3 liens privés
According to @evilsocket, cups-browsed can be held up for an extended period of time: The lock acquired here doesn't get unlocked until the IPP server has responded. A malicious IPP server can keep the connection going effectively remote...
Researchers have demonstrated the "first native Spectre v2 exploit" for a new speculative execution side-channel flaw that impacts Linux systems running on many modern Intel processors.
Episode #451 consacré à la backdoor dépoloyée dans XZ Utils Références : Backdoor XZ :https://arstechnica.com/security/2024/04/what-we-know-about-the-xz-utils-backdoor-that-almost-infected-the-world/https://boehs.org/node/everything-i-know-about-the-xz-backdoorhttps://bsky.app/profile/filippo.abyssdomain.expert/post/3kowjkx2njy2bhttps://github.com/amlweems/xzbothttps://gynvael.coldwind.pl/?lang=en&id=782https://nvd.nist.gov/vuln/detail/CVE-2024-3094https://tukaani.org/xz-backdoor/https://twitter.com/fr0gger_/status/1774342248437813525/photo/1https://www.bleepingcomputer.com/news/security/red-hat-warns-of-backdoor-in-xz-tools-used-by-most-linux-distros/https://www.cisa.gov/news-events/alerts/2024/03/29/reported-supply-chain-compromise-affecting-xz-utils-data-compression-library-cve-2024-3094https://www.openwall.com/lists/oss-security/2024/03/29/4https://www.theregister.com/2024/03/29/malicious_backdoor_xz/ Microsoft Equation Editor :https://support.microsoft.com/en-us/office/equation-editor-6eac7d71-3c74-437b-80d3-c7dea24fdf3f Polyfill :https://github.com/formatjs/formatjs/issues/4363
A new Linux vulnerability puts user passwords at risk. It exploits the "wall" command to potentially leak passwords on Ubuntu & Debian systems.
Today, Red Hat warned users to immediately stop using systems running Fedora development and experimental versions because of a backdoor found in the latest XZ Utils data compression tools and libraries.
Microsoft is bringing the Linux 'sudo' feature to Windows Server 2025, offering a new way for admins to elevate privileges for console applications.
Dubbed Looney Tunables by cybersecurity researchers at Qualys; the vulnerability resides within the GNU C Library's dynamic loader.
A new Linux NetFilter kernel flaw has been discovered, allowing unprivileged local users to escalate their privileges to root level, allowing complete control over a system.
