Language Selection

English French German Italian Portuguese Spanish

Proprietary and Security Issues

Filed under
Microsoft
Security
  • Apple says it will no longer punish those daring to repair their iPhone 13 screens
  • Microsoft patches two actively exploited zero-days in monthly fixes

    "Organisations that run Exchange Server on-premises should apply security updates in a timely manner to prevent future exploitation once proof-of-concept code becomes publicly available."

    Fifteen of the bugs fixed could be used for remote code execution, the company's list of vulnerabilities shows.

    The other actively exploited zero-day was a security feature bypass flaw in Microsoft Excel.

  • Microsoft Releases November 2021 Security Updates | CISA

    Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker can exploit some of these vulnerabilities to take control of an affected system.

  • Samba Releases Security Updates | CISA

    Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker can exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Microsoft’s November 2021 Security Update Summary and Deployment Information and apply the necessary updates.

  • Citrix Releases Security Updates | CISA

    Citrix has released security updates to address vulnerabilities affecting multiple versions of Citrix Application Delivery Controller (ADC), Gateway, and SD-WAN WANOP. An attacker could exploit these vulnerabilities to cause a denial-of-service condition.

  • Major security issues found in top Linux program for embedded devices [Ed: BusyBox is BusyBox, not "Linux"]

    Cybersecurity researchers have discovered 14 critical vulnerabilities in BusyBox, marketed as the Swiss Army Knife of embedded Linux.

    BusyBox is one of the most widely used Linux software suites, and many of the world’s leading operational technology (OT) and Internet of Things (IoT) devices run BusyBox.

  • BusyBox security analysis reveals 14 minor vulnerabilities

    Researchers at Claroty and JFrog have published a security audit of BusyBox, a widely used embedded device that offers a set of standard UNIX utilities in a single executable file. During the check, 14 vulnerabilities were identified, which have already been eliminated in the August release of BusyBox 1.34 . Almost all problems are harmless and questionable from the point of view of their application in real attacks, since they require running utilities with arguments received from outside.

More on Microsoft

  • Microsoft Patch Tuesday, November 2021 Edition

    Microsoft Corp. today released updates to quash at least 55 security bugs in its Windows operating systems and other software. Two of the patches address vulnerabilities that are already being used in active attacks online, and four of the flaws were disclosed publicly before today — potentially giving adversaries a head start in figuring out how to exploit them.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Ubuntu 21.04 (Hirsute Hippo) Reached End of Life, Upgrade to Ubuntu 21.10 Now

Dubbed by Canonical as the “Hirsute Hippo,” Ubuntu 21.04 was released nine months ago, on April 22nd, 2021. It was the first Ubuntu release to use the next-generation Wayland display server by default for its Ubuntu Desktop flavor, which uses a modified version of the GNOME desktop environment. Ubuntu 21.04 didn’t make the plunge into the GNOME 40 desktop environment series due to its redesigned Activities Overview, but it did ship with support for GNOME 40 apps while being built on top of the older GNOME 3.38 desktop environment series. Read more

today's leftovers

  • Supplino is a variable benchtop power supply that you can build yourself | Arduino Blog

    Working with electronics requires access to stable power in a variety of voltages. Some components require 3.3V and others require 5V. Still others need 9V or 12V — there are many possibilities. You could keep a variety of wall warts on hand, but a variable benchtop power supply is a more convenient option. Supplino is one choice and this guide from Giovanni Bernardo and Paolo Loberto will walk you through how to build one. Supplino can accept anything from 4 to 40 volts and can output anything from 1.25 to 36 volts, with a maximum of 5A. An XH-M401 module with an XL4016E1 DC-DC buck converter handles the voltage regulation. Technically, you could use that alone to power your components. But the addition of an Arduino Nano board (or Nano Every) makes the experience far friendlier. It monitors the power supply output and drives a 1.8″ 128×160 TFT LCD screen, which displays the present voltage, amperage, and wattage.

  • Relocating Fedora's RPM database [LWN.net]

    The deadlines for various kinds of Fedora 36 change proposals have mostly passed at this point, which led to something of a flurry of postings to the distribution's devel mailing list over the last month. One of those, for a seemingly fairly innocuous relocation of the RPM database from /var to /usr, came in right at the buzzer for system-wide changes on December 29. There were, of course, other things going on around that time, holidays, vacations, and so forth, so the discussion was relatively muted until recently. Proponents have a number of reasons why they would like to see the move, but there is resistance, as well, that is due, at least in part, to the longstanding "tradition" of the location for the database.

  • CPU Isolation – A practical example – by SUSE Labs (part 5)
  • How to install Mantis bug tracker on Debian 11?

    Hello friends. In this post, you will learn how to install Mantis Bug Tracker on Debian 11.

Server: MongoDB vs. DynamoDB, Mirantis, and More

  • MongoDB vs. DynamoDB: What you need to know

    NoSQL databases have become more popular because of the need for more flexible backend solutions. These databases run applications that require a more flexible data structure than traditional structured databases can provide. Robust feature-rich NoSQL database platforms famous for NoSQL databases include MongoDB and DynamoDB. This article guide will compare these two databases to help you choose the right one for your project.

  • Mirantis brings secure registries to Kubernetes distros | ZDNet

    Mirantis Secure Registry, formerly Docker Trusted Registry, provides an enterprise-grade container registry solution. You can use this as a foundation to build a secure software supply chain. It does this by providing you with access to a container image registry that has enhanced levels of security beyond that of public registries. This, in turn, gives you more control over this critical part of their software supply chain. The comprehensive, built-in security enables users to verify and trust the automated operations and integration with Continuous Integration/Continuous Delivery (CI/CD) pipelines to speed up application testing and delivery. You can use MSR alongside your other apps in any standard Kubernetes 1.20 and above distribution, via standard Helm techniques. While the new MSR is no longer integrated with Mirantis Kubernetes Engine (MKE) as it was earlier, it still runs as well as ever on MKE as it does with any other supported Kubernetes distribution.

  • How North Dakota Is More Like Windows than UNIX

    If your official name is YATES, you can't (and presumably needn't) file a petition to change it to Yates. "Petitioners have offered no authority or reasoned argument that there is any legal significance to the capitalization of their names."

  • The Success of ‘Open-hearted’ Partnerships in the Cloud | SUSE Communities

    The future is open — and it’s better together. At SUSE, we pride ourselves on our partnerships, and sometimes what we can achieve together surpasses even our greatest hopes. That’s what our award-winning, cloud-based, high-performance computing (HPC) partnership with UberCloud, Dassault Systèmes, and Google Cloud achieved, by enabling 3DT Holdings researchers to create an affordable, real-time heart surgery simulator for physicians to use when it matters most. This is an ongoing relationship with the Living Heart Project that we think is just the beginning of what this ground-breaking research can achieve — and the lives it can save.

Programming Leftovers

  • An outdated Python for openSUSE Leap [LWN.net]

    Enterprise distributions are famous for maintaining the same versions of software throughout their, normally five-year-plus, support windows. But many of the projects those distributions are based on have far shorter support periods; part of what the enterprise distributions sell is patching over those mismatches. But openSUSE Leap is not exactly an enterprise distribution, so some users are chafing under the restrictions that come from Leap being based on SUSE Enterprise Linux (SLE). In particular, shipping Python 3.6, which reached its end of life at the end of 2021, is seen as problematic for the upcoming Leap 15.4 release. [...] OpenSUSE and SLE have generally been aligned over the years. In 2020, Leap and SLE grew even closer together. The build system and repositories between the two were shared starting with Leap 15.2, which corresponded to the second "service pack" (SP) of SLE (i.e. SLE 15-SP2). In 2021, with Leap 15.3 and SLE 15-SP3, the two distributions effectively merged, such that all of the base packages were shared between the two. To a first approximation, Leap is an openSUSE-branded version of SLE, much like what CentOS used to be for Red Hat Enterprise Linux.

  • Make Your Python CLI Tools Pop With Rich | Hackaday

    It seems as though more and more of the simple command-line tools and small scripts that used to be bash or small c programs are slowly turning into python programs. Of course, we will just have to wait and see if this ultimately turns out to be a good idea. But in the meantime, next time you’re revamping or writing a new tool, why not spice it up with Rich?

  • An outdated Python for openSUSE Leap [LWN.net]

    Enterprise distributions are famous for maintaining the same versions of software throughout their, normally five-year-plus, support windows. But many of the projects those distributions are based on have far shorter support periods; part of what the enterprise distributions sell is patching over those mismatches. But openSUSE Leap is not exactly an enterprise distribution, so some users are chafing under the restrictions that come from Leap being based on SUSE Enterprise Linux (SLE). In particular, shipping Python 3.6, which reached its end of life at the end of 2021, is seen as problematic for the upcoming Leap 15.4 release. [...] OpenSUSE and SLE have generally been aligned over the years. In 2020, Leap and SLE grew even closer together. The build system and repositories between the two were shared starting with Leap 15.2, which corresponded to the second "service pack" (SP) of SLE (i.e. SLE 15-SP2). In 2021, with Leap 15.3 and SLE 15-SP3, the two distributions effectively merged, such that all of the base packages were shared between the two. To a first approximation, Leap is an openSUSE-branded version of SLE, much like what CentOS used to be for Red Hat Enterprise Linux.

  • Make Your Python CLI Tools Pop With Rich | Hackaday

    It seems as though more and more of the simple command-line tools and small scripts that used to be bash or small c programs are slowly turning into python programs. Of course, we will just have to wait and see if this ultimately turns out to be a good idea. But in the meantime, next time you’re revamping or writing a new tool, why not spice it up with Rich?