-- Leo's gemini proxy
-- Connecting to gemini.tuxmachines.org:1965...
-- Connected
-- Sending request
-- Meta line: 20 text/gemini;lang=en-GB
Tux Machines
Posted by Roy Schestowitz on Feb 17, 2023
> Security updates have been issued by Debian (firefox-esr), Fedora (community-mysql, edk2, firefox, and git), Slackware (curl and git), SUSE (apache2-mod_security2, aws-efs-utils, bind, curl, git, ImageMagick, java-11-openjdk, java-17-openjdk, java-1_8_0-openjdk, kernel, libksba, and mozilla-nss), and Ubuntu (golang-golang-x-text, golang-x-text, linux-aws, linux-aws-5.15, linux-azure-fde, linux-gcp, linux-gcp-5.15, linux-intel-iotg, linux-aws-5.4, linux-gcp, linux-gcp-5.4, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-oracle-5.4, linux-gke, linux-gke-5.15, nss, and xorg-server, xorg-server-hwe-16.04).
> The City of Oakland, California, has declared a state of emergency after a ransomware attack on Feb. 8 knocked some of its information technology systems offline.
> The Stanford Information Security Office sent out a community alert Saturday warning students against opening a fraudulent email about alleged honor code violations.
> I discovered a logic bug in the readline dependency partially reveals file information when parsing the file specified in the INPUTRC environment variable. This could allow attackers to move laterally on a box where sshd is running, a given user is able to login, and the user’s private key is stored in a known location (/home/user/.ssh/id_rsa).
> This bug was reported and patched back in February 2022, and chfn isn’t typically provided by util-linux anyway, so your boxen are probably fine. I’m writing about this because the exploit is amusing, as it’s made possible due to a happy coincidence of the readline configuration file parsing functions marrying up well to the format of SSH keys—explained further in this post.
> Electric automaker Tesla on Thursday announced it is recalling more than 362,000 vehicles due to their full self-driving software's potential crash risk, adding to the woes of billionaire CEO Elon Musk, whose recently acquired Twitter is beset by operational and financial troubles.
> Citrix this week announced patches for severe vulnerabilities in Virtual Apps and Desktops, as well as in Workspace apps for Windows and Linux.
> Tracked as CVE-2023-24483, the Virtual Apps and Desktops vulnerability is described as a privilege escalation issue that allows an attacker with access to a Windows VDA as a standard Windows user to elevate privileges to System.
> Inside the beating heart of many students and a large number of learners lies an inner cheat.� To get passing grades, every effort will be made to do the least to achieve the most. Efforts to subvert the central class examination are the stuff of legend: discreetly written notes on […]
-- Response ended
-- Page fetched on Sat Jun 1 08:23:20 2024