Security: Patches, Microsoft, Microsoft FUD, and Reproducible Builds
-
Security updates for Friday [LWN.net]
Security updates have been issued by Debian (ruby-tzinfo), Mageia (nvidia-current and nvidia390), SUSE (python-PyYAML, ucode-intel, and zlib), and Ubuntu (linux-aws, postgresql-10, postgresql-12, postgresql-14, and rsync).
-
Microsoft Reveals Playing Janet Jackson Could Crash Laptops
Sometimes you just hit on such crazy stories that you have to report them. That’s what I’m doing with this article. It sounds so bizarre. Microsoft reported that old laptops that played the Janet Jackson music video “Rhythm Nation” would crash. Just being in the vicinity of the song could cause your laptop to crash.
-
Dirty Cred : New Privilege Escalation Vulnerability in Linux [Ed: Hardly severe at all compared to back and bug doors in proprietary software -- which are exploitable remotely and don't require you already have an account on the target machine]
A new Linux kernel exploitation called Dirty Cred was revealed at last week’s Black Hat security conference.
The flaw which is identified as CVE-2022-0847 has been discovered by Zhenpeng Lin, a PhD Student, and his team, who tried to exploit the Linux kernel like the infamous Dirty Pipe vulnerability but with different approaches.
-
241 npm and PyPI packages caught dropping Linux cryptominers [Ed: npm is Microsoft, so this Microsoft propaganda site (controlled by a Microsoft booster) should really say something like, "Microsoft transmits a lot of malware to Linux" (and it's Microsoft's responsibility)]
More than 200 malicious packages have been discovered infiltrating the PyPI and npm open source registries this week.
These packages are largely typosquats of widely used libraries and each one of them downloads a Bash script on Linux systems that run cryptominers.
-
Reproducible Builds (diffoscope): diffoscope 221 released
The diffoscope maintainers are pleased to announce the release of diffoscope version 221. This version includes the following changes:
* Don't crash if we can open a PDF file with PyPDF but cannot parse the annotations within. (Closes: reproducible-builds/diffoscope#311) * Depend on the dedicated xxd package, not vim-common. * Update external_tools.py to reflect xxd/vim-common change.