4 liens privés
Five local privilege escalation (LPE) vulnerabilities have been discovered in the needrestart utility used by Ubuntu Linux, which was introduced over 10 years ago in version 21.04.
According to @evilsocket, cups-browsed can be held up for an extended period of time: The lock acquired here doesn't get unlocked until the IPP server has responded. A malicious IPP server can keep the connection going effectively remote...
Researchers have demonstrated the "first native Spectre v2 exploit" for a new speculative execution side-channel flaw that impacts Linux systems running on many modern Intel processors.
Episode #451 consacré à la backdoor dépoloyée dans XZ Utils Références : Backdoor XZ :https://arstechnica.com/security/2024/04/what-we-know-about-the-xz-utils-backdoor-that-almost-infected-the-world/https://boehs.org/node/everything-i-know-about-the-xz-backdoorhttps://bsky.app/profile/filippo.abyssdomain.expert/post/3kowjkx2njy2bhttps://github.com/amlweems/xzbothttps://gynvael.coldwind.pl/?lang=en&id=782https://nvd.nist.gov/vuln/detail/CVE-2024-3094https://tukaani.org/xz-backdoor/https://twitter.com/fr0gger_/status/1774342248437813525/photo/1https://www.bleepingcomputer.com/news/security/red-hat-warns-of-backdoor-in-xz-tools-used-by-most-linux-distros/https://www.cisa.gov/news-events/alerts/2024/03/29/reported-supply-chain-compromise-affecting-xz-utils-data-compression-library-cve-2024-3094https://www.openwall.com/lists/oss-security/2024/03/29/4https://www.theregister.com/2024/03/29/malicious_backdoor_xz/ Microsoft Equation Editor :https://support.microsoft.com/en-us/office/equation-editor-6eac7d71-3c74-437b-80d3-c7dea24fdf3f Polyfill :https://github.com/formatjs/formatjs/issues/4363
A new Linux vulnerability puts user passwords at risk. It exploits the "wall" command to potentially leak passwords on Ubuntu & Debian systems.
Today, Red Hat warned users to immediately stop using systems running Fedora development and experimental versions because of a backdoor found in the latest XZ Utils data compression tools and libraries.
Microsoft is bringing the Linux 'sudo' feature to Windows Server 2025, offering a new way for admins to elevate privileges for console applications.
Dubbed Looney Tunables by cybersecurity researchers at Qualys; the vulnerability resides within the GNU C Library's dynamic loader.
A new Linux NetFilter kernel flaw has been discovered, allowing unprivileged local users to escalate their privileges to root level, allowing complete control over a system.
