The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added half a dozen vulnerabilities to its catalog of Known Exploited Vulnerabilities and is ordering federal agencies to follow vendor’s instructions to fix them.
Google Chrome users on Windows, Mac, and Linux need to install the latest update to the browser to protect themselves from a serious security vulnerability that hackers are actively exploiting.
Microsoft Azure customers running Canonical's Ubuntu 18.04 (aka Bionic Beaver) in the cloud have seen their applications fail after a flawed security update to systemd broke DNS queries.
Researchers have revealed details about a long-standing security vulnerability that has been active in the Linux kernel for over eight years. The cybersecurity analysts from Northwestern University (Zhenpeng Lin, Yuhang Wu, and Xinyu Xing) described it as:- “As Nasty As Dirty Pipe”.
A new Linux kernel exploitation called Dirty Cred was revealed at last week’s Black Hat security conference.
British Linux distributor Canonical is releasing security updates to the Linux kernel for Ubuntu 22.04 LTS (“Jammy Jellyfish”) and Ubuntu 20.04 LTS (“Focal Fossa”), patching vulnerabilities in its operating systems. The vulnerabilities fixed could lead to a Denial of Service (DOS) lead.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a recently disclosed security flaw in the UnRAR utility to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
The developers of LibreOffice have released updates for the open source Office suite to patch three security issues.
While relevant Intel and AMD processors have been mitigated for the recent Retbleed security vulnerability affecting older generations of processors, those mitigations currently just work for x86_64 kernels and will not work if running an x86 (32-bit) kernel on affected hardware. But it's unlikely to get fixed unless some passionate individual steps up as the upstream developers and vendors have long since moved on to just caring about x86_64.
Merged yesterday afternoon to the mainline Linux 5.19 Git kernel and set for back-porting is a fix for a new security bug. Oracle made public CVE-2022-21505 on Tuesday as a trivial bypass to the Linux kernel's lockdown mode.
