Millions of Linux users are at risk of password compromise as critical new vulnerabilities have been confirmed.
are a much rarer occurrence. As news of not one, but two, such Linux vulnerabilities breaks, millions of users are advised that their passwords and encryption keys could be at risk of compromise. Here’s what you need to know and do.
When security experts from a renowned threat research unit discover not one, but two, critical local information disclosure vulnerabilities impacting millions of Linux users, it would be an understatement to say that this is a cause for concern. When those same security researchers develop proof of concepts for both vulnerabilities, across a handful of Linux operating systems, the concern level goes through the roof. The vulnerabilities, impacting the Ubuntu core-dump handler known as Apport, and Red Hat Enterprise Linux 9 and 10, plus Fedora, with the systemd-coredump handler, are both of the race-condition variety. Put simply, this is where event timing can cause errors or behaviours that are unexpected at best, critically dangerous at worst. The vulnerabilities uncovered by the Qualys threat research unit fall into the latter category., could “allow a local attacker to exploit a Set-User-ID program and gain read access to the resulting core dump.” Because both impacted tools are designed to deal with crash reporting, they are well-known targets for attackers looking to exploit vulnerabilities to access the data contained within those core dumps. Abbasi conceded that there are plenty of modern mitigations against such risk, including systems that direct core dumps to secure locations, for example, “systems running outdated or unpatched versions remain prime targets,” for the newly disclosed vulnerabilities.Abbasi went on to warn that the successful exploitation of these Linux vulnerabilities could lead to the extraction of “sensitive data, like, encryption keys, or customer information from core dumps.” All users are urged to mitigate that risk by prioritizing patching and increasing access controls. Abbasi said that when it comes to the Apport vulnerability, Ubuntu 24.04 is affected, including all versions of Apport up to 2.33.0 and every Ubuntu release since 16.04. For the systemd-coredump, vulnerability, meanwhile, Abbasi warned that Fedora 40/41, Red Hat Enterprise Linux 9, and the recently released RHEL 10 are vulnerable.
Linux Vulnerability Linux Hack Linux Security Linux Attack Systemd-Coredump Red Hat Fedora Qualys Apport
United States Latest News, United States Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
Apple iPhone 17 Air Warning: New Report Has Bad News For Millions Of BuyersThe most anticipated iPhone coming this year suddenly has a disappointing rumor attached to it.
Read more »
Microsoft Issues June 1 Warning — Do Not Wait, Save Your Passwords NowYou won't be able to save new passwords after June 1, Microsoft warns all authenticator app users. Here's what you need to do.
Read more »
FBI warning: There’s a nationwide scam costing people millionsBut don’t be too quick to jump on an offer, the FBI warns.
Read more »
Warning — 19 Billion Compromised Passwords Have Been Published OnlineYou must take action now, as security experts confirm 19 billion compromised passwords available to cybercriminals for use in account hacking attacks.
Read more »
New Warning — Microsoft Copilot AI Can Access Restricted PasswordsRed team hackers have accessed restricted passwords using Microsoft’s Copilot AI for SharePoint — here’s what you need to know.
Read more »
Warning — Stealing Windows Passwords Is As Easy As APT 123This state-sponsored attack group is on the hunt for Windows passwords.
Read more »