The central voice for Linux and Open Source security news.


OpenBSD releases Meltdown patch

Fri, 23 Feb 2018 10:35:52 +0000 OpenBSD's Meltdown patch has landed, in the form of a Version 11 code update that separates user memory pages from the kernel's - pretty much the same approach as was taken in the Linux kernel.

Drupal patches critical CMS vulnerabilities

Fri, 23 Feb 2018 10:33:33 +0000 Drupal has patched multiple vulnerabilities in the CMS platform, some of which are deemed critical.

Hackers are selling legitimate code-signing certificates to evade malware detection

Thu, 22 Feb 2018 11:41:10 +0000 Security researchers have found that hackers are using code-signing certificates more to make it easier to bypass security appliances and infect their victims.

Australian government still pushing decryption magic bullet

Thu, 22 Feb 2018 11:40:21 +0000 Minister for Home Affairs Peter Dutton has reignited the Coalition's push to access encrypted communications, touting decryption as fundamental in fighting terrorism, ahead of the Australia-ASEAN Special Summit next month.

Chroot: the magical healing powers of the original Linux virtualization tool

Wed, 21 Feb 2018 13:03:39 +0000 You know that the passwords chosen by the people you support are probably not strong enough to protect your infrastructure against a serious attack. And even the few exceptions to the rule are probably being reused on multiple servers and accounts. You beg and nag, but it's a losing battle.

uTorrent vulnerabilities allow information disclosure and remote code execution

Wed, 21 Feb 2018 13:01:41 +0000 A BitTorrent client with more than 100 million users suffered numerous critical vulnerabilities including remote code execution and copying downloaded files, according to new information from Google's Project Zero. Users were left exposed for several hours on Tuesday when the bug was public and a new security patch didn't quite work.

Debian LTS: DLA-1293-1: imagemagick security update

Sun, 25 Feb 2018 09:29:00 +0000 It was discovered that there was a remote denial of service vulnerability in the imagemagick graphics library via a specially- crafted TIFF file.

Debian LTS: DLA-1291-1: tzdata new upstream version

Sat, 24 Feb 2018 19:45:00 +0000 This update includes the changes in tzdata 2018c. Notable changes are: - S