Two critical security vulnerabilities were found in pgAdmin, the open-source administration tool for PostgreSQL. The vulnerabilities assigned CVE-2024-4216 and CVE-2024-4215 affect the tool's cross-site scripting and multi-factor authentication featu...
RHEL (Red Hat Enterprise Linux) and CentOS Linux 7 users have received a new Linux kernel security update fixing several vulnerabilities affecting the Intel graphics drivers.
A seven-year-old Linux local privilege escalation bug has reared its head and finally gotten a fix. When it was available, exploiting the vulnerability in the polkit authentication service could have allowed attackers to get a root shell on several actively-used Linux distros including RHEL 8, Fedora 21 or later and Ubuntu 20.04. Patch now!
Unprivileged attackers can get a root shell by exploiting an authentication bypass vulnerability in the polkit auth system service installed by default on many modern Linux distributions. This polkit local privilege escalation bug (tracked as CVE-2021-3560) was publicly disclosed, and a fix was released on June 3, 2021.
Google has released Chrome 91.0.4472.101 for Windows, Mac, and Linux, fixing 14 security vulnerabilities, including one zero-day vulnerability exploited in the wild (tracked as CVE-2021-30551). This marks the sixth Chrome zero-day exploited in the wild this year.
Hector Martin, a hacker who is porting Linux to Apple Silicon Macs through Asahi Linux, has discovered a novel covert channel vulnerability on the M1 chip, calling it ‘M1RACLES’ and tracked as CVE-2021-30747. The flaw lies in the design of the chip itself, allowing any two applications running under an OS to covertly exchange data between them without using memory, sockets, files, or any other features that are meant to be used for data exchange. "While this shouldn’t be allowed as it bypasses OS security layers, it is nothing to worry about in practice."
A set of dangerous vulnerabilities have been discovered in the Exim mail server. Remote code execution, privilege escalation to root and lateral movement through a victim’s environment are all on offer for the unpatched or unaware.
Security researchers have discovered an information disclosure vulnerability in the Linux kernel that can be exploited to leak data, at least on 32-bit Arm devices. A patch for the vulnerability has already been merged in the mainline kernel.
An information disclosure vulnerability in the Linux kernel that exposes stack memory (tracked as CVE-2020-28588) can be exploited to leak data and act as a springboard for further compromise.
Google has released version 90.0.4430.85 of the Chrome browser with seven security fixes, including one for a zero-day vulnerability that was exploited in the wild.
Google security researcher Andy Nguyen has disclosed long-awaited details of zero-click vulnerabilities in the Linux Bluetooth subsystem that allow nearby, unauthenticated attackers “to execute arbitrary code with kernel privileges on vulnerable devices”. Nguyen claims that his findings ultimately led to a safer, more stable kernel.
Linux does, occasionally, raise security concerns. While many users see it as the most secure, robust and versatile OS available, security precautions still have to be taken. Linus Torvalds' recent bug warning is a testament to the importance of taking a proactive, vigilant approach to security.
Cybersecurity researchers have identified two new vulnerabilities in Linux-based OSes that, if successfully exploited, could enable attackers to bypass mitigations for speculative attacks such as Spectre and obtain sensitive information from kernel memory.
Canonical has released another Linux kernel security update for Ubuntu to address six vulnerabilities affecting the Linux 5.8 and 5.4 kernels of several Ubuntu releases. Update ASAP to prevent DoS, information leakage and other security threats.
Researchers have discovered three vulnerabilities capable of granting attackers root privileges on Linux systems if they are able to gain access through other methods. These bugs, which affect the iSCSI kernel subsystem, have existed for more than 15 years.
CentOS Linux 7 and Red Hat Enterprise Linux (RHEL) 7 are vulnerable to over a dozen kernel bugs. Red Hat has issued an important security update mutigating these flaws - patch now!
Canonical has published new Linux kernel security updates for all of its supported Ubuntu OS releases addressing up to six security vulnerabilities affecting all supported kernels. Patch now!
Maliciously constructed Wireshark packet capture files might be used to distribute malware, providing recipients can be tricked into double clicking file URL fields. A CVE has been assigned to the security issue (now resolved through a recent update) due its potential for harm, despite the fact that some social engineering trickery is required.
Three privilege escalation vulnerabilities that have managed to avoid detection since 2006 have been discovered in the Linux kernel. All three have been patched - update now!