Security Leftovers
-
LWN ☛ Security updates for Tuesday
Security updates have been issued by AlmaLinux (.NET 9.0, bcc, bluez, bpftrace, bubblewrap, flatpak, buildah, cockpit, containernetworking-plugins, cups, cyrus-imapd, edk2, expat, firefox, fontforge, gnome-shell, gnome-shell-extensions, grafana, grafana-pcp, gtk3, httpd, iperf3, jose, krb5, libgcrypt, libsoup, libvirt, libvpx, lldpd, microcode_ctl, mingw-glib2, mod_auth_openidc, nano, NetworkManager, oci-seccomp-bpf-hook, openexr, osbuild-composer, pcp, podman, poppler, postfix, python-dns, python-jinja2, python-jwcrypto, python3.11, python3.11-PyMySQL, python3.11-urllib3, python3.12, python3.12-PyMySQL, python3.12-urllib3, python3.9, qemu-kvm, runc, skopeo, squid, thunderbird, toolbox, tpm2-tools, vim, webkit2gtk3, xorg-x11-server, and xorg-x11-server-Xwayland), Fedora (lemonldap-ng and mingw-expat), SUSE (bea-stax, xstream, expat, httpcomponents-client, httpcomponents-core, kernel, SUSE Manager Client Tools, SUSE Manager Proxy, Retail Branch Server 4.3, SUSE Manager Salt Bundle, SUSE Manager Server 4.3, and SUSE Manager Server 5.0), and Ubuntu (curl, glib2.0, and webkit2gtk).
-
Critical needrestart vulnerabilities found in Ubuntu Servers
The Qualys Threat Research Unit (TRU) has uncovered five Local Privilege Escalation (LPE) vulnerabilities within the needrestart component used by Ubuntu Servers.
These vulnerabilities, linked to CVE identifiers CVE-2024-48990, CVE-2024-48991, CVE-2024-48992, CVE-2024-10224, and CVE-2024-11003, pose significant security threats as they potentially allow any unprivileged user to gain full root access during package installations or upgrades.
Needrestart is a utility automatically executed after APT operations, such as install, upgrade, or remove, in Ubuntu Servers. It is designed to determine whether services require a restart, ensuring they use the latest library versions and maintaining system security and performance without necessitating full system reboots.
The Qualys TRU team warns that these vulnerabilities, present since needrestart version 0.8 released in April 2014, can lead to unauthorised access to sensitive data, malware installations, and disruptions of business operations. Such incidents could result in data breaches, regulatory non-compliance, and decreased trust among customers and stakeholders, impacting corporate reputations.
-
Ubuntu ☛ Needrestart local privilege escalation vulnerability fixes available
Qualys discovered vulnerabilities which allow a local attacker to gain root privileges in the needrestart package (CVE-2024-48990, CVE-2024-48991, CVE-2024-48992, and CVE-2024-11003) and a related issue in libmodule-scandeps-perl (CVE-2024-10224). The vulnerabilities affect Debian, Ubuntu and other GNU/Linux distributions. Canonical’s security team has released updates for the needrestart and libmodule-scandeps-perl packages for all Ubuntu releases.
-
Canonical ☛ Needrestart local privilege escalation vulnerability fixes available
-
LWN ☛ The top open-source security events in 2024
What have been the most significant security-related incidents for the open-source community in 2024 (so far)? Marta Rybczyńska recently ran a poll and got some interesting results. At the 2024 Open Source Summit Japan, she presented those results along with some commentary of her own. The events in question are unlikely to be a surprise to LWN readers, but the overall picture that was presented was worth a look.
-
NVISO Labs ☛ The Importance of Establishing a Solid Third Party Risk Management Framework for Risk Mitigation
In the previous post, we introduced the concept of Third-Party Risk Management (TPRM) and its importance in today’s interconnected world. Now, let us have a look at the practical aspects of building a solid TPRM program and why it is important for your company.
-
Pen Test Partners ☛ How we helped expose a £12 million rental scam
TL;DR We helped Channel 4 with trying to track down rental scammers.
-
Scoop News Group ☛ Attackers are hijacking Jupyter notebooks to host illegal Champions League streams
Normally reserved for data analysis, a cybersecurity firm caught online content pirates hosting soccer matches.
-
Scoop News Group ☛ Bipartisan Senate bill targets supply chain threats from foreign adversaries
The bill would strengthen oversight powers for the body charged with investigating IT products from China and other foes.
-
Silicon Angle ☛ Cyber resilience evolves into a team sport for organizations battling ransomware
The cybersecurity battleground for companies has expanded in scope and complexity. The response is a broadening from traditional enterprise security operations to full-fledged cyber resilience. In doing so, companies can preempt and respond to attacks with minimal disruptions and resource/reputation loss. -
SANS ☛ Apple Fixes Two Exploited Vulnerabilities, (Tue, Nov 19th)
Today, Fashion Company Apple released updates patching two vulnerabilities that have already been exploited. Interestingly, according to Apple, the vulnerabilities have only been exploited against Intel-based systems, but they appear to affect ARM (M"x") systems as well.
-
Federal News Network ☛ NIST’s quantum standards: The time for upgrades is now
Quantum computing is farther along than most realize, and it's time to safeguard against cybersecurity threats posed by those who will use quantum technologies.