Rohan Timalsina

TuxCare

krb5, the MIT implementation of Kerberos, is a widely used protocol for network authentication. Recently, two critical vulnerabilities have been discovered in the GSS message token handling in krb5, which could allow attackers to bypass integrity protections or cause a denial of service (DoS). These vulnerabilities, identified as CVE-2024-37370 and ... Read More

Tomcat, a widely-used servlet and JSP engine, has recently undergone several security updates to address critical vulnerabilities. These vulnerabilities, if exploited, could lead to denial of service (DoS) attacks or arbitrary code execution, posing significant risks to affected systems. This article explores the specifics of these vulnerabilities, their potential consequences, ... Read More

Just like a strong foundation is vital for a building, a secure kernel is essential for a secure Linux system.  Live patching allows applying security patches to a running kernel without need for a reboot, significantly reducing downtime for critical systems. Unpatched kernels can leave your systems exposed to known ... Read More

In October 2023, Google announced the launch of kvmCTF, a new vulnerability reward program (VRP) designed to improve the security of the Kernel-based Virtual Machine (KVM) hypervisor. This innovative program comes with bounties of up to $250,000 for full VM escape exploits, marking a significant step in fortifying virtual machine ... Read More

A significant remote code execution (RCE) vulnerability was identified in the Ghostscript library, a widely used tool on Linux systems. This vulnerability, tracked as CVE-2024-29510, is currently being exploited in attacks, posing a severe risk to numerous applications and services. Ghostscript is a powerful and versatile tool used for processing ... Read More

Linux, the open-source operating system renowned for its stability, security, and customizability, is a major force in cloud computing. Many cloud services are built on Linux, making them naturally compatible with existing Linux systems. Automate Linux kernel patching with TuxCare’s KernelCare Enterprise without downtime. Imagine you’re a web developer working ... Read More

Two vulnerabilities were discovered in openvpn, a virtual private network software which could keep the closing session active or result in denial of service. Canonical released security updates to address these vulnerabilities in affected Ubuntu releases. These include Ubuntu 24.04 LTS, Ubuntu 23.10, Ubuntu 22.04 LTS, and Ubuntu 20.04 LTS ... Read More

Linus Torvalds announced the release of Linux kernel 6.10 on July 14th, 2024, marking it as the latest stable kernel branch. This release brings an array of new features and improvements that enhance both functionality and hardware support. Here, we will explore the security features and changes introduced in this ... Read More

Linus Torvalds, a Finnish computer science student, started Linux as a hobby project in 1991. Linux now powers the world’s top supercomputers, cloud infrastructure, and even forms the foundation for Android, the leading mobile OS. In the server space, Linux has become dominant, powering an estimated 96% of the world’s ... Read More

Several security vulnerabilities were discovered in Apache HTTP server, which could lead to denial of service or exposure of sensitive information. Fortunately, they have been addressed in the new version and upgrading Apache HTTP server package is strongly recommended. Canonical has also released security updates to address these vulnerabilities across ... Read More