Security Leftovers
-
Security updates for Tuesday [LWN.net]
Security updates have been issued by CentOS (java-11-openjdk), Debian (aide, apr, ipython, openjdk-11, qt4-x11, and strongswan), Fedora (binaryen and rust), Mageia (expat, htmldoc, libreswan, mysql-connector-c++, phpmyadmin, python-celery, python-numpy, and webkit2), openSUSE (kernel and virtualbox), Red Hat (etcd, libreswan, nodejs:14, OpenJDK 11.0.14, OpenJDK 17.0.2, and rpm), Slackware (expat), SUSE (java-1_7_1-ibm, kernel, and zxing-cpp), and Ubuntu (strongswan).
-
Linux kernel bug can let hackers escape Kubernetes containers [Ed: Kubernetes and containers do not mean Linux kernel, but when a site is determined to boost Microsoft everything will always be blamed on "Linux"]
A vulnerability affecting Linux kernel and tracked as CVE-2022-0185 can be used to escape containers in Kubernetes, giving access to resources on the host system.
-
Major Linux PolicyKit security vulnerability uncovered: Pwnkit | ZDNet
If it's not one thing, it's another. After one real Linux problem -- the heap overflow bug in the Linux kernel's fs/fs_context.c program -- is found and fixed, then a new security problem is discovered. This time security company Qualys has uncovered a truly dangerous memory corruption vulnerability in polkit's pkexec, CVE-2021-4034.
Polkit, formerly known as PolicyKit, is a systemd SUID-root program. It's installed by default in every major Linux distribution.
- Login or register to post comments
- Printer-friendly version
- 5526 reads
- PDF version
More in Tux Machines
- Highlights
- Front Page
- Latest Headlines
- Archive
- Recent comments
- All-Time Popular Stories
- Hot Topics
- New Members
digiKam 7.7.0 is releasedAfter three months of active maintenance and another bug triage, the digiKam team is proud to present version 7.7.0 of its open source digital photo manager. See below the list of most important features coming with this release. |
Dilution and Misuse of the "Linux" Brand
|
Samsung, Red Hat to Work on Linux Drivers for Future TechThe metaverse is expected to uproot system design as we know it, and Samsung is one of many hardware vendors re-imagining data center infrastructure in preparation for a parallel 3D world. Samsung is working on new memory technologies that provide faster bandwidth inside hardware for data to travel between CPUs, storage and other computing resources. The company also announced it was partnering with Red Hat to ensure these technologies have Linux compatibility. |
today's howtos
|
Systemd security
A new Polkit vulnerability
Microsoft boosters are calling systemd "Linux"
Linux system service bug gives root on all major distros, exploit released
"Linux" vuln
Linux vulnerability can be 'easily exploited' for local privilege escalation, researchers say | VentureBeat
Two more
Control Web Panel Security Exploit Leaves 200K Linux Servers Vulnerable To Remote Hacks | HotHardware
Serious Linux privilege escalation bug lay hidden for 12 years - Security - Software - iTnews
A Polkit Vulnerability Gives Root on All Major Linux Distros
A Polkit Vulnerability Gives Root on All Major Linux Distros
Dan Goodin
A bug lurking for 12 years gives attackers root on every major Linux distro
Bryan Cockfield
Major Bug Grants Root For All Major Linux Distributions | Hackaday
Duo
Jan 26, 2022 Serious Privilege Escalation Flaw in Linux Component Patched By Dennis Fisher
SiliconANGLE
12-year-old vulnerability in Linux gives attackers root privileges - SiliconANGLE [Ed: Systemd is not Linux]
SoylentNews
Major Linux PolicyKit Security Vulnerability Uncovered: Pwnkit - SoylentNews
Easily Exploitable Linux Flaw Exposes All Distributions: Qualys
Easily Exploitable Linux Flaw Exposes All Distributions: Qualys | eSecurityPlanet
Local privilege escalation in systemnd spun as doom for "Linux"
Serious PwnKit flaw in default Linux installations requires urgent patching
PolKit vulnerability can give attackers root on many Linux distros (CVE-2021-4034)
Linux Bug in All Major Distros: 'An Attacker's Dream Come True'
Local privilege escalation vulnerability found on 'polkit' program found on every Linux variant
Lawrence Abrams, a Microsoft booster, framing a VMware...
Linux version of LockBit ransomware targets VMware ESXi servers
[Ed: Lawrence Abrams, a Microsoft booster, framing a VMware issue as "Linux"]