fell, 1 month ago to Matrix I just learnt about jemalloc in order to fix the memory hunger of Synapse. So yeah, Python developers will rather hijack the glibc memory allocator than switch to a resource efficient language. #jemalloc #Matrix #Synapse #Python #glibc #programming
I just learnt about jemalloc in order to fix the memory hunger of Synapse.
jemalloc
So yeah, Python developers will rather hijack the glibc memory allocator than switch to a resource efficient language.
#jemalloc #Matrix #Synapse #Python #glibc #programming
matthew, 1 month ago to php This is the fix that I was looking for to mitigate the "PHP" glibc vulnerability in Ubuntu server: #php #glibc #ubuntu #sysadmin #security RT: https://shitposter.world/objects/747bb41c-ce2a-4861-aabc-d430ca214ffd
This is the fix that I was looking for to mitigate the "PHP" glibc vulnerability in Ubuntu server:
#php #glibc #ubuntu #sysadmin #security
RT: https://shitposter.world/objects/747bb41c-ce2a-4861-aabc-d430ca214ffd
matthew, 1 month ago to sysadmin Question on the PHP glibc vulnerability: Does anyone know a blog post or other documentation for how to turn off the character set that allows the vulnerability in Ubuntu and Debian? Here's a good blog post by Rocky Linux on the subject, but I'm not sure how to translate the instructions to Debian and Ubuntu. https://rockylinux.org/pt_BR/news/glibc-vulnerability-april-2024/?language=en #sysadmin #security #php #glibc #debian #ubuntu #rockylinux #linux
Question on the PHP glibc vulnerability:
Does anyone know a blog post or other documentation for how to turn off the character set that allows the vulnerability in Ubuntu and Debian?
Here's a good blog post by Rocky Linux on the subject, but I'm not sure how to translate the instructions to Debian and Ubuntu.
https://rockylinux.org/pt_BR/news/glibc-vulnerability-april-2024/?language=en
#sysadmin #security #php #glibc #debian #ubuntu #rockylinux #linux
ramsey, 1 month ago @matthew There’s some information on the official @php website that might be helpful: https://www.php.net/archive/2024.php#2024-04-24-1 #PHP #GLibC
@matthew There’s some information on the official @php website that might be helpful: https://www.php.net/archive/2024.php#2024-04-24-1
#PHP #GLibC
mart_w, 1 month ago to php German As fixes for the current #glibc and #php #vulnerability are not reliably available yet, keep in mind that a workaround exists for those of you who don’t need support for the ISO-2022-CN-EXT character set: https://rockylinux.org/news/glibc-vulnerability-april-2024/ This should be quite straightforward to apply on most machines – except those running #NixOS. If you do use NixOS, my solution might help you bridge the gap until the proper fix is upstream: https://git.brokentech.cloud/mart-w/nixos-workaround-cve-2024-2961 Thanks @hexa for pointing me in the right direction!
As fixes for the current #glibc and #php #vulnerability are not reliably available yet, keep in mind that a workaround exists for those of you who don’t need support for the ISO-2022-CN-EXT character set: https://rockylinux.org/news/glibc-vulnerability-april-2024/
This should be quite straightforward to apply on most machines – except those running #NixOS. If you do use NixOS, my solution might help you bridge the gap until the proper fix is upstream: https://git.brokentech.cloud/mart-w/nixos-workaround-cve-2024-2961
Thanks @hexa for pointing me in the right direction!
mergy, 1 month ago to debian Posted the cobbled-together fix (it seems) for #Debian Linux folks here https://mergy.org/glibc-vuln-fix-for-debian-for-now/ At least you can see if your distro is similar or not. #infosec #glibc #glibcvuln #linux #php
Posted the cobbled-together fix (it seems) for #Debian Linux folks here https://mergy.org/glibc-vuln-fix-for-debian-for-now/
At least you can see if your distro is similar or not.
#infosec #glibc #glibcvuln #linux #php
andrewfeeney, 1 month ago to php #PHP and #infosec folks, what do you make of this? https://youtu.be/kQdRT2odUIk
#PHP and #infosec folks, what do you make of this?
https://youtu.be/kQdRT2odUIk
mergy, 1 month ago @andrewfeeney Workaround possibly for now >> GLIBC Vulnerability on Servers Serving PHP https://mer.gy/iconvglibcvuln (via Rocky Linux) "First, let us check if the system has the compromised set, running iconv -l | grep -E 'CN-?EXT' If there is no output, the system is safe to this vulnerability." Else - Browse to /usr/lib64/gconv/gconv-modules.d Edit gconv-modules-extra.conf Go to line 1254 and comment out the following..." #infosec #glibc #iconvglibc
@andrewfeeney Workaround possibly for now >> GLIBC Vulnerability on Servers Serving PHP https://mer.gy/iconvglibcvuln (via Rocky Linux)
"First, let us check if the system has the compromised set, running
iconv -l | grep -E 'CN-?EXT'
If there is no output, the system is safe to this vulnerability."
Else -
Browse to /usr/lib64/gconv/gconv-modules.d
Edit gconv-modules-extra.conf
Go to line 1254 and comment out the following..."
#infosec #glibc #iconvglibc
rockylinux, 1 month ago to linux Regarding the recent glibc vulnerability (CVE-2024-2961) on servers serving php content, here's a step-by-step guide to secure your Rocky Linux installation https://rockylinux.org/news/glibc-vulnerability-april-2024/ #RockyLinux #ELCommunity #Linux #glibc
Regarding the recent glibc vulnerability (CVE-2024-2961) on servers serving php content, here's a step-by-step guide to secure your Rocky Linux installation https://rockylinux.org/news/glibc-vulnerability-april-2024/ #RockyLinux #ELCommunity #Linux #glibc
j3j5, 1 month ago to php tl;dr: upgrade glibc on your servers! Summing it up, there's a vulnerability (CVE-2024-2961) on glibc that, apparently, can be used to get RCE on servers running PHP. It's recommended that you update glibc to a patched version. https://security-tracker.debian.org/tracker/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2024-2961 There's an upcoming talk on May 10 where the researcher will explain how it was used to hack PHP servers. https://www.offensivecon.org/speakers/2024/charles-fol.html #PHP #glibc #iconv
tl;dr: upgrade glibc on your servers!
Summing it up, there's a vulnerability (CVE-2024-2961) on glibc that, apparently, can be used to get RCE on servers running PHP. It's recommended that you update glibc to a patched version.
https://security-tracker.debian.org/tracker/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2024-2961
There's an upcoming talk on May 10 where the researcher will explain how it was used to hack PHP servers.
https://www.offensivecon.org/speakers/2024/charles-fol.html
#PHP #glibc #iconv
fsf, 2 months ago to emacs Assigning your copyright to the FSF helps defend the GPL and keep software free. Thanks to Gene Goykhman, Sergey Alexandrovich Bugaev, Wang Diancheng, Warren Thomas Everett Wilkinson, and Xinyuan Zhang for assigning their copyright to the FSF! #GNU #Emacs #glibc #GDB #GNUstep #GNUHurd #GNUMach #GCC Learn more at https://u.fsf.org/3ht #CopyrightAssignments
Assigning your copyright to the FSF helps defend the GPL and keep software free. Thanks to Gene Goykhman, Sergey Alexandrovich Bugaev, Wang Diancheng, Warren Thomas Everett Wilkinson, and Xinyuan Zhang for assigning their copyright to the FSF! #GNU #Emacs #glibc #GDB #GNUstep #GNUHurd #GNUMach #GCC Learn more at https://u.fsf.org/3ht #CopyrightAssignments
fsf, 3 months ago to emacs Assigning your copyright to the FSF helps defend the GPL and keep software free. Thanks to Gene Goykhman, Sergey Alexandrovich Bugaev, Wang Diancheng, Warren Thomas Everett Wilkinson, and Xinyuan Zhang for assigning their copyright to the FSF! #GNU #Emacs #glibc #GDB #GNUstep #GNUHurd #GNUMach #GCC Learn more at https://u.fsf.org/3ht #CopyrightAssignments
fsf, 4 months ago to emacs Assigning your copyright to the FSF helps defend the GPL and keep software free. Thanks to Gene Goykhman, Sergey Alexandrovich Bugaev, Wang Diancheng, Warren Thomas Everett Wilkinson, and Xinyuan Zhang for assigning their copyright to the FSF! #GNU #Emacs #glibc #GDB #GNUstep #GNUHurd #GNUMach #GCC Learn more at https://u.fsf.org/3ht #CopyrightAssignments
linuxmagazine, 4 months ago to ubuntu Microsoft changes its tune: VS code will work with #Ubuntu 18.04... for now https://www.linux-magazine.com/Online/News/Microsoft-Says-VS-Code-Will-Work-With-Ubuntu-18.04 #VisualStudio #Linux #Microsoft #VSCode #glibc
Microsoft changes its tune: VS code will work with #Ubuntu 18.04... for now https://www.linux-magazine.com/Online/News/Microsoft-Says-VS-Code-Will-Work-With-Ubuntu-18.04 #VisualStudio #Linux #Microsoft #VSCode #glibc
0xor0ne, 4 months ago to Cybersecurity Excellent overview of glibc heap exploitation techniques by @0xricksanchez https://0x434b.dev/overview-of-glibc-heap-exploitation-techniques/ #glibc #cybersecurity
Excellent overview of glibc heap exploitation techniques by @0xricksanchez
https://0x434b.dev/overview-of-glibc-heap-exploitation-techniques/
#glibc #cybersecurity
gnutools, 4 months ago to random The GNU C Library has been authorized by the #CVE Program as a CVE Numbering Authority (#CNA) #GLIBC https://sourceware.org/pipermail/libc-announce/2024/000039.html
The GNU C Library has been authorized by the #CVE Program as a CVE Numbering Authority (#CNA) #GLIBC https://sourceware.org/pipermail/libc-announce/2024/000039.html
itnewsbot, 4 months ago to jenkins This Week in Security: Glibc, Ivanti, Jenkins, and Runc - There’s a fun buffer overflow problem in the Glibc __vsyslog_internal() function. ... - https://hackaday.com/2024/02/02/this-week-in-security-glibc-ivanti-jenkins-and-runc/ #thisweekinsecurity #hackadaycolumns #securityhacks #leakyvessels #jenkins #glibc #news
This Week in Security: Glibc, Ivanti, Jenkins, and Runc - There’s a fun buffer overflow problem in the Glibc __vsyslog_internal() function. ... - https://hackaday.com/2024/02/02/this-week-in-security-glibc-ivanti-jenkins-and-runc/ #thisweekinsecurity #hackadaycolumns #securityhacks #leakyvessels #jenkins #glibc #news
frankel, 4 months ago to linux New #Glibc Library #Flaw Grants Root Access to Major #Linux Distros https://www.cyberkendra.com/2024/01/glibc-flaw-allow-root-access-to-major-distros.html
New #Glibc Library #Flaw Grants Root Access to Major #Linux Distros
https://www.cyberkendra.com/2024/01/glibc-flaw-allow-root-access-to-major-distros.html
colin_mcmillen, 4 months ago to random French La #glibc 2.39 est officiellement releasée depuis hier (https://lists.gnu.org/archive/html/info-gnu/2024-01/msg00017.html), et dedans, il y a un (tout petit) patch que j'ai fait ! #fier
La #glibc 2.39 est officiellement releasée depuis hier (https://lists.gnu.org/archive/html/info-gnu/2024-01/msg00017.html), et dedans, il y a un (tout petit) patch que j'ai fait ! #fier
raptor, 4 months ago to random For the algorithm lovers: Nontransitive comparison functions lead to out-of-bounds read & write in #glibc's qsort() by @qualys can’t stop thinking about possible targets for this memory corruption 🤔 https://www.qualys.com/2024/01/30/qsort.txt
For the algorithm lovers: Nontransitive comparison functions lead to out-of-bounds read & write in #glibc's qsort() by @qualys
https://www.qualys.com/2024/01/30/qsort.txt
kzimmermann, 4 months ago to security Time to update your servers... and give them a reboot just in case! https://www.cyberkendra.com/2024/01/glibc-flaw-allow-root-access-to-major-distros.html #security #privilegeescalation #glibc
Time to update your servers... and give them a reboot just in case!
#security #privilegeescalation #glibc
ottoto2017, 4 months ago to linux Japanese 「新しい #Linux #glibc の欠陥により、攻撃者は主要ディストリビューションで root を取得できます 」: BLEEPINGCOMPUTER 「権限のない攻撃者は、GNU C ライブラリ (glibc) で新たに公開されたローカル権限エスカレーション (LPE) の脆弱性を悪用することで、デフォルト構成の複数の主要な Linux ディストリビューションで root アクセスを取得する可能性があります。 CVE-2023-6246 として追跡されている このセキュリティ上の欠陥は、システム メッセージ ロガーにメッセージを書き込むために広く使用されている syslog および vsyslog 関数によって呼び出される glibc の __vsyslog_internal() 関数で見つかりました。 #Debian 12 と 13、 #Ubuntu 23.04 と 23.10、および #Fedora 37 ~ 39 が脆弱である」 https://www.bleepingcomputer.com/news/security/new-linux-glibc-flaw-lets-attackers-get-root-on-major-distros/ #prattohome #BLEEPINGCOMPUTER
「新しい #Linux #glibc の欠陥により、攻撃者は主要ディストリビューションで root を取得できます 」: BLEEPINGCOMPUTER
「権限のない攻撃者は、GNU C ライブラリ (glibc) で新たに公開されたローカル権限エスカレーション (LPE) の脆弱性を悪用することで、デフォルト構成の複数の主要な Linux ディストリビューションで root アクセスを取得する可能性があります。
CVE-2023-6246 として追跡されている このセキュリティ上の欠陥は、システム メッセージ ロガーにメッセージを書き込むために広く使用されている syslog および vsyslog 関数によって呼び出される glibc の __vsyslog_internal() 関数で見つかりました。 #Debian 12 と 13、 #Ubuntu 23.04 と 23.10、および #Fedora 37 ~ 39 が脆弱である」
https://www.bleepingcomputer.com/news/security/new-linux-glibc-flaw-lets-attackers-get-root-on-major-distros/
#prattohome #BLEEPINGCOMPUTER