Soon Free Your iPhone From Passwords

    The upshot: Yubico has received MFi certification, meaning Apple will officially support it as a hardware partner. To that end, the company will finally be able to make a YubiKey that fits into the iPhone and iPad’s proprietary Lightning port, giving those devices the seamless security that already works so well on PCs. On the opposite side, it will offer a USB-C connector for MacBooks.

  • Stack clashing systemd aka “System Down”

    Qualys yesterday has published new security issues found in systemd-journald called “System Down”, where dynamic stack allocations could be used to cause a “Stack Clash” vulnerability, and so escalate privileges of local attackers to root.

  • A set of systemd-journald exploits

    Qualys has sent out a security advisory describing three stack-overrun vulnerabilities in systemd-journald.

More on systemd and IPFire

New Linux Systemd security holes uncovered

  • New Linux Systemd security holes uncovered

    Many Linux sysadmins and users dislike Systemd, but love it or hate it, the Systemd is the default system and service manager for most Linux distributions. So, security company Qualys's recent revelation of three new Systemd security vulnerabilities isn't going to win Systemd any friends.

    How bad is this trio of trouble? With any of these a local user can gain root privileges. Worse still, Qualys reports that "To the best of our knowledge, all systemd-based Linux distributions are vulnerable."

Overstating the threat

  • High Toxicity Linux Vulnerabilities Could Cause System Down for Red Hat, Debian

    Major Linux distributions, from Red Hat to Debian, are vulnerable to three bugs in systemd, a Linux initialisation system and service manager in widespread use, California-based security company Qualys said late yesterday.

    The systemd vulnerabilities comprise CVE-2018-16864 and CVE-2018-16865, two memory corruptions (attacker-controlled alloca()s) and CVE-2018-16866, an information leak (an out-of-bounds read), Qualys said.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Type Title Author Replies Last Postsort icon
Story Android Leftovers Rianne Schestowitz 26/06/2019 - 5:22pm
Story Linux 5.2 + Mesa 19.2 Performance With Polaris/Vega/Vega20 vs. NVIDIA On Ubuntu 19.04 Rianne Schestowitz 26/06/2019 - 3:47pm
Story Android Leftovers Rianne Schestowitz 26/06/2019 - 3:42pm
Story Introducing GNOME Usage’s Storage panel Rianne Schestowitz 26/06/2019 - 3:36pm
Story Android Leftovers Rianne Schestowitz 26/06/2019 - 7:54am
Story Games: Steam Summer Sale, Last Moon, Ubuntu-Valve-Canonical Faceoff Roy Schestowitz 1 26/06/2019 - 7:49am
Story 4 open source Android apps for writers Rianne Schestowitz 26/06/2019 - 7:40am
Story How a trip to China inspired Endless OS and teaching kids to hack Rianne Schestowitz 26/06/2019 - 7:37am
Story AMD Releases Firmware Update To Address SEV Vulnerability Rianne Schestowitz 26/06/2019 - 7:29am
Story today's howtos and programming bits Roy Schestowitz 26/06/2019 - 2:55am