Tux Machines
Posted by Roy Schestowitz on Jan 30, 2025
=> Python and Linux Kernel Stories in LWN | A mouseless tale: trying for a keyboard-driven desktop
=> ↺ National security risks in routers, modems targeted in bipartisan Senate bill
A separate piece of bipartisan Senate legislation would create a cyber insurance working group.
=> ↺ SonicWall Confirms Exploitation of New SMA Zero-Day
SonicWall has confirmed that an SMA 1000 zero-day tracked as CVE-2025-23006 has been exploited in the wild.
=> ↺ ENGlobal Says Personal Information Accessed in Ransomware Attack
ENGlobal has informed the SEC that personal information was compromised in a November 2024 ransomware attack.
=> ↺ VMware Warns of High-Risk Blind SQL Injection Bug in Avi Load Balancer
VMware warns that a malicious user with network access may be able to use specially crafted SQL queries to gain database access.
=> ↺ A look at the recent rsync vulnerability
On January 14, Nick Tait announced the discovery of six vulnerabilities in rsync, the popular file-synchronization tool. While software vulnerabilities are not uncommon, the most serious one he announced allows for remote code execution on servers that run rsyncd — and possibly other configurations. The bug itself is fairly simple, but this event provides a nice opportunity to dig into it, show why it is so serious, and consider ways the open-source community can prevent such mistakes in the future.
The vulnerabilities were found by two groups of researchers: Simon Scannell, Pedro Gallegos, and Jasiel Spelman from Google's Cloud Vulnerability Research identified five of them, including the most serious one. Aleksei Gorban, a security researcher at TikTok, discovered the sixth — a race condition in how rsync handles symbolic links.
=> gemini.tuxmachines.org This content has been proxied by September (3851b).Proxy Information
text/gemini;lang=en-GB