Language Selection

English French German Italian Portuguese Spanish

Security: Patches, Flaws and ZDNet FUD

Filed under
Security
  • Security updates for Monday

    Security updates have been issued by Arch Linux (file and firefox), Debian (apache-log4j1.2), Fedora (chromium, dovecot, GraphicsMagick, kubernetes, libvpx, makepasswd, matio, and slurm), Mageia (libtomcrypt, ming, oniguruma, opencv, pcsc-lite, phpmyadmin, and thunderbird), openSUSE (chromium, chromium, re2, and mozilla-nspr, mozilla-nss), Red Hat (chromium-browser, firefox, and rabbitmq-server), Slackware (mozilla), and SUSE (crowbar-core, crowbar-openstack, openstack-horizon-plugin-monasca-ui, openstack-monasca-api, openstack-monasca-log-api, openstack-neutron, rubygem-puma, rubygem-rest-client, firefox, libzypp, and openssl-1_1).

  • Arm Chips Vulnerable to PAN Bypass – “We All Know it’s Broken”

    Memory access protections baked into the ARMv8 64-bit specification are vulnerable to being bypassed – and the Arm team has only just mitigated the bug, which would allow an attacker to circumvent its “Privileged Access Never” (PAN) controls in the kernel.

    PAN, introduced in 2014, is a meant to prevent privileged access to user data unless explicitly enabled – as a security mechanism against possible software attacks.

    A Linux kernel commit message on January 6 this year acknowledges the issue and puts in place a stop-gap measure. But one security researcher, “Siguza” says they originally found the flaw in October 2018 and that PAN “was never an issue to get around”.

  • Microsoft spots malicious npm package stealing data from UNIX systems [Ed: Typical ZDNet paints Microsoft as good and FOSS or Linux/UNIX as bad/dangerous: "Microsoft spots malicious npm package stealing data from UNIX systems"]

Not really a story about Microsoft

  • NPM security team removes malicious package caught leaking data from UNIX systems

    The security team at Node Package Manager (npm) has removed a malicious JavaScript package present in the npm repository, which was observed stealing sensitive data from UNIX systems.

  • Malicious npm package exfiltrating data from UNIX systems

    A malicious JavaScript package was uploaded Dec. 30 2019 on the Node Package Manager (npm), the world’s largest software registry, containing over 800,000 code packages that developers use to write JavaScript applications.

    The package, identified as 1337qq-js, was spotted stealing sensitive data through install scrips of Unix Systems. It marks the sixth-known incident to strike the npm repository in the past three years.

Anti-Linux slant

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Type Title Author Replies Last Postsort icon
Story Linux is Coming to Apple M1 macs Devices arindam1989 3 01/12/2020 - 6:20pm
Story FreeBSD Merges WireGuard Support Roy Schestowitz 01/12/2020 - 6:17pm
Story Linux Foundation Pushing its Products (Not Linux) Roy Schestowitz 01/12/2020 - 6:04pm
Story Programming/Development Leftovers Roy Schestowitz 01/12/2020 - 5:57pm
Story Games: Pixross, Domains of Dusk, Factory Magnate Roy Schestowitz 01/12/2020 - 5:43pm
Story openSUSE Release Team to Share Results from arm Survey in Online Meetup Roy Schestowitz 01/12/2020 - 5:16pm
Story Precursor’s Custom PCBs Roy Schestowitz 01/12/2020 - 5:13pm
Story Latest Developments in Linux Mint and in Ubuntu Roy Schestowitz 01/12/2020 - 5:07pm
Story Harish Pillay 9v1hp: My ESP8266-01 Adventure Roy Schestowitz 01/12/2020 - 5:04pm
Story Debian: Installing Debian Testing and Debian Developer Reports Roy Schestowitz 01/12/2020 - 4:58pm