news
Some Linux Kernel Security Worries
-
Herman Õunapuu ☛ You can fake SSD-like disk speeds in any Linux VM, but it's unsafe (literally)
I set up a few VM-s on the Proxmox machine, and did some testing. CPU, memory, that was all fine, but the IO-bound workloads that we had to run during those bursty periods would still be relatively slow. Not much slower than the main infrastructure provider that we were using, but slow enough for a beefy machine to not be able to handle more than a few parallel IO-heavy workloads running at the same time.
We exhausted a few other wild-ass ideas during the investigation: [...]
-
The Register UK ☛ AI agents found vulns in this popular Linux and Unix print server
In the latest chapter on leaky CUPS, a security researcher and his band of bug-hunting agents have found two flaws that can be chained to allow an unauthenticated attacker to remotely execute code and achieve root file overwrite on the network.
CUPS - or the Common Unix Printing System, as it is less commonly known - is the standard way to submit files for printing over Linux and other Unix-like systems. It's also a favorite target for security researchers because a) making printers do bad things is fun, and b) as the default printing system for Apple device operating systems and most Linux distributions, any CUPS security flaw has a wide blast radius.
Asim Viladi Oglu Manizada and his team of vulnerability hunting agents recently discovered two issues in CUPS, CVE-2026-34980 and CVE-2026-34990, and the SpaceX security engineer said he was inspired by software developer Simone Margaritelli's 2024 research chaining several CUPS vulnerabilities to achieve unauthorized remote code execution (RCE).
-
Dolphin Publications B V ☛ New vulnerabilities affect printing software on Linux and Unix - Techzine Global
Security researchers have discovered two new vulnerabilities in the widely used CUPS printing system, which is deployed by default on Linux and Unix-like systems.
By combining these vulnerabilities, an attacker without login credentials can remotely execute code and ultimately gain full control over a system, according to The Register.
The issues were found in version 2.4.16 of CUPS. Although no official update is available yet, patches have been published to address the vulnerabilities. The discovery was made by a researcher who, using automated analysis tools, specifically searched for weaknesses in the system.