Major #Linux #RPM #problem uncovered

Source: https://www.zdnet.com/article/major-linux-rpm-problem-uncovered/

Why? Because RPM had never properly checked revoked certificate key handling. Specifically, as Linux and lead RPM developer Panu Matilainen explained: "Revocation is one of the many unimplemented things in rpm's #OpenPGP support. In other words, you're not seeing a bug as such; it's just not implemented at all, much like expiration is not."

This is a bad #security #vulnerability but with open source you have the chance to find it and better late than never. You can't say this often enough: "Open source can increase your security but someone with experience has to do a #codereview. If no one checked the code then everything is possible :(

#update #installation #software #opensource #floss #foss #centos #bug #certificate #patch #antipov #suse #redhat #enterprise #signature #fail

Major Linux RPM problem uncovered | ZDNet

Red Hat has used RPM for software package distribution for decades, but we now know RPM contained a nasty hidden security bug since Day One. It's now been unveiled and a repair patch has been submitted.

Proof-of-concept exploits published for the Microsoft-NSA #crypto #bug

• https://github.com/ollypwn/cve-2020-0601
• https://github.com/kudelskisecurity/chainoffools

#CurveBall #CVE-2020-0601 #microsoft #nsa #https #security #code #exploit #patch #windows

To everyone running a #bitcoin node: #patch your node to avoid double spending #attack:
https://hackernoon.com/bitcoin-core-bug-cve-2018-17144-an-analysis-f80d9d373362

Even weeks after the #vulnerability was closed there are still more than half of the #btc nodes using vulnerable versions (<0.16.3):
https://bitnodes.earn.com/nodes/

surrealist status badge...

#status #badge #surrealism #renemagritte #apple #bowlerhat #hexagon #patch #animatedgif

v0RTEX Anomaly.: Image

v0RTEX Anomaly. (fUSION MKIII)