Aggregator

An anonymous reader shared this report from The Hacker News: Two information disclosure flaws have been identified in apport and systemd-coredump, the core dump handlers in Ubuntu, Red Hat Enterprise Linux, and Fedora, according to the Qualys Threat Research Unit (TRU). Tracked as CVE-2025-5054 and CVE-2025-4598, both vulnerabilities are race condition bugs that could enable a local attacker to obtain access to access sensitive information. Tools like Apport and systemd-coredump are designed to handle crash reporting and core dumps in Linux systems. "These race conditions allow a local attacker to exploit a SUID program and gain read access to the resulting core dump," Saeed Abbasi, manager of product at Qualys TRU, said... Red Hat said CVE-2025-4598 has been rated Moderate in severity owing to the high complexity in pulling an exploit for the vulnerability, noting that the attacker has to first win the race condition and be in possession of an unprivileged local account... Qualys has also developed proof-of-concept code for both vulnerabilities, demonstrating how a local attacker can exploit the coredump of a crashed unix_chkpwd process, which is used to verify the validity of a user's password, to obtain password hashes from the /etc/shadow file. Advisories were also issued by Gentoo, Amazon Linux, and Debian, the article points out. (Though "It's worth noting that Debian systems aren't susceptible to CVE-2025-4598 by default, since they don't include any core dump handler unless the systemd-coredump package is manually installed.") Canonical software security engineer Octavio Galland explains the issue on Canonical's blog. "If a local attacker manages to induce a crash in a privileged process and quickly replaces it with another one with the same process ID that resides inside a mount and pid namespace, apport will attempt to forward the core dump (which might contain sensitive information belonging to the original, privileged process) into the namespace... In order to successfully carry out the exploit, an attacker must have permissions to create user, mount and pid namespaces with full capabilities." Canonical's security team has released updates for the apport package for all affected Ubuntu releases... We recommend you upgrade all packages... The unattended-upgrades feature is enabled by default for Ubuntu 16.04 LTS onwards. This service: - Applies new security updates every 24 hours automatically. - If you have this enabled, the patches above will be automatically applied within 24 hours of being available.

Read more of this story at Slashdot.

Pheobe, 17, was last seen on May 15 when James Wood, 34, and Tanika Bromley, 33, gave her a lift to the airport from their ramshackle home in Gin Gin, near Bundaberg, central Queensland .

A picture was posted to Facebook asking if anyone had lost a snake, which had hundreds of comments and some nearby residents even setting out to look for him.

A Colchester doctor’s fitness to practise is not impaired after she was suspended for 12 months due to drawing an “excessive amount” of fluid.

Braintree Council is moving to oppose a controversial £400million incinerator plant and to make decisions on planning applications for it independently.

The street is in a prime location

Set back from a rural New Jersey road, 10 miles from Donald Trump's Bedminster golf course, you'll find an the unassuming bungalow...

CNN is being slammed for downplaying the terror attack in Boulder, Colorado , which saw multiple people set on fire at a pro-Israel rally.

Veronica Garcia of East Valley of Spokane won the 400m by nearly a second at the championships on Saturday. Garcia also helped their school win the 4x100m relay.

Witnesses described the terrifying moment a man hurled Molotov cocktails at a peaceful pro-Israel walk in Boulder's Pearl Street Mall, causing chaos and injuring several people.

It costs just £14 and is both confy and stylish

"The Doctor is dead. Long live the Doctor!" writes Space.com. (Spoilers ahead...) "The era of Ncuti Gatwa's Fifteenth Doctor came to a surprise end on Saturday night, as the Time Lord regenerated at the end of "Doctor Who" season 2 finale... [T]he Doctor gradually realises that not everything is back to normal. Poppy, his daughter with Belinda Chandra in the "Wish World" fantasy, has been erased from history, so the Time Lord decides to sacrifice himself by firing a ton of regeneration energy into the time Vortex to "jolt it one degree" — and hopefully bring her back. It goes without saying that his madcap scheme saves Poppy, as we learn that, in this rewritten timeline, the little girl was always the reason Belinda had been desperate to get back home. But arguably the biggest talking point of the episode — and, indeed, the season — is saved until last, as the Doctor regenerates into a very familiar face... Hint: They played the Doctor's companion, Rose Tyler, "alongside Christopher Eccleston's Ninth Doctor and David Tennant's Tenth Doctor during the phenomenally successful first two seasons of the show's 2005 reboot." Showrunner Russell T Davies called it "an honour and a hoot" to welcome back Billie Piper to the TARDIS, "but quite how and why and who is a story yet to be told. After 62 years, the Doctor's adventures are only just beginning!" Although the show's post-regeneration credits have traditionally featured the line "And introducing [insert name] as the Doctor", here it simply says "And introducing Billie Piper". The omission of "as the Doctor" is unlikely to be accidental, suggesting that Davies is playing a very elaborate game with "Who" fandom... Another mystery! The BBC and Disney+ are yet to confirm if and when "Doctor Who" will return for a third season of its current iteration. "There's no decision until after season two..." Davies told Radio Times in April (as spotted by the Independent). "That's when the decision is — and the decision won't even be made by the people we work with at Disney Plus, it'll be made by someone in a big office somewhere. So literally nothing happening, no decision." "For a new series to be ready for 2026, production would need to get under way relatively soon," writes the BBC. "So at the moment a new series or a special starring Billie Piper before 2027 looks unlikely." The Guardian adds: Concerns have been raised about falling viewing figures, which have struggled to rally since Russell T Davies' return in 2023. Two episodes during this series, which aired in May, got less than 3 million viewers — the lowest since the modern era began airing in 2005. The Independent has this statement from Piper: "It's no secret how much I love this show, and I have always said I would love to return to the Whoniverse as I have some of my best memories there, so to be given the opportunity to step back on that Tardis one more time was just something I couldn't refuse, but who, how, why and when, you'll just have to wait and see."

Read more of this story at Slashdot.

Devin Lee Harjes, a television actor recognized for his roles in Manifest, Boardwalk Empire, and Daredevil, has passed away at the age of 41.

PLUS: Ransomware gang using tech support scam; Czechia accuses China of infrastructure attack; And more!

Infosec In Brief  Despite last week’s FBI announcement that it helped to take down the crew behind the Lumma infostealer, the malware continues to operate.…

Along with accomplice Jack Whomes, the triple murderer killed Tony Tucker, 38, Pat Tate, 37, and Craig Rolfe, 26, with a pump action shotgun in Rettendon, Essex, in 1995.

Sir Salman Rushdie says 'I'm over it' following the horrific knife attack which has now seen the crook jailed.

People say it gives them 'beach confidence'

Emma Bradley ignored concerns from her family to settle down with Stephen West, 51, and the pair have recently welcomed a baby girl named Eden.

Germany's defence chief has starkly warned that NATO should be prepared for a possible attack by Russia in the next four years. 

Reese Eckard of Sherwood High School and Alexa Anderson of Tigard High School have been praised as heroes on social media after this weekend's state championships in Oregon.