Security Alerts & News
by Tymoteusz A. Góral

History
#2029 Eleven-year-old root flaw found and patched in the Linux kernel
Linux system administrators should be on the watch for kernel updates because they fix a local privilege escalation flaw that could lead to a full system compromise.

The vulnerability, tracked as CVE-2017-6074, is over 11 years old and was likely introduced in 2005 when the Linux kernel gained support for the Datagram Congestion Control Protocol (DCCP). It was discovered last week and was patched by the kernel developers on Friday.

The flaw can be exploited locally by using heap spraying techniques to execute arbitrary code inside the kernel, the most privileged part of the OS. Andrey Konovalov, the Google researcher who found the vulnerability, plans to publish an exploit for it a few days.
Read more
#2033 Google has demonstrated a successful practical attack against SHA1
#2032 State of cyber security 2017 (PDF)
#2031 UK police arrest suspect behind Mirai malware attacks on Deutsche Telekom
#2030 Released Android malware source code used to run a banking botnet
#2029 Eleven-year-old root flaw found and patched in the Linux kernel
#2028 Serious Cloudflare bug exposed a potpourri of secret customer data
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12