Security Leftovers
-
LWN ☛ Security updates for Wednesday
Security updates have been issued by AlmaLinux (pcs), Debian (expat, galera-4, libreoffice, mariadb-10.5, and php-twig), Fedora (chromium), Red Hat (ghostscript and git), SUSE (gstreamer-plugins-bad, gstreamer-plugins-bad, libvpl, python-dnspython, python3, and python36), and Ubuntu (expat, frr, libxmltok, linux-xilinx-zynqmp, openssl, and quagga).
-
LWN ☛ Security updates for Tuesday
Security updates have been issued by Debian (php-twig and pymongo), Fedora (linux-firmware, microcode_ctl, and python3.13), Mageia (clamav, microcode, postgresql13 and postgresql15, python3-webob, suricata, tcpreplay, tgt, and wireshark), Oracle (httpd, kernel, and linux-kernel), Red Hat (firefox, kernel, kernel-rt, pcs, and thunderbird), SUSE (389-ds, chromium, golang-github-prometheus-prometheus, htmldoc, kernel, SUSE Manager Client Tools, and wireshark), and Ubuntu (clamav, curl, dcmtk, dovecot, nginx, openssh, and python3.10, python3.12, python3.8).
-
LWN ☛ Security proof for Linux's random number generator
Four researchers have published a formal proof that Linux's new deterministic random bit generator (DRBG) is secure in a particular sense — specifically, that the number of queries that would need to be made to it to uncover its internal state depends on the quality of the entropy it can collect from different sources. As long as it can gather enough entropy, it produces secure random numbers. Since the significant structural changes in Linux 4 and Linux 5.17, there has been no research on the provable security of Linux-DRBG. For the first time (to the best of our knowledge), we formally model the Linux-DRBG in Linux 6.4.8 and prove its security in the seedless robustness model Thanks to Jason Donenfeld for bringing the paper to our attention.
-
Security Week ☛ VMware Patches Remote Code Execution Flaw Found in Chinese Hacking Contest
VMware warned that an attacker with network access could send a specially crafted packet to execute remote code. CVSS severity score 9.8/10.
-
Security Week ☛ D-Link Patches Critical Router Vulnerabilities
D-Link has released patches for critical vulnerabilities that could allow attackers to execute arbitrary code and commands on routers.
-
Medevel ☛ Rescue, Repair, and Recover: Why SystemRescue is Your Go-To GNU/Linux Tool
SystemRescue is a robust and comprehensive Linux-based toolkit meticulously crafted to assist users in rescuing, repairing, and recovering their systems. This powerful solution offers an extensive and versatile suite of utilities specifically designed for managing or recovering data from damaged systems, restoring critical files, and efficiently managing partitions.