Tux Machines

Do you waddle the waddle?

Other Sites

news

Security Leftovers

posted by Roy Schestowitz on Nov 21, 2024,
updated Nov 21, 2024

  • LWNSecurity updates for Tuesday

    Security updates have been issued by AlmaLinux (.NET 9.0, bcc, bluez, bpftrace, bubblewrap, flatpak, buildah, cockpit, containernetworking-plugins, cups, cyrus-imapd, edk2, expat, firefox, fontforge, gnome-shell, gnome-shell-extensions, grafana, grafana-pcp, gtk3, httpd, iperf3, jose, krb5, libgcrypt, libsoup, libvirt, libvpx, lldpd, microcode_ctl, mingw-glib2, mod_auth_openidc, nano, NetworkManager, oci-seccomp-bpf-hook, openexr, osbuild-composer, pcp, podman, poppler, postfix, python-dns, python-jinja2, python-jwcrypto, python3.11, python3.11-PyMySQL, python3.11-urllib3, python3.12, python3.12-PyMySQL, python3.12-urllib3, python3.9, qemu-kvm, runc, skopeo, squid, thunderbird, toolbox, tpm2-tools, vim, webkit2gtk3, xorg-x11-server, and xorg-x11-server-Xwayland), Fedora (lemonldap-ng and mingw-expat), SUSE (bea-stax, xstream, expat, httpcomponents-client, httpcomponents-core, kernel, SUSE Manager Client Tools, SUSE Manager Proxy, Retail Branch Server 4.3, SUSE Manager Salt Bundle, SUSE Manager Server 4.3, and SUSE Manager Server 5.0), and Ubuntu (curl, glib2.0, and webkit2gtk).

  • Critical needrestart vulnerabilities found in Ubuntu Servers

    The Qualys Threat Research Unit (TRU) has uncovered five Local Privilege Escalation (LPE) vulnerabilities within the needrestart component used by Ubuntu Servers.

    These vulnerabilities, linked to CVE identifiers CVE-2024-48990, CVE-2024-48991, CVE-2024-48992, CVE-2024-10224, and CVE-2024-11003, pose significant security threats as they potentially allow any unprivileged user to gain full root access during package installations or upgrades.

    Needrestart is a utility automatically executed after APT operations, such as install, upgrade, or remove, in Ubuntu Servers. It is designed to determine whether services require a restart, ensuring they use the latest library versions and maintaining system security and performance without necessitating full system reboots.

    The Qualys TRU team warns that these vulnerabilities, present since needrestart version 0.8 released in April 2014, can lead to unauthorised access to sensitive data, malware installations, and disruptions of business operations. Such incidents could result in data breaches, regulatory non-compliance, and decreased trust among customers and stakeholders, impacting corporate reputations.

  • UbuntuNeedrestart local privilege escalation vulnerability fixes available

    Qualys discovered vulnerabilities which allow a local attacker to gain root privileges in the needrestart package (CVE-2024-48990, CVE-2024-48991, CVE-2024-48992, and CVE-2024-11003) and a related issue in libmodule-scandeps-perl (CVE-2024-10224). The vulnerabilities affect Debian, Ubuntu and other GNU/Linux distributions. Canonical’s security team has released updates for the needrestart and libmodule-scandeps-perl packages for all Ubuntu releases.

  • Canonical Needrestart local privilege escalation vulnerability fixes available
  • LWNThe top open-source security events in 2024

    What have been the most significant security-related incidents for the open-source community in 2024 (so far)? Marta Rybczyńska recently ran a poll and got some interesting results. At the 2024 Open Source Summit Japan, she presented those results along with some commentary of her own. The events in question are unlikely to be a surprise to LWN readers, but the overall picture that was presented was worth a look.

  • NVISO Labs The Importance of Establishing a Solid Third Party Risk Management Framework for Risk Mitigation

    In the previous post, we introduced the concept of Third-Party Risk Management (TPRM) and its importance in today’s interconnected world. Now, let us have a look at the practical aspects of building a solid TPRM program and why it is important for your company.

  • Pen Test Partners How we helped expose a £12 million rental scam

    TL;DR We helped Channel 4 with trying to track down rental scammers.

  • Scoop News Group Attackers are hijacking Jupyter notebooks to host illegal Champions League streams

    Normally reserved for data analysis, a cybersecurity firm caught online content pirates hosting soccer matches.

  • Scoop News Group Bipartisan Senate bill targets supply chain threats from foreign adversaries

    The bill would strengthen oversight powers for the body charged with investigating IT products from China and other foes.

  • Silicon Angle Cyber resilience evolves into a team sport for organizations battling ransomware
    The cybersecurity battleground for companies has expanded in scope and complexity. The response is a broadening from traditional enterprise security operations to full-fledged cyber resilience. In doing so, companies can preempt and respond to attacks with minimal disruptions and resource/reputation loss.
  • SANSApple Fixes Two Exploited Vulnerabilities, (Tue, Nov 19th)

    Today, Fashion Company Apple released updates patching two vulnerabilities that have already been exploited. Interestingly, according to Apple, the vulnerabilities have only been exploited against Intel-based systems, but they appear to affect ARM (M"x") systems as well.

  • Federal News Network NIST’s quantum standards: The time for upgrades is now

    Quantum computing is farther along than most realize, and it's time to safeguard against cybersecurity threats posed by those who will use quantum technologies.

Other Recent Tux Machines' Posts

Ubuntu Weekly Newsletter and Canonical Make It Easier to Install NVIDIA CUDA on Ubuntu
some Canonical/Ubuntu news
Jonathan Riddell’s Diary: Adios Chicos, 25 Years of KDE
being cut off from my life for the last 25 years was too much for me
Akademy, Kdenlive, and Neon
KDE news
Firefox 143 Is Now Available for Download, This Is What’s New
Mozilla has published today the final builds of the Firefox 143 open-source web browser ahead of its official unveiling on September 16th, 2025.
Linux 6.17-rc6
new RC
LMDE 7 Will Be Based on Debian 13 “Trixie”, Linux Mint 22.3 Planned for December
Linux Mint leader Clement Lefebvre revealed today in the project’s monthly newsletter that the team is working on the LMDE (Linux Mint Debian Edition) 7 operating system.
A Decade of Kubernetes and v1.34 Release
coverage has begun
Wine 10.15
The Wine development release 10.15 is now available
GNOME 49 Release Candidate Re-Enables X11 Support by Default in GDM
The GNOME Project released today the RC (Release Candidate) development version of the upcoming GNOME 49 desktop environment series, scheduled for release later this month on September 17th.
Our Reach Grows [original]
We seem to have attracted new readers and we assume that more and more people are adopting GNU/Linux
Dr. Andy Farnell to Speak at Digital Inclusion Coffee Morning in Portsmouth, England [original]
"This month we are joining a Digital Inclusion Coffee Morning in Portsmouth. For this event most of the audience will be older people. We're keen to get some new input."
Half of September is Gone Already [original]
COVID-19 started in late 2019. In 2022 we dumped Drupal. In 2023 we moved to UK hosting. In 2024 we fought back against Microsofters, who had attempted to censor us...
 
Microsoft Admits "Secure Boot" Risks (Some PCs Won't Boot) [original]
"Secure Boot" is not about security. It's about securing Microsoft's monopoly.
Today in Techrights
Some of the latest articles
GNU/Linux and Free Software Leftovers
mostly the latter
Security Leftovers
Security related picks
Hardware/Modding: Radxa, Android, and More
Hardware picks
Rust Coreutils Are Performing Worse Than GNU Coreutils in Ubuntu
the journey hasn't been without its challenges
Budgie 10.9.3 Now Available
The latest version of this elegant and configurable Linux desktop aligns with changes in Gnome 49
Android Leftovers
Samsung Reveals When Your Galaxy Will Get Android 16
Transform Your Raspberry Pi 5 Into a Desktop Powerhouse with Alpine Linux
Have you ever wondered how to turn your Raspberry Pi 5 into a sleek
This 17MB Linux distro runs on just about any PC
Tiny Core Linux is a distribution that doesn’t try to compete with the giants
Linux Mint picks up the pace with LMDE 7 and Wayland-ready Cinnamon
The Linux Mint team plans to speed up its release cycle and get two more versions out in the next few months
Free and Open Source Software, and Review
This is free and open source software
today's leftovers
3 more stories
Graphics: Fixes for Xorg Wizard and radv takes over from AMDVLK
Graphics-related news
Games: Cattle Country, Godot 4.5, and GNOME’s Tetris Clone Quadrapassel
gaming leftovers
ESP32 Projects and GNU/Linux Terminal App in Android
Linux and devices
Mobile Progress Report From Thunderbird and Mozilla Tells Users to Trash 'Old' Computers
Mozilla leftovers
Programming Leftovers
Development leftovers
Events: Linux Plumbers Conference, Open Source Summit Europe, and SIDO
Events being covered
GNOME/GTK Report From Christian Hergert and Gedit News
GNOME news
Audiocasts/Shows: mintCast and Late Night Linux
2 new episodes
Applications: Readest, ty, VirtualBox, and FreeIPMI
software overviews, releases
today's howtos
some more howtos for today
Security Patches and More
Security leftovers
Openwashing: Microsoft OSI Having a Crisis, Fake "Open Source" Slop (Not "AI") Criticised
3 stories
Installing Ubuntu Questing Quokka Beta
If you are thinking of switching to Linux, I don’t recommend starting with a test build
Firefox 144 to Strengthen the Encryption of Logins in the Firefox Password Manager
With Firefox 143 hitting the stable channel today on all supported platforms, Mozilla promoted the next major release, Firefox 144, to the beta channel for public testing.
today's leftovers
GNU/Linux and more
Programming Leftovers
Development and more
Web Browsers/Web Servers: Varnish 8.0.0, Hosting A Website On A Disposable Vape, and Firefox 143
WWW leftovers
today's howtos
idroot and more
Red Hat Hype ("AI") and RHEL
mostly from redhat.com
Fedora Linux 43 Beta Released with Linux 6.17, GNOME 49, and KDE Plasma 6.4
The Fedora Project released today the beta version of the upcoming Fedora Linux 43 for public testing to give us a glimpse of the new features and report potential bugs.
Monty Widenius 'heartbroken' over Oracle's MySQL job cuts
Around 70 members of the team behind the open source database have been shown the door as part of Oracle's latest round of redundancies, according to one high-level source in the MySQL community
Games: Super Mario Bros Remastered, Slay the Spire 2, and More
10 new articles from GamingOnLinux
Android Leftovers
You can now turn your Android phone into a mini Nintendo Switch
4 reasons why I have started to look for NixOS alternatives
I have been using NixOS for a few months now and have been enjoying it a lot
I tried using Linux's AntiX OS on my super old laptop and it works like a charm
I found solace in antiX
Free and Open Source Software, and Review
This is free and open source software
PureOS Crimson: August 2025 – Alpha Released
We have released alpha images for PureOS Crimson for all Librem devices and have closed the first milestone!
This beautiful Linux distro deserves to be better known - here's why
The Ubuntu-based Voyager Linux checks all the boxes
Cantillon Lessons Guide Shift to Open-Source
Switching to Linux distributions like openSUSE reverses this imbalance
Today in Techrights
Some of the latest articles
NU/Linux and FOSS Leftovers
more links regarding GNU/Linux and against it
A Collection of Recent Distributions and Operating Systems Coverage at Valnet
GNU/Linux and more
Batocera Linux for Games, Best GNU/Linux Distros for Playing AAA Windows Games
Games related picks
What Is DragonFly BSD, and Is It Worth Installing as an OS?
Will it make your system fly like a dragonfly?
Fedora 43 Beta Is Almost Here, and the Wallpaper Just Dropped
The countdown begins for this space-themed beta launch.
today's howtos
a handful of howtos from Valnet
GNU/Linux Device With a Folding Screen and Jellyfin for Android TV Is Stealing Another Plex Feature
hardware takes
Linux vs. Windows: Why Linux Will Gain Ground in the Desktop War
Forget all the other years; this year will be the year of the Linux desktop.
Why a Cinnamon Desktop Environment Is Best for Linux Newcomers
Cinnamon desktop makes switching to Linux painless!
These portable operating systems are so light you don’t even need to install them
So if you want flexibility, a rescue tool, or simply a way to breathe new life into older hardware, you should consider these lightweight live systems
One More Week [original]
There are about half a dozen people running this site
Canonical to Package and Distribute NVIDIA CUDA within Ubuntu’s Repositories
Today, Ubuntu maker Canonical announced that it will package and distribute the NVIDIA CUDA toolkit within Ubuntu’s repositories.
GNU/Linux Leftovers
some more links about GNU/Linux
Free, Libre, and Open Source Software Leftovers
FOSS leftovers
Reverse-Engineering, Framework, and Omarchy
open hardware leftovers
Security Leftovers
Security in Linux and more
Databases: MariaDB 11.8 and pgexporter 0.7
commentary and release
Programming Leftovers
Development related picks
today's howtos
many howtos
openSUSE’s Agama Installer 17 Released with UI Improvements
openSUSE's new Agama installer v17 brings improved storage UI
Dash to Panel GNOME Shell Extension Gets GNOME 49 Support and New Features
A big update to the popular GNOME Shell extension Dash to Panel is rolling out today with new features, bug fixes, and support for the soon-to-be-released GNOME 49 desktop environment series.
Release of FreeBSD 15.0-ALPHA2
FreeBSD 15.0-ALPHA2 is out
GOTO – simple SSH manager
GOTO is free and open source software
Android Leftovers
It's official: The 'Snapdragon 8 Elite Gen 5' will power the next wave of Android flagships
Introducing The ASF’s New Logo
going "woke"?
Giada 1.3 Open-Source Loop Machine Adds Support for Multiple Audio Connections
Giada 1.3 has been released today as a new stable version of this open-source, minimalistic, and hardcore loop machine and music production software designed for DJs, live performers, and electronic musicians.
extrox - Current Latest Version - ver1.15 - MX Linux Based Distro - Features
Release of extrox 115
Debian-Based Tails 7.0 RC1 and Asmi Linux 13 Debian Edition
Some Debian distros
MocaccinoOS v25.09
From now on, MocaccinoOS will follow the year.month format (YY.MM)
This niche Fedora-based Linux distro ‘just works’ and stays out of your way as much as possible
Linux distributions have always had a reputation for offering choice
7 Linux Distributions I Tested in the Past Year, Ranked
Over the past year I've booted numerous Linux distributions
4 MX Linux Tools that I miss while using Ubuntu and other Linux distros
MX Linux is one of the more distinct-looking Linux distributions that tries to make the overall operating system experience less cumbersome for the average user
VirtualBox 7.2.2 Maintenance Update Brings USB, Networking, and GUI Fixes
VirtualBox 7.2.2 fixes crashes, GUI freezes, and USB/IP issues
Free and Open Source Software
This is free and open source software
Review: EasyOS 7.0
I think it is important to keep in mind that EasyOS is not meant to be a mainstream distribution
GNU/Linux Leftovers
howtos and more
Today in Techrights
Some of the latest articles