Security Vulnerabilities - Page 7Security Vulnerabilities - Page 7.5

Discover Security Vulnerabilities News

CISA: Urgent Patching Needed for Actively Exploited Linux Kernel Flaw

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

SecurityWeek reports that federal agencies have been ordered by the Cybersecurity and Infrastructure Security Agency to remediate within three weeks a Linux kernel bug, tracked as CVE-2021-3493, which has been added to the agency's Known Exploited Vulnerabilities Catalog following active exploitation by the new stealthy Linux malware Shikitega.

Brittany Day
Oct 25, 2022

Debian and Ubuntu Users Get Kernel Security Updates to Fix Recent Wi-Fi Stack Flaws

Users of the Debian GNU/Linux and Ubuntu Linux distributions received important kernel security updates that address multiple vulnerabilities discovered by various security researchers.

Brittany Day
Oct 20, 2022

Linux Fixes 5 Gaping Holes in Wi-Fi

Linux’s Wi-Fi code has some nasty bugs, which can be exploited simply by being near an attacker. Remote code execution is a possibility—no need to actually connect to a malicious Wi-Fi network.

Brittany Day
Oct 15, 2022

New Ubuntu Linux Kernel Security Updates Fix 16 Vulnerabilities, Patch Now

Canonical has released new Linux kernel security patches for all supported Ubuntu releases to address various security vulnerabilities discovered in the upstream kernel packages.

Brittany Day
Oct 11, 2022

3 Critical Malicious Code Execution Vulnerabilities In Linux Kernel

A security investigator has discovered three new code execution flaws in the Linux kernel that might be exploited by a local or external adversary to take control of the vulnerable computers and run arbitrary code.

Brittany Day
Oct 09, 2022

Alert: 15-year-old Python tarfile Flaw Lurks in 'Over 350,000' Code Projects

Oh cool, a 5,500-day security hole

Brittany Day
Sep 30, 2022

CISA Orders Agencies to Patch Vulnerability Used in Stuxnet Attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added half a dozen vulnerabilities to its catalog of Known Exploited Vulnerabilities and is ordering federal agencies to follow vendor’s instructions to fix them.

Brittany Day
Sep 19, 2022

8.Locks HexConnections CodeGlobe Esm H200

Google Chrome’s Latest Update Has a Security Fix You Should Install ASAP

Google Chrome users on Windows, Mac, and Linux need to install the latest update to the browser to protect themselves from a serious security vulnerability that hackers are actively exploiting.

Brittany Day
Sep 14, 2022

Ubuntu Linux 18.04 systemd Security Patch Breaks DNS in Microsoft Azure

Microsoft Azure customers running Canonical's Ubuntu 18.04 (aka Bionic Beaver) in the cloud have seen their applications fail after a flawed security update to systemd broke DNS queries.

Brittany Day
Sep 01, 2022

8-Year-Old Linux Kernel Bug ‘No Pipe but as Nasty as Dirty Pipe’ Found

Researchers have revealed details about a long-standing security vulnerability that has been active in the Linux kernel for over eight years. The cybersecurity analysts from Northwestern University (Zhenpeng Lin, Yuhang Wu, and Xinyu Xing) described it as:- “As Nasty As Dirty Pipe”.

Brittany Day
Aug 26, 2022

New Linux Exploit ‘Dirty Cred’ Revealed at Black Hat

A new Linux kernel exploitation called Dirty Cred was revealed at last week’s Black Hat security conference.

Brittany Day
Aug 18, 2022

Ubuntu 22.04 LTS and 20.04 LTS: Canonical Releases Kernel Security Updates

British Linux distributor Canonical is releasing security updates to the Linux kernel for Ubuntu 22.04 LTS (“Jammy Jellyfish”) and Ubuntu 20.04 LTS (“Focal Fossa”), patching vulnerabilities in its operating systems. The vulnerabilities fixed could lead to a Denial of Service (DOS) lead.

Brittany Day
Aug 15, 2022

CISA Issues Warning on Active Exploitation of UnRAR Software for Linux Systems

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a recently disclosed security flaw in the UnRAR utility to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

Brittany Day
Aug 11, 2022

LibreOffice Security Update Fixes Macro Execution Bypass and Potential Password Leaking

The developers of LibreOffice have released updates for the open source Office suite to patch three security issues.

Brittany Day
Jul 29, 2022

Linux x86 32-bit Is Vulnerable To Retbleed But Don't Expect It To Get Fixed

While relevant Intel and AMD processors have been mitigated for the recent Retbleed security vulnerability affecting older generations of processors, those mitigations currently just work for x86_64 kernels and will not work if running an x86 (32-bit) kernel on affected hardware. But it's unlikely to get fixed unless some passionate individual steps up as the upstream developers and vendors have long since moved on to just caring about x86_64.

Brittany Day
Jul 24, 2022

Linux Lands Fix For A Trivial Lockdown Bypass Bug

Merged yesterday afternoon to the mainline Linux 5.19 Git kernel and set for back-porting is a fix for a new security bug. Oracle made public CVE-2022-21505 on Tuesday as a trivial bypass to the Linux kernel's lockdown mode.

Brittany Day
Jul 21, 2022

Retbleed Fixed in Linux Kernel, Patch Delayed

Linus Torvalds says Retbleed has been addressed in the Linux kernel, but code complexity means the release will be delayed by a week to give more time for testing.

Brittany Day
Jul 19, 2022

Torvalds: Linux Kernel Team Has Sorted Retbleed Chip Flaw

Linux kernel developers have addressed the Retbleed speculative execution bug in older Intel and AMD silicon, but the fix wasn't straightforward, so emperor penguin Linus Torvalds has delayed delivery of the next version by a week.

Brittany Day
Jul 19, 2022

Pixel 6 and Galaxy S22 Affected by Major New Linux Kernel Vulnerability

A seemingly major vulnerability has been discovered by security researcher and Northwestern PhD student Zhenpeng Lin, affecting the kernel on the Pixel 6 and 6 Pro and other Android devices running Linux kernel versions based on 5.10 like the Galaxy S22 series. Precise details for how the vulnerability works have not yet been published, but the researcher claims that it can enable arbitrary read and write, privilege escalation, and disable SELinux security protections — in short, this is a biggie.

Brittany Day
Jul 07, 2022

Hacking Linux is Easy with PwnKit

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added PwnKit as a high-severity Linux vulnerability to its list of actively exploited bugs.

Brittany Day
Jul 05, 2022

Security Vulnerabilities - Page 7.5

How to Keep Your Linux System Safe from Kernel Bugs

Spectre V2: A New Threat to Linux Systems

Native Spectre v2 Exploit Uncovered: Implications & Analysis for Linux Security Practitioners