Security News

Linux marketplaces that are based on the Pling platform are impacted by a cross-site scripting vulnerability and potentially exposed to supply chain attacks, according to German cybersecurity consultancy Positive Security. Positive Security co-founder Fabian Bräunlein discovered that all Pling-based marketplaces are impacted by a wormable XSS that potentially opens the door for supply chain attacks.

An unpatched stored cross-site-scripting security vulnerability affecting Linux marketplaces could allow unchecked, wormable supply-chain attacks, researchers have found. To boot, the PlingStore application is affected by an unpatched remote code-execution vulnerability, which researchers said can be triggered from any website while the app is running - allowing for drive-by attacks.

Cybersecurity researchers have disclosed a critical unpatched vulnerability affecting Pling-based free and open-source software marketplaces for Linux platform that could be potentially abused to stage supply-chain attacks and achieve remote code execution. The vulnerability stems from the manner the store's product listings page parses HTML or embedded media fields, thereby potentially allowing an attacker to inject malicious JavaScript code that could result in arbitrary code execution.

The mitigations applied to exorcise Spectre, the family of data-leaking processor vulnerabilities, from computers hinders performance enough that disabling protection for the sake of speed may be preferable for some. "Before Spectre mitigations, those system calls hardly slowed down userspace execution at all."

Kernel.org Subject: PC speaker Date: Mon, 14 Jun 2021 23:32:32 -0400 Is it possible to write a kernel module which, when loaded, will blow the PC speaker? The idea was raised about seeing if there was a way to blow the PC speaker by loading a kernel module.

This week, Microsoft's Linux package repositories suffered an hours-long outage, followed by performance issues spanning over a day. Microsoft engineers have acknowledged the issue and are working towards a resolution.

This week, Microsoft's Linux package repositories suffered an hours-long outage, followed by performance issues spanning over a day. Microsoft engineers have acknowledged the issue and are working towards a resolution.

CloudLinux announced UChecker, a free open source tool that scans Linux servers for vulnerable libraries that are outdated and being used by other applications. This provides detailed actionable information regarding which application is using which vulnerable library and needs to be updated, which helps improve the security awareness patching process.

GitHub this week disclosed the details of an easy-to-exploit Linux vulnerability that can be leveraged to escalate privileges to root on the targeted system. The flaw, classified as high severity and tracked as CVE-2021-3560, impacts polkit, an authorization service that is present by default in many Linux distributions.

Unprivileged attackers can get a root shell by exploiting an authentication bypass vulnerability in the polkit auth system service installed by default on many modern Linux distributions. The polkit local privilege escalation bug was publicly disclosed, and a fix was released on June 3, 2021.