Solar Designer

The CIQ portal is live: access, evaluate, and deploy CIQ products on your own terms. From registration to your first download in under 10 minutes. Personal Use, Free, Developer and Trial licenses are available today, alongside a full product catalog including RLC Pro, RLC Pro Hardened, RLC Pro AI, RLC+, CIQ Bridge, Fuzzball, Ascender Pro, and Warewulf Pro. Start where you are. Scale when you're ready: bit.ly/4bRs2Jc #RLCPro #RockyLinux #Linux #OpenSource #EnterpriseLinux #CIQ

CVE-2026-3888: snap-confine + systemd-tmpfiles = root openwall.com/lists/oss-secu… as discovered by @Qualys Case study: Ubuntu Desktop 24.04 - Analysis - Exploitation Case study: Ubuntu Desktop 25.10 - Overview - Exploitation A quick note on the uutils coreutils (the rust-coreutils)

10+ CVEs in GStreamer openwall.com/lists/oss-secu… a dependency of the tracker-extract package, which GNOME uses to automatically parse metadata in new files. Among other things, this service indexes all files in the user's home directory without any user interaction.

CVE-2005-0488: Some telnet clients still leak environment variables openwall.com/lists/oss-secu… Vulnerable: GNU Inetutils 2.7.33 (Debian, Ubuntu, Termux, ...), FreeBSD 16.0-CURRENT, NetBSD 11.0-RC2, Solaris 11.4. By-design partial leakage: OpenBSD 7.8. Abuse via telnet:// URI scheme.

AppArmor vulnerabilities openwall.com/lists/oss-secu… Confused deputy - Removing, loading a profile - Bypassing Ubuntu's user-namespace restrictions AppArmor+Sudo+Postfix = root Kernel - Uncontrolled recursion - Out-of-bounds read - Use-after-free - Double-free x.com/qualys/status/…

Remote Pre-Auth Buffer Overflow in GNU Inetutils telnetd (LINEMODE SLC) openwall.com/lists/oss-secu… Affects Debian/Ubuntu. Linux NetKit telnetd and thus Red Hat'ish distros are unaffected.

CVE-2026-3497: OpenSSH GSSAPI Key Exchange patch issue openwall.com/lists/oss-secu… Many Linux distros carry this patch on top of OpenSSH. Affects servers with "GSSAPIKeyExchange yes". Triggered by single tiny crafted SSH packet, no authentication or credentials needed. Impact varies.

passwdqc 2.1.0 is out, adding built-in common passwords list. We effectively include top 100k of HIBPv8 overlap with RockYou, optimized and compressed to under 200 KB embedded in program binary. None of JtR password.lst 1.8 million are accepted by default. openwall.com/lists/announce…

Telnetd Vulnerability Report openwall.com/lists/oss-secu… Rediscoveries in InetUtils beyond last month's froot. Incomplete fix of CVE-1999-0073, where the CVE description's example was LD_LIBRARY_PATH, but new LPE PoCs use CREDENTIALS_DIRECTORY and GCONV_PATH. Avoided in Linux NetKit?

OpenSC, ghostscript, cgif issues from the recent Anthropic disclosure openwall.com/lists/oss-secu… Anthropic say they found 500+ vulnerabilities and list 3 of them. These 3 don’t appear to have CVEs and 2 don’t appear in releases. Maintainers may not agree with the significance.

As blogged by @trailofbits, two popular AES libraries, aes-js and pyaes, “helpfully” provide a default IV in their AES-CTR API, leading to a large number of key/IV reuse bugs. These bugs potentially affect thousands of downstreams. openwall.com/lists/oss-secu… x.com/trailofbits/st…

Mainline Linux kernel "adds namespace support to vhost-vsock and loopback" openwall.com/lists/oss-secu… "The design of this whole thing actually seems to me entirely broken and useless, especially for something that took 7 years to land" said @spendergrsec x.com/spendergrsec/s…

@spendergrsec Thanks! I would have preferred that you post this directly, but anyway I just did openwall.com/lists/oss-secu…

but not when you can't even see what you should be able to connect to (especially so when the same id can be reused by local mode containers).

git.kernel.org/pub/scm/linux/… @solardiz maybe relevant for the list

Introducing sshimpanzee, a reverse shell made by @TitouanLazard based on openssh's sshd. It supports DNS, ICMP and HTTP encapsulation as well as SOCKS and HTTP Proxies : blog.lexfo.fr/sshimpanzee.ht…

CVE-2026-25506: MUNGE 0.5-0.5.17 buffer overflow allowing key leakage openwall.com/lists/oss-secu… In HPC environments where workload managers and other services use MUNGE for authentication, forged credentials could potentially enable privilege escalation

zlib security audit by @7aSecurity openwall.com/lists/oss-secu… 10 issues, 1 High "Heap Buffer Overflow via Legacy gzprintf Implementation", which "seems to require that zlib was built with -DNO_vsnprintf -DNO_snprintf, targeting a system lacking snprintf." x.com/7aSecurity/sta…

CVE-2026-25646: libpng: Heap buffer overflow openwall.com/lists/oss-secu… in png_set_quantize when called with no histogram and a palette larger than twice the requested maximum number of colors. Images that trigger this vulnerability are valid per the PNG specification. Fix in 1.6.55

CVE-2026-23906: Apache Druid: Authentication Bypass via LDAP Anonymous Bind openwall.com/lists/oss-secu… by providing an existing username with an empty password. Immediate Mitigation: Disable anonymous bind on your LDAP server. Resolution: Upgrade to version 36.0.0 or later.

On patch vs. commit messages openwall.com/lists/oss-secu… PSA: Did you know that it’s unsafe to put code diffs into your commit messages? Such diffs will be applied by patch(1) and git-am(1) as part of the code change! This is how a sleep(1) made it into i3 4.25-2 in Debian unstable.

"systemd vsock sshd" kernel patch fix openwall.com/lists/oss-secu… Every address family in Linux needs to implement its own namespace handling. In 2007, all existing address families got a check to only allow the initial network namespace. AF_VSOCK is newer and never got this check.