jbzfn, to linux
@jbzfn@mastodon.social avatar

🐧 From ZDNET:

「 The vulnerability was introduced in April 2021 with the release of glibc 2.34. The flaw is a buffer overflow weakness in the glibc's ld.so dynamic loader, a crucial component responsible for preparing and executing programs on Linux systems. The vulnerability is triggered when processing the GLIBC_TUNABLES environment variable, making it a significant threat to system integrity and security 」

https://www.zdnet.com/article/patch-now-this-serious-linux-vulnerability-affects-nearly-all-distributions/

#Linux #Infosec #Exploits #glibc

dec_hl, to random
@dec_hl@mastodon.social avatar

So far we had #glibc and #curl with major security problems this month. Lets see what else #spooktober has up its sleeve... 🥴

termux, to random

Did you know that you can install packages on now?, Thanks to maintainer Maxython https://github.com/maxython you may now install pacman and install glibc apps from the gpkg repo!

Theeo123, to linux
@Theeo123@mastodon.social avatar

https://www.bleepingcomputer.com/news/security/new-looney-tunables-linux-bug-gives-root-on-major-distros/

Via: Bleeping Computer.

There is a new vulnerability affecting Linux users. specifically, "Loony Tunables" affects Glibc and is vulnerable to LOCAL attacks only. Patches are already rolling out.

#Linux #Vulnerability #Glibc #Security

rockylinux, to random
@rockylinux@fosstodon.org avatar

This week’s news about the "Looney Tunes flaw" highlighted a condition which can allow a local user to access root privileges from the command line. Part of the RL Security team's task is to have mitigation strategies ready for such cases - reporting vulnerabilities and suggesting fixes upstream, and also writing our own extra packages.

This week, the Security SIG has published our extra packages and formalized a wiki: https://rockylinux.org/news/security-sig-update/

video/mp4

lzrd, to infosec

PoC for CVE-2023-4911: Local Privilege Escalation in the glibc's ld.so

🔗https://github.com/leesh3288/CVE-2023-4911
🔗https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt

#infosec #cve #glibc

linuxmagazine, to linux
@linuxmagazine@fosstodon.org avatar

New Linux vulnerability in the GNU C library can lead to privilege escalation https://www.linux-magazine.com/Online/News/New-Linux-Vulnerability-Enables-a-Privilege-Escalation

techbites, to linux

A severe vulnerability, CVE-2023-4911, has been discovered in the GNU C Library (glibc), affecting various Linux distributions, including Fedora, Ubuntu, Debian, Red Hat Enterprise Linux (RHEL), and Red Hat Virtualization. The vulnerability allows a local attacker to elevate limited local privileges to full root when launching binaries with SUID permission. While it has been fixed in upstream glibc, many downstream systems require updates to address the issue. Cybersecurity firm Qualys, which identified the vulnerability, warns that it poses a significant threat due to its ubiquity in Linux environments and ease of exploitation.

Detailed Advisory: https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt

#Linux #vulnerability #Security #Ubuntu #Fedora #Redhat #Glibc #Qualys #Privacy #CVE #RHEL #TechBites #Tech

bortzmeyer, to random French
@bortzmeyer@mastodon.gougere.fr avatar

Tiens, encore une faille de sécurité où on va tous mourir (mais après le calva). https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt

#glibc

Emily, to random

? What a great name!

https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt

rq, to random

Tired of "works on my machine"? Just ship the whole machine. Meet Docker, the best way to distribute a 10 MiB binary and 2 GiB runtime environment.

kkarhan,

@rq yeah, the is the problem.

If wasn't a piece of shit that knowingly and willingly bricks all the time would neither have a right to exist nor legitimate reason to be used.

I hope will migrate to sooner than later...

kkarhan,

@etam @rq the point is that #Docker only exists because #Glibc bricks the #Userland all the time.

Were this not the case we'd have either #Juju or jist basic scripts (see #Zulip's Installer) that does setup all the stuff...

Docker is just an ugly workaround re: #Linux using that shit, and the sad part is that it's a legitimate issue, otherwise it would not exist to vegin with!!!

fsf, to emacs
@fsf@hostux.social avatar

Assigning your copyright to the FSF helps defend the GPL and keep software free. Thanks to Gene Goykhman, Sergey Alexandrovich Bugaev, Wang Diancheng, Warren Thomas Everett Wilkinson, and Xinyuan Zhang for assigning their copyright to the FSF! #GNU #Emacs #glibc #GDB #GNUstep #GNUHurd #GNUMach #GCC Learn more at https://u.fsf.org/3ht #CopyrightAssignments

fsf, to emacs
@fsf@hostux.social avatar

GNU Spotlight with Amin Bandali: Seventeen new GNU releases in the last month including , , , , , , "LinuxLibre , and more. Full details: https://u.fsf.org/40h Big thanks to @bandali0 @bandali, all the devs, and other contributors!

kkarhan, (edited ) to linux

YOS!

6.4.12 (with networking support!) + 0.8.10 in 980k using -cross-i686

This is awesome...

Seems like I can fit as client on the 3,5" as well...

I guess it would've been possible to make for a as well... ?


https://github.com/OS-1337/OS1337/commit/d4a59245953bd7529ee8a3c178841b6114cd7881

kkarhan,

espechally since "#Glibc breaking shit" really pisses off folks and #musl being a much slimmer and sleeker alternative to it that doesn't constantly brick code with minor updates...

https://github.com/landley/toybox/issues/450

fsf, to emacs
@fsf@hostux.social avatar

Assigning your copyright to the FSF helps defend the GPL and keep software free. Thanks to Gene Goykhman, Sergey Alexandrovich Bugaev, Wang Diancheng, Warren Thomas Everett Wilkinson, and Xinyuan Zhang for assigning their copyright to the FSF! #GNU #Emacs #glibc #GDB #GNUstep #GNUHurd #GNUMach #GCC Learn more at https://u.fsf.org/3ht #CopyrightAssignments

bugaevc, to random
@bugaevc@floss.social avatar

#glibc 2.38 is out 🎉

Among other things like strlcpy & strlcat (I know, right?), it includes many fixes and improvements in the #Hurd port, and a brand new x86_64-gnu (aka 64-bit Hurd) port!

https://sourceware.org/pipermail/libc-alpha/2023-July/150524.html

Yet some of my proposed patch sets didn't make it into 2.38, so expect more in 2.39 😉

viel_zu_negativ, to random German
@viel_zu_negativ@mstdn.social avatar

Ich lese ja via nitter.net bei einigen ausgewählten Accounts immer noch beim X vorbei, und inzwischen bin ich regelmäßig irritiert über so selbstverständliche Dinge, die sie dort nicht haben, wie z.B. >400 Zeichen und einen Edit-Button.

Diese Selbst-Antworten, die nötig sind, um ein Wort oder einen einzigen Buchstaben zu korrigieren, ganz, ganz furchtbar.
Und dann weißt du, dass die nichtmal die Beiträge von Leuten sehen, denen sie folgen, wenn der Algorithmus das anders entscheidet.

kkarhan,

@viel_zu_negativ ...die größten Painpoints ist eher die und andere -Schrott welcher konsequent mit minimalsten Updates nativss bricked, weshalb ich hoffe dass auf oder andere #c-libs umgdstellt wird.

Ansonsten funzt ganz gut - es bräuchte natürlich Feinschliff vgl. / -Integration in .

Ansonsten dürften , & Co. bereits besser unter bedient sein, weil's anders als nicht halbjährlich bricked.

gamingonlinux, to random
@gamingonlinux@mastodon.social avatar

What is an actually controversial Linux opinion you hold?

kkarhan,

@gamingonlinux

Just one?

#Glibc is the major preventor of #Linux becoming the norm since #GNU literally brick shit with minor updates, and the #FSF outright ignores the the fact that #CCSS exist and not everything is #FLOSS and that people should not have to recompile their stuff!

Otherwise everything that has been touched or associated with #RMS / #Stallman is tainted and him being reinstated will continue to damage #FreeSoftware for years to come.

kkarhan,

@bitpirate @gamingonlinux

I'm solely talking about the #Userland and said #API|s & #ABI|s.

Not #drivers or anything low-lebel but just something as trivial as #Games.

There are a shitton of #native #Linux gamed that get bricked due to minor versions of #glibc bricking shit on a whim because they don't give any f**ks!

kkarhan,

@bitpirate @gamingonlinux I mean don't get me wrong, it really shines in compatibility as @fuchsiii has shown me several times: Even ancient #Windows games will run better than under Windows...

But personally I think that #Proton / #Wine / #DXVK should be transitional mechanisms and not be turned into a perpetual crutch...

Not that I dislike it per-se but #glibc is the reason most #CCSS (incl. #Games) doesn't get #native|ly-running #ports!

thelinuxcast, to random
@thelinuxcast@fosstodon.org avatar

So back on Firefox.

Did an update and got this in @Vivaldi

Your updates can't break things completely. Especially not on the stable branch.

kkarhan,

@fuchsiii @thelinuxcast @Vivaldi yeah, #glibc makes long-term support outside of #LTS distros like #RHEL, #SLES / #SLED, #OracleLinux and #Ubuntu LTS basically impossible unless one is a hardcore #Stallmanist and hates everything not #GPL-licensed and would rather want to see #Users suffer than accept that #CCSS is as valid to exist as #FLOSS...

yura, to random
@yura@udongein.xyz avatar

@torvalds be like:

kkarhan,

@lunaa @yura @torvalds I know...

There's a reason Distros like #AlpineLinux, #ChimeraLinux and almost all #embedded systems using #Busybox or #Toybox want to get rid of #glibc if not replace it with something like #uClinux, #musl,or another #libc...

Because glibc bricking stuff with minor updates kills any #CCSS and any non-#FLOSS that can't be recompiled.

And what RMS et. al. may see as intentional, I think is the biggest issie that prevents #Linux from dominating #Desktop|s!

kkarhan,

@lunaa @yura @torvalds because as much as we all want our favorite #FLOSS to run first, there will always be some #CCSS that can't be replaced.

That's why #Proton (#Wine + #DXVK) are seen as "necessary" (not even evil at all) mechanisms so people can even do basic #Gaming on #Linux, because #glibc prevents people from playing old #native Linux games that ain't FLOSS'd!

TheEvilSkeleton, to trans

It's such a shame when cool projects are maintained by bigots.

I wanted to give Hyprland a try, since I love the (technical) direction it's going. Sadly, the maintainers are transphobic and will treat you like garbage if you are a trans person. @orowith2os, a great friend of mine, shared some screenshots about the bigotry on the Discord server that made me reconsider my decision.

A screenshot of a Discord user profile Oro's username (display name) was deliberately changed and locked into "Oro (who/cares)" by one of the Hyprland Discord admins/moderators. Roles are "no" (which is meant to lock the username), "Active", and "human (probably)" which is a generic role for users in the Discord server.
vaxry, the lead developer of the Hyprland project, admitting that the Discord server is a transphobic server. Screenshot of two Discord messages: polski: "this server is a 16yo transphobe echo chamber" vaxry: "EXACTLY"

kkarhan,

@TheEvilSkeleton @orowith2os thx for the heads-up.

Sadly that is a common occurence and the only good option I know of is to yeet assholes away...

One of the reasons why I don't want #GNUtils on #OS1337 is because the #FSF readmitted #RMS with 0 consequences!

https://www.youtube.com/watch?v=R2SKenHRhMg via @ncommander

Also #Glibc bricks shit all the time and "just recompile it" doesn't work for a minimalist #embedded-#Linux distro!

  • All
  • Subscribed
  • Moderated
  • Favorites
  • JUstTest
  • osvaldo12
  • DreamBathrooms
  • mdbf
  • InstantRegret
  • ngwrru68w68
  • magazineikmin
  • everett
  • thenastyranch
  • Youngstown
  • slotface
  • cisconetworking
  • kavyap
  • ethstaker
  • megavids
  • modclub
  • GTA5RPClips
  • khanakhh
  • tacticalgear
  • Durango
  • rosin
  • normalnudes
  • Leos
  • provamag3
  • tester
  • cubers
  • anitta
  • lostlight
  • All magazines
    •