Language Selection

English French German Italian Portuguese Spanish

Security: Patches, Flaws and ZDNet FUD

Filed under
Security
  • Security updates for Monday

    Security updates have been issued by Arch Linux (file and firefox), Debian (apache-log4j1.2), Fedora (chromium, dovecot, GraphicsMagick, kubernetes, libvpx, makepasswd, matio, and slurm), Mageia (libtomcrypt, ming, oniguruma, opencv, pcsc-lite, phpmyadmin, and thunderbird), openSUSE (chromium, chromium, re2, and mozilla-nspr, mozilla-nss), Red Hat (chromium-browser, firefox, and rabbitmq-server), Slackware (mozilla), and SUSE (crowbar-core, crowbar-openstack, openstack-horizon-plugin-monasca-ui, openstack-monasca-api, openstack-monasca-log-api, openstack-neutron, rubygem-puma, rubygem-rest-client, firefox, libzypp, and openssl-1_1).

  • Arm Chips Vulnerable to PAN Bypass – “We All Know it’s Broken”

    Memory access protections baked into the ARMv8 64-bit specification are vulnerable to being bypassed – and the Arm team has only just mitigated the bug, which would allow an attacker to circumvent its “Privileged Access Never” (PAN) controls in the kernel.

    PAN, introduced in 2014, is a meant to prevent privileged access to user data unless explicitly enabled – as a security mechanism against possible software attacks.

    A Linux kernel commit message on January 6 this year acknowledges the issue and puts in place a stop-gap measure. But one security researcher, “Siguza” says they originally found the flaw in October 2018 and that PAN “was never an issue to get around”.

  • Microsoft spots malicious npm package stealing data from UNIX systems [Ed: Typical ZDNet paints Microsoft as good and FOSS or Linux/UNIX as bad/dangerous: "Microsoft spots malicious npm package stealing data from UNIX systems"]

Not really a story about Microsoft

  • NPM security team removes malicious package caught leaking data from UNIX systems

    The security team at Node Package Manager (npm) has removed a malicious JavaScript package present in the npm repository, which was observed stealing sensitive data from UNIX systems.

  • Malicious npm package exfiltrating data from UNIX systems

    A malicious JavaScript package was uploaded Dec. 30 2019 on the Node Package Manager (npm), the world’s largest software registry, containing over 800,000 code packages that developers use to write JavaScript applications.

    The package, identified as 1337qq-js, was spotted stealing sensitive data through install scrips of Unix Systems. It marks the sixth-known incident to strike the npm repository in the past three years.

Anti-Linux slant

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Fete de la Musique and why I don’t use Google

Today is Fete de la Musique in the French-speaking world. It feels like the perfect time to release the video of former GNOME employee Magdalen Berns singing Zombie. I recorded this at the Google Mentor Summit in 2014. Magdalen is no longer with us, she died of cancer in 2019. If Magdalen was alive today, would she recognize the GNOME organization? People are gradually coming to realize that the recent attacks on Dr Richard Stallman crossed far too many red lines. Working for a non-profit organization is a privilege and when certain GNOME employees attacked a volunteer, Dr Stallman, they undermined the principle of volunteering everywhere. We already see people who signed the petition in the heat of the moment are asking to remove their names. The choice of the song's title is subject to debate. Are zombies the people trying to stamp out independent thought from leaders like Dr Stallman? Or are they the volunteers silenced by mindless groupthink? Read more

The best 10 videos conferencing tool for enterprises in 2021

Some problems are just too big and complex for any one person who handles them alone, for these challenges we need to collaborate, but what that means? Read more Also: Mike Gabriel: BBB Packaging for Debian, a short Heads-Up

today's howtos

  • How to install Raspberry Pi OS with desktop on Raspberry Pi 4

    The Raspberry Pi 4 is seriously impressive, with some considerable hardware improvements over the Pi 3. As a result, many are picking it up to use as a Linux computer. One of the best operating systems to run on the Pi 4 is Rasberry Pi OS. Here’s how to get it set up.

  • How To Install Froxlor on Ubuntu 20.04 LTS - idroot

    In this tutorial, we will show you how to install Froxlor on Ubuntu 20.04 LTS. For those of you who didn’t know, Froxlor is an open-source lightweight server management control panel to effectively manage web hosting, domain names, FTP accounts, email accounts, support tickets, and customers that are associated with them and are licensed under GPL. This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of the Froxlor server management panel on Ubuntu 20.04 (Focal Fossa). You can follow the same instructions for Ubuntu 18.04, 16.04, and any other Debian-based distribution like Linux Mint.

  • How to Enable / Configure Multi-Touch Gestures in Ubuntu 20.04 & Higher | UbuntuHandbook

    This simple tutorial shows how to enable & configure the multi-touch gestures in Ubuntu 20.04, Ubuntu 21.04, Ubuntu 21.10 using touchegg. For those running Ubuntu on laptop or PC with external touchpad, multi-finger gestures enable users with more actions to control your system. Since Ubuntu does not offer a utility to configure multi-touch functions, touchegg is a free open-source tool to enable this feature for you. And it supports for both global gestures or gestures for Firefox, Chromium, Google Chrome only.

  • How To Get Public IP From Command Line

    In this tutorial we’ll learn how to get Public IP address from Terminal or Command Line. This will be useful to find public IP address of a cloud instance like EC2 instance, Lightsail instance, or DigitalOcean Droplets. We can also use this method to find Public IP of a VPS or any bare metal server that have Public IP Address.

Audiocasts/Shows: XPLR, GNU World Order, and Emacs

  • XPLR: Insanely Hackable Lua File Manager

    My main file manager is LF and most of the file managers I look at are of the same style but today is different, today we're looking at XPLR which is a single pane file manager with extra sub windows that can be 100% customized in Lua.

  • GNU World Order 412

    **gcc-go** and **gcc-java** from the **d** software series of Slackware.

  • Transform Words Into Pretty Symbols In Emacs

    Emacs has a really neat mode built into it called prettify-symbols-mode. You add a block of code into your Emacs config listing words and corresponding symbols. Anytime you type one of the words, Emacs replaces with the symbol or emoji that you specify.