Language Selection

English French German Italian Portuguese Spanish

Security: Patches, Flaws and ZDNet FUD

Filed under
Security
  • Security updates for Monday

    Security updates have been issued by Arch Linux (file and firefox), Debian (apache-log4j1.2), Fedora (chromium, dovecot, GraphicsMagick, kubernetes, libvpx, makepasswd, matio, and slurm), Mageia (libtomcrypt, ming, oniguruma, opencv, pcsc-lite, phpmyadmin, and thunderbird), openSUSE (chromium, chromium, re2, and mozilla-nspr, mozilla-nss), Red Hat (chromium-browser, firefox, and rabbitmq-server), Slackware (mozilla), and SUSE (crowbar-core, crowbar-openstack, openstack-horizon-plugin-monasca-ui, openstack-monasca-api, openstack-monasca-log-api, openstack-neutron, rubygem-puma, rubygem-rest-client, firefox, libzypp, and openssl-1_1).

  • Arm Chips Vulnerable to PAN Bypass – “We All Know it’s Broken”

    Memory access protections baked into the ARMv8 64-bit specification are vulnerable to being bypassed – and the Arm team has only just mitigated the bug, which would allow an attacker to circumvent its “Privileged Access Never” (PAN) controls in the kernel.

    PAN, introduced in 2014, is a meant to prevent privileged access to user data unless explicitly enabled – as a security mechanism against possible software attacks.

    A Linux kernel commit message on January 6 this year acknowledges the issue and puts in place a stop-gap measure. But one security researcher, “Siguza” says they originally found the flaw in October 2018 and that PAN “was never an issue to get around”.

  • Microsoft spots malicious npm package stealing data from UNIX systems [Ed: Typical ZDNet paints Microsoft as good and FOSS or Linux/UNIX as bad/dangerous: "Microsoft spots malicious npm package stealing data from UNIX systems"]

Not really a story about Microsoft

  • NPM security team removes malicious package caught leaking data from UNIX systems

    The security team at Node Package Manager (npm) has removed a malicious JavaScript package present in the npm repository, which was observed stealing sensitive data from UNIX systems.

  • Malicious npm package exfiltrating data from UNIX systems

    A malicious JavaScript package was uploaded Dec. 30 2019 on the Node Package Manager (npm), the world’s largest software registry, containing over 800,000 code packages that developers use to write JavaScript applications.

    The package, identified as 1337qq-js, was spotted stealing sensitive data through install scrips of Unix Systems. It marks the sixth-known incident to strike the npm repository in the past three years.

Anti-Linux slant

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Easily Create a Multiboot USB with Ventoy

Ventoy is a top-rated free and open-source utility to create a multiboot USB stick from ISO files. I use it regularly, and highly recommend you to use. Recently I covered on how you can create a bootable USB stick using Baleno Etcher. This time I will guide you how easily you can create a multiboot USB stick by just doing copy-paste ISO file to your USB device. Read more

Android Leftovers

Today in Techrights

today's leftovers

  • Meetup Will Discuss Survey Results, Project Improvements

    The openSUSE Project welcomes our followers to participate in two planned meetups to discuss results from the End of the Year Community Survey on Jan. 23 and Jan. 30. Both sessions will start at 13:00 UTC on openSUSE’s Jitsi instance and go for 1:30 hours. Members of the “let’s improve the openSUSE learning experience” initiative will share results and analysis from the survey.

  • LF‌ ‌Edge‌ ‌Adds‌ ‌New‌ ‌Members‌

    LF Edge has announced the addition of four new general members (FII, HCL, OpenNebula, and Robin.io) and one new Associate member (Shanghai Open Source Information Technology Association). Additionally, Home Edge has released its third platform update with new Data Storage and Mult-NAT Edge Device Communications (MNDEC) features.

  • Text Encoding Menu in 2021

    In mid-January 2021, the Text Encoding menu in Firefox looks like this: Automatic Unicode Western Arabic (Windows) Arabic (ISO) Baltic (Windows) Baltic (ISO) Central European (Windows) Central European (ISO) Chinese, Simplified Chinese, Traditional Cyrillic (Windows) Cyrillic (KOI8-U) Cyrillic (KOI8-R) Cyrillic (ISO) Cyrillic (DOS) Greek (Windows) Greek (ISO) Hebrew, Visual Hebrew Japanese Korean Thai Turkish Vietnamese [...] For users who have telemetry enabled, we collect data about whether the item “Automatic” was used at least once in given Firefox subsession, whether an item other than “Automatic” was used at least once in a given Firefox subsession, and a characterization of how the encoding that is being overridden was determined (from HTTP, from meta, from chardetng running without the user triggering it, from chardetng as triggered by the user by having chosen “Automatic” previously, etc.). If things go well, the telemetry can be analyzed when Firefox 87 is released (i.e. when 86 has spent its time on the release channel). The current expectation for this is 2021-03-23.

  • Wikipedia is twenty. It’s time to start covering it better. - Columbia Journalism Review
  • Jimmy Wales: “Wikipedia is from a different era”

    As the online encyclopedia turns 20-years-old, its founder reflects on the internet’s halcyon days.

  • Fact check: As Wikipedia turns 20, how credible is it?

    Wikipedia, which has been referred to as a world treasure, turns 20 on Friday. According to research conducted over the years — including a scientific study published by the journal Nature in 2005 and a report commissioned by the site's Wikimedia Foundation in 2012 — Wikipedia's entries are comparable in quality to those in prestigious encyclopedias such as Britannica. However, it is difficult to measure the consistency of information that can be altered at any time.

  • Odin is finally pleased so the open-world survival game Valheim releases on February 2 | GamingOnLinux

    Odin has finally had enough sacrifices and shall be releasing Valheim from Iron Gate AB will enter Early Access with Linux and Windows support on February 2. What is it? A brutal multiplayer exploration and survival game set in a procedurally-generated purgatory inspired by viking culture. Battle, build, and conquer your way to a saga worthy of Odin’s patronage! With low-poly artwork and a very flexible building system it looks absolutely brilliant. The early builds they had available were seriously promising back in 2018 so I'm personally excited to see how far they've progress with it in that time.