Mandriva Linux Security Advisory 2015-213 - lftp incorrectly validates wildcard SSL certificates containing literal IP addresses, so under certain conditions, it would allow and use a wildcard match specified in the CN field, allowing a malicious server to participate in a MITM attack or just fool users into believing that it is a legitimate site. lftp was affected by this issue as it uses code from cURL for checking SSL certificates. The curl package was fixed in MDVSA-2015:098.

Mandriva Linux Security Advisory 2015-214 - The libksba package has been updated to version 1.3.3, which fixes an integer overflow in the DN decoder and a couple of other minor bugs.

Mandriva Linux Security Advisory 2015-215 - The t1utils package has been updated to version 1.39, which fixes a buffer overrun, infinite loop, and stack overflow in t1disasm.

Mandriva Linux Security Advisory 2015-216 - Lack of filtering in the title parameter of links to rrdPlugin allowed cross-site-scripting attacks against users of the web interface.

Mandriva Linux Security Advisory 2015-217 - SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE at the end of a SELECT statement. The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHECK in a CREATE TABLE statement. The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement. The updated packages provides a solution for these security issues.

Mandriva Linux Security Advisory 2015-218 - Multiple vulnerabilities have been found and corrected in glibc. It was discovered that, under certain circumstances, glibc's getaddrinfo() function would send DNS queries to random file descriptors. An attacker could potentially use this flaw to send DNS queries to unintended recipients, resulting in information disclosure or data loss due to the application encountering corrupted data. Various other issues were also addressed. The updated packages provides a solution for these security issues.

Mandriva Linux Security Advisory 2015-220 - NTLM-authenticated connections could be wrongly reused for requests without any credentials set, leading to HTTP requests being sent over the connection authenticated as a different user. When doing HTTP requests using the Negotiate authentication method along with NTLM, the connection used would not be marked as authenticated, making it possible to reuse it and send requests for one user over the connection authenticated as a different user.

Mandriva Linux Security Advisory 2015-219 - NTLM-authenticated connections could be wrongly reused for requests without any credentials set, leading to HTTP requests being sent over the connection authenticated as a different user. When parsing HTTP cookies, if the parsed cookie's path element consists of a single double-quote, libcurl would try to write to an invalid heap memory address. This could allow remote attackers to cause a denial of service. When doing HTTP requests using the Negotiate authentication method along with NTLM, the connection used would not be marked as authenticated, making it possible to reuse it and send requests for one user over the connection authenticated as a different user.

Mandriva Linux Security Advisory 2015-221 - Multiple vulnerabilities have been found and corrected in clamav. The updated packages provides a solution for these security issues.

Mandriva Linux Security Advisory 2015-222 - Emanuele Rocca discovered that ppp was subject to a buffer overflow when communicating with a RADIUS server. This would allow unauthenticated users to cause a denial-of-service by crashing the daemon.

Mandriva Linux Security Advisory 2015-224 - Ruby OpenSSL hostname matching implementation violates RFC 6125. The ruby packages for MBS2 has been updated to version 2.0.0-p645, which fixes this issue.

Mandriva Linux Security Advisory 2015-225 - The cherokee_validator_ldap_check function in validator_ldap.c in Cherokee 1.2.103 and earlier, when LDAP is used, does not properly consider unauthenticated-bind semantics, which allows remote attackers to bypass authentication via an empty password.

Mandriva Linux Security Advisory 2015-226 - FCGI does not perform range checks for file descriptors before use of the FD_SET macro. This FD_SET macro could allow for more than 1024 total file descriptors to be monitored in the closing state. This may allow remote attackers to cause a denial of service (stack memory corruption, and infinite loop or daemon crash) by opening many socket connections to the host and crashing the service.

Mandriva Linux Security Advisory 2015-223 - Multiple integer signedness errors in the Dispatch_Write function in proxy/dispatcher/idirectfbsurface_dispatcher.c in DirectFB allow remote attackers to cause a denial of service and possibly execute arbitrary code via the Voodoo interface, which triggers a stack-based buffer overflow. The Dispatch_Write function in proxy/dispatcher/idirectfbsurface_dispatcher.c in DirectFB allows remote attackers to cause a denial of service and possibly execute arbitrary code via the Voodoo interface, which triggers an out-of-bounds write.

Mandriva Linux Security Advisory 2015-227 - This update provides MariaDB 5.5.43, which fixes several security issues and other bugs.

Mandriva Linux Security Advisory 2015-228 - It was found that libuv does not call setgoups before calling setuid/setgid. This may potentially allow an attacker to gain elevated privileges. The libuv library is bundled with nodejs, and a fixed version of libuv is included with nodejs as of version 0.10.37. The nodejs package has been updated to version 0.10.38 to fix this issue, as well as several other bugs.

Mandriva Linux Security Advisory 2015-229 - It was discovered that the snmp_pdu_parse() function could leave incompletely parsed varBind variables in the list of variables. A remote, unauthenticated attacker could exploit this flaw to cause a crash or, potentially, execute arbitrary code.

Mandriva Linux Security Advisory 2015-230 - Squid configured with client-first SSL-bump does not correctly validate X509 server certificate domain / hostname fields.

Mandriva Linux Security Advisory 2015-231 - Tilmann Haak from xing.com discovered that XML::LibXML did not respect the expand_entities parameter to disable processing of external entities in some circumstances. This may allow attackers to gain read access to otherwise protected resources, depending on how the library is used.

Mandriva Linux Security Advisory 2015-232 - A malformed certificate input could cause a heap overflow read in the DER decoding functions of Libtasn1. The heap overflow happens in the function _asn1_extract_der_octet().

ZFS gets more accessible, security becomes a bigger priority, and Ubuntu speeds up overall.

There's a lot for TreeHuggers to love about the little operating system.

Политехнический университет Виргинии предложил для обсуждения разработчиками ядра Linux набор патчей с реализацией системы распределённого выполнения потоков Popcorn (Distributed Thread Execution), позволяющей организовать выполнение приложений на нескольких компьютерах с распределением и прозрачной миграцией потоков между хостами. При помощи Popcorn приложения могут быть запущены на одном хосте, после чего без остановки работы перемещены на другой хост. В многопоточных программах допускается миграция на другие хосты отдельных потоков.

#263 — April 22, 2020 Read on the Web StatusCode Weekly Covering the week's news in software development, ops, platforms, and tooling. The Devastating Decline of a Brilliant Young Coder — This is not a technical article but is an important one nonetheless. Lee Holloway essentially programmed Cloudflare into being. But then he became distant and unpredictable, and what happened to him is something that could affect any of us ???? Sandra Upson (WIRED) How io_uring and eBPF Will Revolutionize Programming in Linux — Even more exciting times are coming for development on Linux thanks to these technologies. A good overview. Glauber Costa Slow CI Build? Get a 41:1 ROI by Switching to Semaphore — For every $1 invested in Semaphore, engineers gain $41 in reclaimed productivity. Who said money can’t buy you time? Semaphore 2.0 sponsor ▶  Mob Programming and the Power of Flow — I enjoyed this insightful walk through the idea of bringing people together and attempting to develop things in an efficient way with numerous people around the same machine (a.k.a. ‘mob’ programming). It’s not for everyone, but it’s neat to see how it can work. Woody Zuill Cloudflare Workers Now Supports.. COBOL — COBOL is one of the earliest things you could really call a programming language (it first appeared in 1959!) and is often a source of amusement because it’s seen as old, verbose, clunky, and difficult to maintain. Nonetheless, it’s still in use (particularly in legacy systems) and you can use with Cloudflare Workers too! John Graham-Cumming Quick bytes: AWS's new Africa (Cape Town) region is now open. The .org TLD selloff has hit yet another snag after an intervention by California's attorney general. AWS has a whole bunch of live, online talks taking place over the next week covering a variety of their services. The very, very, very last release of Python 2 — 2.7.18 — has been released. Long live Python 3. Node.js 14.0 is out. The 2019 survey results from both the Go community and Rust community are fresh out. Ubuntu 20.04 LTS is due out tomorrow. We'll feature it next week but this is a big release as LTS releases only come along every two years. Google's data centers are becoming carbon-intelligent. They work harder when the sun is shining and the wind is blowing. ???? Jobs DevOps Engineer at X-Team (Remote) — Join the most energizing community for developers. Work from anywhere with the world's leading brands. X-Team Find a Job Through Vettery — Vettery specializes in tech roles and is completely free for job seekers. Create a profile to get started. Vettery ???? Stories and Opinions How 'Memories', a 256 Byte Demo, Was Coded — You can watch the demo here or enjoy learning just how these unusual developers cram so much into so little space. HellMood/DESiRE The Computer Scientist Who Can’t Stop Telling Stories — For pioneering computer scientist Donald Knuth, good coding is synonymous with beautiful expression. Quanta Magazine ▶  Discussing NGINX and Service Meshes with Alan Murphy — I enjoyed this SE Daily episode last week and learnt a fair bit. Software Engineering Daily podcast End-to-End Observability for Microservice Environments — Optimize service costs and reduce MTTR with full data correlation, payload visibility and automated tracing. Try free. Epsagon sponsor ▶  Performance Profiling for Web Applications — An overview of how to use Chrome DevTools to understand a Web application’s performance bottlenecks. Sam Saccone Are Object Stores Starting to Look Like Databases? — A bit, yes. Alex Woodie (Datanami) The Case Against CS Master’s Degrees Oz Onay Why I Stopped Using Microservices Robin Wieruch ???? Tutorials Ask HN: I'm A Software Engineer Going Blind, How Should I Prepare? — This is something I hope none of you have to go through, but we’ve linked to other stories about being a blind coder in the past, and some form of sight loss will affect many of us over the years. Hacker News Writing an 'Emulator' in JavaScript (and Interfacing with Multiple UIs) — Tania built a Chip-8 interpreter in JavaScript and has gone into quite a bit of detail about what was involved here. Lots of neat bits and pieces to pick up from this. Tania Rascia What It Took to Build a Serverless App That Texts Positive COVID-19 News — Code, a screencast tour, and an article looking at what it took to build a simple serverless app using C#, Azure Functions, and Twilio to text news alerts (but only ones with positive sentiments!) Gwyneth Pena S. If You Use grep On Text Files, Use the -a (--text) Option — I could explain why but then you wouldn’t need to read this. Makes a good point. Chris Siebenmann Event-Reduce: An Algorithm to Optimize Frequently Running Queries? — In brief, the idea is that rather than having to re-run queries when data changes on a table, you can basically merge in changes to previous query results. Be sure to check the FAQs. Daniel Meyer Embedding Binary Objects in C Ted Unangst ???? Code and Tools Desed: A Debugger for sed — Demystify and debug your sed (the text processor that comes with nearly every Unix) scripts, from the comfort of your terminal. Step through line by line, place breakpoints, etc. SoptikHa2 Falcon: An Open-Source, Cross Platform SQL Client — Built around Electron and React, this basic client can quickly do chart visualizations of query results and can connect to RedShift, MySQL, PostgreSQL, IBM DB2, Impala, MS SQL, Oracle, SQLite and more. Plotly The SaaS CTO Security Checklist Sqreen sponsor Termible: Offer Terminal Apps in the Browser Without Installation — This is a commercial service but I find the idea intriguing. You provide a Dockerfile, embed some code on your site, and let people play with your product/service “live”. HTTPie seems to use it for its live examples. Termible X410: An X Server for Windows 10 — If you’re using WSL (Windows Subsystem for Linux) to run Linux behind the scenes of a Windows 10 install, X410 takes things to another graphical level. Choung Networks 60 Linux Networking Commands and Scripts — “I decided to create a network tools go-to-list for myself. Then, I thought, why not turn the list into a blog post?” Hayden James Brök: A Tool to Find Broken Links in Text Documents — Built in Haskell. Mark Wales xsv: A Fast CSV Command Line Toolkit Written in Rust. — Another ‘Swiss Army knife’ for your slightly structured data. Andrew Gallant

We created Trend Micro ELF Hash (telfhash), an open-source clustering algorithm that effectively clusters Linux IoT malware created using ELF files.

The post Grouping Linux IoT Malware Samples With Trend Micro ELF Hash appeared first on .

Over All Risk Rating : Low


IoT malware uses two different encryption routines for its strings and modified the magic number of UPX.

This Backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

It executes commands from a remote malicious user, effectively compromising the affected system.

Read More

Over All Risk Rating : Low


This backdoor is seen propagating via CVE-2018-18636, a cross-site scripting vulnerability affecting the wireless router D-Link DSL-2640T. This malware is capable of receiving commands to flood other systems.

This Backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

It executes commands from a remote malicious user, effectively compromising the affected system.

Read More

Over All Risk Rating : Low


This rootkit is used by Skidmap - a Linux malware - to hide its cryptocurrency-mining abilities.

This Rootkit arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

Read More

Over All Risk Rating : Low


This new version of KERBERDS, a known crypto-mining malware that uses an ld.so.preload-based rootkit for stealth, was seen propagating by telnet bruteforce attacks.

This Coinminer arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

It uses the system's central processing unit (CPU) and/or graphical processing unit (GPU) resources to mine cryptocurrency.

Read More

Over All Risk Rating : Low


IoT malware uses two different encryption routines for its strings and modified the magic number of UPX.

This Backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

It executes commands from a remote malicious user, effectively compromising the affected system.

Read More

Over All Risk Rating : Low


This backdoor is seen propagating via CVE-2018-18636, a cross-site scripting vulnerability affecting the wireless router D-Link DSL-2640T. This malware is capable of receiving commands to flood other systems.

This Backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

It executes commands from a remote malicious user, effectively compromising the affected system.

Read More

Over All Risk Rating : Low


This rootkit is used by Skidmap - a Linux malware - to hide its cryptocurrency-mining abilities.

This Rootkit arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

Read More

Over All Risk Rating : Low


This new version of KERBERDS, a known crypto-mining malware that uses an ld.so.preload-based rootkit for stealth, was seen propagating by telnet bruteforce attacks.

This Coinminer arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

It uses the system's central processing unit (CPU) and/or graphical processing unit (GPU) resources to mine cryptocurrency.

Read More

The bug bounty programme is part of a three-month research challenge that runs from June 1 until August 31

RSS readers for linux allow users to view information contained in rss feeds in a specific location in an intuitive way.

RSS Readers for Linux

unrelated important thing first: I am blogging on my own website too, you can read my very first public entry in there!
I will keep posting here less web-centric related issues, or mostly rants, and will post there interesting stuff about HTML5, JavaScript, client/server and Mobile Web development ... now, back to the topic ...

archibold and my Dell XPS Developer Edition

So they changed my motherboard today, it suddenly stopped recognizing the Hard Drive, and even trying other drives didn't work at all.
Kudos to Dell for their assistance: the day after a person with already all necessary pieces arrived at my door and substituted the Motherboard with a very quiet and professional attitude.
... when I've asked assistance for a Lenovo Yoga Pro 3 they never even come back ...

If you've never heard about archibold, it's an installer which aim is to simplify ArchLinux and, optionally, GNOME configuration. Since I already backed up my Dell, and even if it was working like a charm, I've decided to erase it and see if I could make it work via UEFI.
Apparently this BIOS could be quite problematic and while efibootmgr seems to work without problems, it actually doesn't: it puts the EFI label into the list of Legacy boot-able devices so it won't work!

Not only the boot manager

If you have tried my installer before, I suggested to use UEFI=NO and enable Legacy mode on the bios. This was because not only I couldn't figure out how to install via UEFI, but I was using genfstab generated /etc/fstab during the installation and it was storing wrong UUIDs.

Finally Managed to install with UEFI boot!

The TL;DR story is that if you have an EFI partition created through gparted, and you have Syslinux on it, you should go in the part of the bios where you can add UEFI partitions manually, selecting syslinux/syslinux.efi file to boot from.
Full Article