CVE-2025-8067 - UDisks
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H - 8.5
This issue is fixed in udisks2 versions 2.10.91 and 2.10.2
The upstream advisory is available at:
https://github.com/storaged-project/udisks/security/advisories/GHSA-742q-gggc-473g
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H - 8.5
This issue is fixed in udisks2 versions 2.10.91 and 2.10.2
The upstream advisory is available at:
https://github.com/storaged-project/udisks/security/advisories/GHSA-742q-gggc-473g
GitHub
Out-Of-Bounds Read in UDisks Daemon
The UDisks daemon contains an out-of-bounds (OOB) read vulnerability that can be triggered by an unprivileged user via system bus. Successful exploitation leads to a crash of the daemon process, or...
Forwarded from AIGC
[oss-security] CVE-2025-8067 - UDisks
UDisks 服务中发现高危漏洞 CVE-2025-8067,CVSS 评分为 8.5(高危)。该漏洞为越界读取(Out-Of-Bounds Read)问题,允许非特权用户通过 D-Bus 系统总线触发,可能导致服务崩溃或本地权限提升。
漏洞位于 UDisks 处理 LoopSetup 请求时的 fd_index 参数验证不完整,未检查负数值,导致可读取进程内部无效的文件描述符。攻击者可利用此漏洞映射守护进程的内部文件描述符至回环设备,进而实现权限提升。
受影响版本为 udisks2 2.10.1 及更早版本,已在 2.10.91 和 2.10.2 中修复。
建议用户尽快升级至安全版本。更多技术细节和修复建议可参考上游公告:
https://github.com/storaged-project/udisks/security/advisories/GHSA-742q-gggc-473g
#安全漏洞 #UDisks #权限提升 #Linux安全
#AIGC
Read more
UDisks 服务中发现高危漏洞 CVE-2025-8067,CVSS 评分为 8.5(高危)。该漏洞为越界读取(Out-Of-Bounds Read)问题,允许非特权用户通过 D-Bus 系统总线触发,可能导致服务崩溃或本地权限提升。
漏洞位于 UDisks 处理 LoopSetup 请求时的 fd_index 参数验证不完整,未检查负数值,导致可读取进程内部无效的文件描述符。攻击者可利用此漏洞映射守护进程的内部文件描述符至回环设备,进而实现权限提升。
受影响版本为 udisks2 2.10.1 及更早版本,已在 2.10.91 和 2.10.2 中修复。
建议用户尽快升级至安全版本。更多技术细节和修复建议可参考上游公告:
https://github.com/storaged-project/udisks/security/advisories/GHSA-742q-gggc-473g
#安全漏洞 #UDisks #权限提升 #Linux安全
#AIGC
Read more
AIGC
[oss-security] CVE-2025-8067 - UDisks UDisks 服务中发现高危漏洞 CVE-2025-8067,CVSS 评分为 8.5(高危)。该漏洞为越界读取(Out-Of-Bounds Read)问题,允许非特权用户通过 D-Bus 系统总线触发,可能导致服务崩溃或本地权限提升。 漏洞位于 UDisks 处理 LoopSetup 请求时的 fd_index 参数验证不完整,未检查负数值,导致可读取进程内部无效的文件描述符。攻击者可利用此漏洞映射守护进程的内部文件描述符至回环设备,进而实现权限提升。…
DSA 5989-1
For the oldstable distribution (bookworm), this problem has been fixed
in version 2.9.4-4+deb12u2.
For the stable distribution (trixie), this problem has been fixed in
version 2.10.1-12.1+deb13u1.
For the oldstable distribution (bookworm), this problem has been fixed
in version 2.9.4-4+deb12u2.
For the stable distribution (trixie), this problem has been fixed in
version 2.10.1-12.1+deb13u1.
Forwarded from 每日消费电子观察 (无羽の翼 (「 • ̀ω•́ )「)
索尼承认部分 FeliCa 芯片存在安全漏洞
https://china.kyodonews.net/~
https://www.sony.co.jp/~
受影响的是2017年以前出货的实体卡芯片。
但因为同一个发卡部门的新旧卡一般使用相同的密钥,所以如果破解了影响范围会比较大。
https://china.kyodonews.net/~
https://www.sony.co.jp/~
受影响的是2017年以前出货的实体卡芯片。
但因为同一个发卡部门的新旧卡一般使用相同的密钥,所以如果破解了影响范围会比较大。
共同网
索尼承认非接触式IC技术FeliCa部分芯片存在安全漏洞
【共同社8月29日电】关于日本全国的公共交通IC卡与电子货币等使用的非接触式IC技术“FeliCa”,28日从对相关人士的采访获悉,这项与社会基础设施密切相关的技术被发现有严重安全漏洞,存在破解加
Forwarded from 今天abc看了啥🤔 (asfr | abc1763613206🤔)
Forwarded from yet_another_channel
Linus Torvalds Marks Bcachefs As Now "Externally Maintained"
Bcachefs 尊享 OpenZFS 同種待遇🫠
#Filesystem #Linux #BcacheFS #FLOSS #Tech
https://www.phoronix.com/news/Bcachefs-Externally-Maintained
Bcachefs 尊享 OpenZFS 同種待遇🫠
#Filesystem #Linux #BcacheFS #FLOSS #Tech
https://www.phoronix.com/news/Bcachefs-Externally-Maintained
Phoronix
Linus Torvalds Marks Bcachefs As Now "Externally Maintained"
Linus Torvalds has finally come to a decision following his plans to part ways with the Bcachefs file-system and then not merging any Bcachefs updates for Linux 6.17.
🤣10
Forwarded from 今天abc看了啥🤔 (asfr | abc1763613206🤔)
YouTube 将于8月29日(周五)至31日(周日)连续三天举办 YouTube Music Weekend 10.0 supported by PlayStation® 活动,一次性首映122组艺术家的全新拍摄现场演出视频及音乐录影带。本次迎来第十届的盛会,将汇聚以动漫与网络文化为核心、活跃于YouTube音乐领域的多元风格艺术家。
https://www.youtube.com/playlist?list=PLQntWbrycbJfBxlFizwmPOa1S_2d8dKaP
https://x.com/SonyMusic_JPN/status/1960643515307974964
*注意日本时间比北京时间快一个小时
https://www.youtube.com/playlist?list=PLQntWbrycbJfBxlFizwmPOa1S_2d8dKaP
https://x.com/SonyMusic_JPN/status/1960643515307974964
*注意日本时间比北京时间快一个小时
This is what pull requests used to look like.
(The last sentence is particularly remarkable!)
https://discuss.systems/@dan/115121209131629703
(The last sentence is particularly remarkable!)
https://discuss.systems/@dan/115121209131629703
👍8
Forwarded from 层叠 - The Cascading
Deepin DE 在各发行版正缺乏维护。
包括 NixOS 和 Fedora 在内的 Deepin 组件均较久未有更新而未有维护者接手。
linksrc: https://www.tg-me.com/landiansub/13412
1. gh:NixOS/nixpkgs#422090
2. pagure:fedora-omps#1149
[感谢匿名订户提供的消息。]
thread: /4707
#Deepin
包括 NixOS 和 Fedora 在内的 Deepin 组件均较久未有更新而未有维护者接手。
linksrc: https://www.tg-me.com/landiansub/13412
1. gh:NixOS/nixpkgs#422090
2. pagure:fedora-omps#1149
[感谢匿名订户提供的消息。]
thread: /4707
#Deepin
Telegram
蓝点网订阅频道
#系统资讯 深度操作系统桌面环境(Deepin desktop environment)目前陷入发行版移植困难,在5月份因为打包的安全问题已经被openSUSE移除。
在7月~8月的讨论中负责DDE for NixOS移植的开发者宣布放弃维护,Fedora Linux社区也讨论删除DDE环境,目前仅Arch Linux仍然提供DDE相关软件包,但存在大面积过时问题。
在DDE for NixOS的讨论贴中有Deepin工程师愿意接手,不过目前还没有明确的后续消息。
sources:openSUSE、NixOS、Fedora…
在7月~8月的讨论中负责DDE for NixOS移植的开发者宣布放弃维护,Fedora Linux社区也讨论删除DDE环境,目前仅Arch Linux仍然提供DDE相关软件包,但存在大面积过时问题。
在DDE for NixOS的讨论贴中有Deepin工程师愿意接手,不过目前还没有明确的后续消息。
sources:openSUSE、NixOS、Fedora…
The matrix.org database secondary lost its FS due to a RAID failure earlier today (11:17 UTC). Then, we lost the primary at 17:26. We're trying to restore the primary DB FS (which could be fastish), while also doing a point-in-time backup restore from last night (which takes >10h). We believe the incremental DB traffic since last night is intact however. Apologies for the downtime; folks on their own homeserver are of course not impacted.
https://mastodon.matrix.org/@matrix/115136245785561439
https://mastodon.matrix.org/@matrix/115136245785561439
Matrix.org's Mastodon
The Matrix.org Foundation (@[email protected])
So: the matrix.org database secondary lost its FS due to a RAID failure earlier today (11:17 UTC). Then, we lost the primary at 17:26. We're trying to restore the primary DB FS (which could be fastish), while also doing a point-in-time backup restore from…
咕 Billchen 咕 🐱 抹茶芭菲批发中心
The matrix.org database secondary lost its FS due to a RAID failure earlier today (11:17 UTC). Then, we lost the primary at 17:26. We're trying to restore the primary DB FS (which could be fastish), while also doing a point-in-time backup restore from last…
Status update: we’re 47TB through restoring the 55TB db snapshot of the matrix.org DB, but then have to rebuild the DB and replay the subsequent 17h of DB traffic, which will take several hours. Thank you for your patience, and apologies once again for the outage.
https://mastodon.matrix.org/@matrix/115139109820482116
https://mastodon.matrix.org/@matrix/115139109820482116
Matrix.org's Mastodon
The Matrix.org Foundation (@[email protected])
Status update: we’re 47TB through restoring the 55TB db snapshot of the matrix.org DB, but then have to rebuild the DB and replay the subsequent 17h of DB traffic, which will take several hours. Thank you for your patience, and apologies once again for the…
Forwarded from 科技圈的日常 (Jimmy Tian)
微软开源了适用于 6502 处理器的 BASIC 1.1 解释器
该版本支持完整 BASIC 语法,包含浮点运算、字符串与数组处理、动态内存管理等,可以跨平台运行。
支持的平台:
- Apple II
- Commodore PET
- Ohio Scientific (OSI)
- MOS Technology KIM-1
- PDP-10 Simulation
https://github.com/microsoft/BASIC-M6502
该版本支持完整 BASIC 语法,包含浮点运算、字符串与数组处理、动态内存管理等,可以跨平台运行。
支持的平台:
- Apple II
- Commodore PET
- Ohio Scientific (OSI)
- MOS Technology KIM-1
- PDP-10 Simulation
https://github.com/microsoft/BASIC-M6502
GitHub
GitHub - microsoft/BASIC-M6502: Microsoft BASIC for 6502 Microprocessor - Version 1.1
Microsoft BASIC for 6502 Microprocessor - Version 1.1 - microsoft/BASIC-M6502
😁3
咕 Billchen 咕 🐱 抹茶芭菲批发中心
丝之鸽开放购买了 但你steam正在被人力ddos中所以估计结不了账
如果有想玩的PC群友又有XGP订阅的话可以去Xbox下载
不受Steam爆炸影响
不受Steam爆炸影响