Patch Management Archives - TuxCare

Google Release Chrome Update to Fix New Zero-day Flaw

Google has released an emergency patch to fix a zero-day vulnerability exploited in the wild. Tracked as CVE-2022-3075, the zero-day flaw was discovered and reported on August 30, 2022 by an anonymous researcher.

The flaw is an insufficient data validation in Mojo. This refers to a collection of runtime libraries that provide a platform-agnostic mechanism for inter-process communication (IPC).

Google admitted that it “is aware of reports that an exploit for CVE-2022-3075 exists in the wild.” The tech giant however failed to provide additional specifics on the nature of the attacks that can help users prevent additional threat actors from exploiting the flaw.

Google ask users to upgrade to version 105.0.5195.102 for Windows, macOS, and Linux to mitigate imminent threats. Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are advised to apply fixes as soon as they are available.

The update makes it the sixth zero-day vulnerability in Chrome that Google has patched since the start of the year. The other five flaws include CVE-2022-0609, CVE-2022-1096, CVE-2022-1096, CVE-2022-1364, CVE-2022-2294, CVE-2022-2856.

CVE-2022-0609 is as user-after-free vulnerability in the Animation component that if successfully exploited could lead to corruption of valid data and the execution of arbitrary code on affected systems.
CVE-2022-1096 is a zero-day flaw described as a type of confusion vulnerability in the V8 JavaScript engine.

CVE-2022-1364 is similar to CVE-2022-1096 since it is also a type confusion flaw in the V8 JavaScript engine.

CVE-2022-2294 is a heap overflow flaw in the WebRTC component that provides real-time audio and video communication capabilities in browsers without the need to install plugins or download native apps.

CVE-2022-2856 is a case of insufficient validation of untrusted input in Intents.

The sources for this piece include an article in TheHackerNews.

Does Live Patching Slow Systems Down?

If you’re a systems administrator responsible for thousands of servers, even a small slowdown can cause serious technical problems for your enterprise, and cost it a lot of money as well. Does live kernel patching cause them, or help solve them? Read below to find out. Continue reading “Does Live Patching Slow Systems Down?”

8 Tools to Keep Linux Servers Secure

8 Tools to Keep Linux Servers SecureKeeping Linux servers updated and patched isn’t the job of just one tool. You need several tools to ensure your servers are configured properly and aren’t a target for the latest exploits. Checking one server could be done manually, but when you’re responsible for hundreds of critical servers, you need tools to audit current server functionality, update software, set configurations, and perform any other actions required during maintenance. The following list of tools is a breakdown of the best software that will help administrators be proactive in Linux server management, configuration management, updates and patching.

 

Continue reading “8 Tools to Keep Linux Servers Secure”

The Ultimate Guide to Linux Patch Management

Administrators responsible for patching Linux know that it’s practically a full-time job in a large enterprise environment. To patch just one system, the administrator must identify that a patch is available, download it, and then deploy it to the system. In an enterprise environment, there could be hundreds of servers to manage, so the job of patch management becomes an all-day responsibility with the added risk of reboot fails after installation. Instead of manual updates, administrators can free up time and organize patches using automation tools.

Continue reading “The Ultimate Guide to Linux Patch Management”

Resources

State of Enterprise Linux Cybersecurity ... Read More State of Enterprise Linux Cybersecurity ...
Dangerous remotely exploitable vulnerability ... Read More Dangerous remotely exploitable vulnerability ...
Securing confidential research data ... Read More Securing confidential research data ...
State of Enterprise Vulnerability Detection ... Read More State of Enterprise Vulnerability Detection ...
Demand for Rapid Risk Elimination for ... Read More Demand for Rapid Risk Elimination for ...
TuxCare Free Raspberry Pi Patching Read More TuxCare Free Raspberry Pi Patching