Language Selection

English French German Italian Portuguese Spanish

Security: Updates, YubiKey, systemd

Filed under
  • Security updates for Thursday
  • A YubiKey for iOS Will Soon Free Your iPhone From Passwords

    The upshot: Yubico has received MFi certification, meaning Apple will officially support it as a hardware partner. To that end, the company will finally be able to make a YubiKey that fits into the iPhone and iPad’s proprietary Lightning port, giving those devices the seamless security that already works so well on PCs. On the opposite side, it will offer a USB-C connector for MacBooks.

  • Stack clashing systemd aka “System Down”

    Qualys yesterday has published new security issues found in systemd-journald called “System Down”, where dynamic stack allocations could be used to cause a “Stack Clash” vulnerability, and so escalate privileges of local attackers to root.

  • A set of systemd-journald exploits

    Qualys has sent out a security advisory describing three stack-overrun vulnerabilities in systemd-journald.

More on systemd and IPFire

New Linux Systemd security holes uncovered

  • New Linux Systemd security holes uncovered

    Many Linux sysadmins and users dislike Systemd, but love it or hate it, the Systemd is the default system and service manager for most Linux distributions. So, security company Qualys's recent revelation of three new Systemd security vulnerabilities isn't going to win Systemd any friends.

    How bad is this trio of trouble? With any of these a local user can gain root privileges. Worse still, Qualys reports that "To the best of our knowledge, all systemd-based Linux distributions are vulnerable."

Overstating the threat

  • High Toxicity Linux Vulnerabilities Could Cause System Down for Red Hat, Debian

    Major Linux distributions, from Red Hat to Debian, are vulnerable to three bugs in systemd, a Linux initialisation system and service manager in widespread use, California-based security company Qualys said late yesterday.

    The systemd vulnerabilities comprise CVE-2018-16864 and CVE-2018-16865, two memory corruptions (attacker-controlled alloca()s) and CVE-2018-16866, an information leak (an out-of-bounds read), Qualys said.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.