0 Persons are tagged with #patch

#patch

One person like that
1 Comments
hackaday@xn--y9azesw6bu.xn--y9a3aq
hackaday unofficial

Major Bug Grants Root for All Major Linux Distributions

image

One of the major reasons behind choosing Linux as an operating system is that it's much more secure than Windows. There are plenty of reasons for this including appropriate user permissions, installing software from trusted sources and, of course, the fact that most software for Linux including the Linux kernel itself is open source which allows anyone to review the code for vulnerabilities. This doesn't mean that Linux is perfectly secure though, as researchers recently found a major bug found in most major Linux distributions that allows anyone to run code as the root user.

The exploit is a memory corruption vulnerability in Polkit, a framework that handles the privilege level of various system processes. It specifically impacts the program pkexec. With the proof-of-concept exploit (file download warning) in hand, all an attacker needs to do to escalate themselves to root is to compile the program on the computer and run it as the default user. An example is shown by [Jim MacDonald] on Twitter for those not willing to try this on their own machines.

As bad as this sounds, it seems as though all of the major distributions that this impacts have already released updates that patch the issue, including Debian, Ubuntu, Red Hat, Fedora, open SUSE, and Arch. There is also a temporary workaround that removes read/write permission from the pkexec program so it can't run at all. That being said, it might be best to check that your Linux systems are all up-to-date and that no strangers have been typing random commands into the terminal recently.

#linuxhacks #securityhacks #admin #exploit #linux #patch #pkexec #polkit #root #security #update #vulnerability

anonymiss@despora.de
anonymiss

#Microsoft Calls #Firefox’s #Browser #Workaround “Improper,” Will #Block It

source: https://www.howtogeek.com/768727/microsoft-calls-firefoxs-browser-workaround-improper-will-block-it/

The upcoming Windows Update won’t block you from changing the default browser in #Windows 11. The #patch will force links using the microsoft-edge #protocol to always open in #Edge. These are specific links opened through Windows 11, such as those directly from the taskbar’s search feature. Firefox’s workaround and EdgeDeflector made it so these links would still open in your default browser. Microsoft is about to roll out an update that disables this workaround, calling it “improper” on Mozilla’s part

enter image description here

#freedom #openSource #software #economy #win11 #windows11 #news

Microsoft Calls Firefox’s Browser Workaround “Improper,” Will Block It

Windows 11 lets you choose your default browser, but it takes a lot of clicks and Microsoft sometimes forces you to use Edge, anyway. Firefox had a workaround, but Microsoft calls it “improper” and will soon block it.

5 Likes
3 Comments
anonymiss@despora.de
anonymiss

#Intel processors Core i-12000: #Copy #protection crashes #games

source: https://news.in-24.com/news/257112.html

More than 50 games do not run properly if you start them on a desktop #PC with a processor from Intel’s Alder Lake-S series such as the Core i9-12900K. The copy protection mechanisms used by the publisher for digital rights management (DRM) are to blame – Intel cites #Denuvo’s software as the most prominent example.

#DRM makes games more expensive, costs electricity and computing power and reduces the gaming experience. It's a no-win #software because it punishes legitimate players.

#gamer #fail #wtf #performance #economy #news #cpu #patch #entertainment

Intel processors Core i-12000: Copy protection crashes games

More than 50 games do not run properly if you start them on a desktop PC with a processor from Intel’s Alder Lake-S series such as the Core i9-12900K. The copy protection mechanisms used by the publisher for digital rights management (DRM) are to...

7 Likes
1 Comments
anonymiss@despora.de
anonymiss

Major #Linux #RPM #problem uncovered

Source: https://www.zdnet.com/article/major-linux-rpm-problem-uncovered/

Why? Because RPM had never properly checked revoked certificate key handling. Specifically, as Linux and lead RPM developer Panu Matilainen explained: "Revocation is one of the many unimplemented things in rpm's #OpenPGP support. In other words, you're not seeing a bug as such; it's just not implemented at all, much like expiration is not."

This is a bad #security #vulnerability but with open source you have the chance to find it and better late than never. You can't say this often enough: "Open source can increase your security but someone with experience has to do a #codereview. If no one checked the code then everything is possible :(

#update #installation #software #opensource #floss #foss #centos #bug #certificate #patch #antipov #suse #redhat #enterprise #signature #fail

Major Linux RPM problem uncovered | ZDNet

Red Hat has used RPM for software package distribution for decades, but we now know RPM contained a nasty hidden security bug since Day One. It's now been unveiled and a repair patch has been submitted.

5 Likes
6 Comments
1 Shares