Is it safe to store database credentials as plain text in the configuration file?

Some services like ejabberd, nginx for authenticating using a database, and dovecot requires providing the database password as plain text in the configuration file. Is it safe to store MariaDB password as plain text provided that processe… Continue reading Is it safe to store database credentials as plain text in the configuration file?

Debian’s security tracker says a CVE is fixed, while BlackDuck scanner detects it

I stumbled across a vulnerability considered a critical security risk (CVE-2023-25139) in one of container images I build.
Debian’s security tracker states it’s fixed: https://security-tracker.debian.org/tracker/CVE-2023-25139 – specifical… Continue reading Debian’s security tracker says a CVE is fixed, while BlackDuck scanner detects it

Risk of spyware with proprietary firmware packages on Linux, even after removing them?

When I installed Debian 12 LXQt ISO with the graphical install, it installed many proprietary firmware packages that were not needed and without my consent.
Is it possible that proprietary firmware included in Debian default installation c… Continue reading Risk of spyware with proprietary firmware packages on Linux, even after removing them?

Curl project squashes high-severity bug in omnipresent libcurl library (CVE-2023-38545)

Curl v8.4.0 is out, and fixes – among other things – a high-severity SOCKS5 heap buffer overflow vulnerability (CVE-2023-38545). Appropriate patches for some older curl versions have been released, too. Preparation for the security updates … Continue reading Curl project squashes high-severity bug in omnipresent libcurl library (CVE-2023-38545)

GNOME users at risk of RCE attack (CVE-2023-43641)

If you’re running GNOME on you Linux system(s), you are probably open to remote code execution attacks via a booby-trapped file, thanks to a memory corruption vulnerability (CVE-2023-43641) in the libcue library. About CVE-2023-43641 Discovered b… Continue reading GNOME users at risk of RCE attack (CVE-2023-43641)

Red Hat, Ubuntu, Debian, and Gentoo Release Patches for ‘Looney Tunables’ Linux Vulnerability

Thursday ZDNet reported…

As security holes go, CVE-2023-4911, aka “Looney Tunables,” isn’t horrid. It has a Common Vulnerability Scoring System score of 7.8, which is ranked as important, not critical.

On the other hand, this GNU C Library’s (glib… Continue reading Red Hat, Ubuntu, Debian, and Gentoo Release Patches for ‘Looney Tunables’ Linux Vulnerability

“Looney Tunables” bug allows root access on Linux distros (CVE-2023-4911)

A vulnerability (CVE-2023-4911) in the GNU C Library (aka “glibc”) can be exploited by attackers to gain root privileges on many popular Linux distributions, according to Qualys researchers. About CVE-2023-4911 Dubbed “Looney Tunables… Continue reading “Looney Tunables” bug allows root access on Linux distros (CVE-2023-4911)