Language Selection

English French German Italian Portuguese Spanish

Security Leftovers

Filed under
Security
  • Security updates for Monday

    Security updates have been issued by Debian (crmsh, debian-security-support, flatpak, gst-plugins-bad1.0, openvswitch, python-bottle, salt, tomcat9, and vlc), Fedora (chromium, python-pillow, sddm, and xen), Gentoo (chromium, dnsmasq, flatpak, glibc, kdeconnect, openjdk, python, thunderbird, virtualbox, and wireshark), Mageia (blosc, crmsh, glibc, perl-DBI, php-oojs-oojs-ui, python-pip, python-urllib3, and undertow), openSUSE (gdk-pixbuf, hawk2, ImageMagick, opera, python-autobahn, viewvc, wavpack, and xstream), Red Hat (dnsmasq), Slackware (seamonkey), SUSE (hawk2, ImageMagick, mutt, permissions, and stunnel), and Ubuntu (pound).

  • Apache Software Foundation Security Report: 2020

    Synopsis: This report explores the state of security across all Apache Software Foundation projects for the calendar year 2020. We review key metrics, specific vulnerabilities, and the most common ways users of ASF projects were affected by security issues.

  • Apache Software Foundation Saw Assigned CVEs Up 24%, Security Issues Up 53% For 2020

    The Apache Software Foundation that oversees 340+ Apache projects saw a measurable rise in security related issues during the course of 2020.

  • This new botnet is targeting Linux servers running enterprise apps [Ed: TechRadar foolishly perpetuating ZDNet garbage]

More FUD?

  • QNAP urges users to secure against Dovecat crypto-mining malware [Ed: The part about "infect NAS devices when they’re connected to the internet with weak passwords" suggests it's a user error]

    QNAP has warned its customers that their network-attached storage (NAS) drives might be susceptible to infection by a malware strain known as Dovecat, which infects devices and silently mines cryptocurrency.

    [...]

    The firm has issued a security advisory warning its users about Dovecat, which might infect NAS devices when they’re connected to the internet with weak passwords, according to QNAP’s analysis.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

openSUSE Leap 15.3 Released for Public Beta Testing, Download Now

openSUSE Leap is openSUSE’s regular release that follows the development cycle of the SUSE Linux Enterprise operating system. As such, openSUSE Leap 15.3 beta comes with packages from the SUSE Linux Enterprise (SLE) 15 Service Pack 3 (SP3) release, including the Linux 5.3 kernel. This kernel version is maintained by SUSE and introduces support for AMD Navi GPUs, new IPv4 addresses, RISC-V improvements, and compatibility with the Intel SST (Speed Select Technology) used in Intel Xeon servers. Read more

openSUSE Leap 15.3 Reaches Beta Build Phase

openSUSE Leap has entered into the beta release phase today for its 15.3 minor version. This openSUSE Leap 15.3 version is a solidified release that focuses more on the building of the distribution rather than refreshing the distribution?s packages, but there are some significant changes to the distribution. Many of the packages will remain the same as those in openSUSE Leap 15.2 with a bit of hardware enablement and security backports. An updated version of glibc brings some Power10 support and the Xfce desktop users will have the new 4.16 version. The distribution also gains adds s390x architecture. The biggest change for this release is how Leap is built and its relationship with SUSE Linux Enterprise. Leap transitioned to a new way of building openSUSE Leap releases in the fall of 2020 through a prototype project called Jump. The Jump prototype was used as a proof of concept, but no longer exists; it did prove to work at building a distribution and bringing the code streams of both openSUSE Leap and SLE closer together. The proof of concept was implemented for building the release of openSUSE Leap 15.3 as seen in the beta release today. Building Leap on top of binary packages from SLE, which was part of the rationale for the Jump prototype, allows for easy development on a community release to be put into production on an enterprise release should the need arise. Read more Also: openSUSE Leap 15.3 Beta Begins - Phoronix

Microsoft Security Issues and Blame-Shifting

Android Leftovers