Latest Patches, GNU Guix Vulnerability, and Linux Security Enhancements

Published on Tux Machines (http://www.tuxmachines.org)

Home > content > Security: Latest Patches, GNU Guix Vulnerability, and Linux Security Enhancements

Security: Latest Patches, GNU Guix Vulnerability, and Linux Security Enhancements

By Roy Schestowitz Created 09/02/2021 - 7:45pm Submitted by Roy Schestowitz on Tuesday 9th of February 2021 07:45:51 PM Filed under Security [1]

Security updates for Tuesday [LWN.net] [2]

Security updates have been issued by CentOS (flatpak), Debian (connman, golang-1.11, and openjpeg2), Fedora (pngcheck), Mageia (php, phppgadmin, and wpa_supplicant), openSUSE (privoxy), Oracle (flatpak and kernel), Red Hat (qemu-kvm-rhev), SUSE (kernel, python- urllib3, and python3), and Ubuntu (firefox).

Risk of local privilege escalation via setuid programs ? 2021 ? Blog ? GNU Guix[3]

On Guix System, setuid programs were, until now, installed as setuid-root and setgid-root (in the /run/setuid-programs directory). However, most of these programs are meant to run as setuid-root, but not setgid-root. Thus, this setting posed a risk of local privilege escalation (users of Guix on a ?foreign distro? are unaffected).

security things in Linux v5.8 [4]

Linux v5.8 was released in August, 2020. Here?s my summary of various security things that caught my attention... Cook: security things in Linux v5.8 [5]

Kees Cook catches up with the security-related changes in the 5.8 kernel release.

Security

Source URL: http://www.tuxmachines.org/node/147465

Links: [1] http://www.tuxmachines.org/taxonomy/term/59 [2] https://lwn.net/Articles/845504/rss [3] https://guix.gnu.org/blog/2021/risk-of-local-privilege-escalation-via-setuid-programs/ [4] https://outflux.net/blog/archives/2021/02/08/security-things-in-linux-v5-8/ [5] https://lwn.net/Articles/845469/rss