Security Leftovers

posted by Roy Schestowitz on Jul 09, 2025

• LWN ☛ Security updates for Tuesday

  Security updates have been issued by Debian (djvulibre and slurm-wlm), Red Hat (apache-commons-vfs, container-tools:rhel8, kernel, kernel-rt, podman, python3, rsync, socat, and sudo), SUSE (apache2, helm-mirror, incus, kernel, openssl-3, python-Django, and systemd), and Ubuntu (dcmtk, File::Find::Rule, ghostscript, jquery, and libssh).

• Scoop News Group ☛ Appeals court clears path for El Salvadoran journos to sue spyware maker

  The court vacated the district court’s decision to dismiss the case against NSO Group, saying it abused its discretion in doing so.

• Qubes OS Summit 2025: Call for sponsors

  The Qubes OS Project and 3mdeb are excited to announce the upcoming Qubes OS Summit 2025! This event will be an incredible opportunity for the community to come together, share knowledge, and discuss the future of secure computing.

• Trail of Bits ☛ Investigate your dependencies with Deptective

  Deptective, our new open-source tool, automatically finds the packages needed to install software dependencies. It does so not based on the software’s self-reported requirements, but by observing what the software needs at runtime.

• CVE-2025-24294: Possible Denial of Service in resolv gem

  A denial of service vulnerability has been discovered in the resolv gem bundled with Ruby. This vulnerability has been assigned the CVE identifier CVE-2025-24294. We recommend upgrading the resolv gem.

• HackRead ☛ Pakistan’s Transparent Tribe Hits Indian Defence with Linux Malware

  A sophisticated cyber espionage operation, believed to be run by a group known as APT36 (also called Transparent Tribe), is now targeting Indian defence personnel and organizations. This Pakistan-based group is targeting systems running BOSS Linux (Bharat Operating System Solutions), an Indian Linux distribution based on Debian commonly used by Indian government agencies.

  This shows a new step in their attacks since they’re now using malicious software designed specifically for Linux environments. This threat was reported by cybersecurity firm Cyfirma, and the findings were shared with Hackread.com.

  Cyfirma researchers first observed this new attack on June 7, 2025. As per their research, the attackers are employing cunning phishing emails to trick their targets. These emails come with a compressed file, typically an archived ZIP file “Cyber-Security-Advisory.zip,” which contains a harmful ‘.desktop’ file– essentially a shortcut used in Linux systems.

• CSO ☛ How a 12-year-old bug in Sudo is still haunting Linux users [Ed: They make it sound like this has been exploited before its discovery and for over a decade]

  Two new vulnerabilities have been found in Sudo, a privileged command-line tool installed on Linux systems, that can allow privilege escalation and unintended command execution on affected Ubuntu and Debian systems.

  According to a Stratascale research, the command-line tool has two local privilege escalation vulnerabilities, affecting the Sudo “host” and Sudo “Chroot” features. One of the vulnerabilities has remained unnoticed for over 12 years.

• TechRadar ☛ Several major Linux distros hit by serious Sudo security flaws

  Two vulnerabilities were recently spotted in various Linux distributions which, when chained together, allow local attackers to escalate their privileges and thus run arbitrary files.

• A new Poc Exploit allows Privilege Escalation on Linux using the udisksd daemon

  A proof-of-concept (PoC) exploit for a critical vulnerability that allows local privilege escalation has been developed, affecting several major Linux distributions, such as Fedora and SUSE. The vulnerability, tracked as CVE-2025-6019, allows unprivileged users to gain root access by exploiting the udisksd daemon and its libblockdev backend library, posing a significant security risk to multi-user systems and shared environments.

• Two bugs for Linux Sudo utility patched, one rated critical

  Two local privilege vulnerabilities in the Sudo utility for Linux were recently discovered that could result in the escalation of privileges to root, which would let attackers fully take over an enterprise system.

• Linux contains dangerous secure boot flaw: hackers can bypass it with a USB stick

  Initramfs debug shell flaw lets attackers with physical access bypass Linux Secure Boot.