Fresh curl tomorrow will patch 'worst' security flaw in ages | TheRegister ( www.theregister.com )
“Curl 8.4.0 will hit at around 0600 UTC (0800 CEST, 0700 BST, 0200 EST, 2300 PDT) on October 11 and deal with CVE-2023-38545, which affects both libcurl and the curl tool, and CVE-2023-38546, which only affects libcurl…”
![](https://kbin.pithyphrase.net/media/cache/resolve/entry_thumb/ca/13/ca13224799dc9a0226eb9556462567ccdb81f7283ae8db1ddbc56b456453df6a.jpg)
CVE-2023-4911: Looney Tunables - Local Privilege Escalation in the glibc’s ld.so | Qualys Security Blog ( blog.qualys.com )
![](https://kbin.pithyphrase.net/media/cache/resolve/entry_thumb/0b/40/0b402cfaa98ea39b3346e293ee7db339b77d17cd184754ce7c653233d1bbee66.jpg)
Critical vulnerabilities in Exim threaten over 250k email servers worldwide ( arstechnica.com )
“Remote code execution requiring no authentication fixed. 2 other RCEs remain unpatched…”
![](https://kbin.pithyphrase.net/media/cache/resolve/entry_thumb/cc/bb/ccbb5b42f13f4a19228cda5531bb48eee3f4c536b43960f0ce054cd39febef30.jpg)
Temporary suspension of automatic snap registration following security incident ( forum.snapcraft.io )
“On September 28, 2023, the Snap Store team was notified of a potential security incident. A number of snap users reported several recently published and potentially malicious snaps…”
CVE-2023-38408: REMOTE CODE EXECUTION IN OPENSSH'S FORWARDED SSH-AGENT ( www.qualys.com )
YSK about Wargames ( overthewire.org )
Like choose your-own-ending novels and BASH? What would you do if you suddenly had ssh access to someone else’s server? This is a really fun corner of the net. Excellent resource/trainer/time-waster. When I talk to people from the DIY linux/selfhosting/FOSS communities, many folks haven’t heard of it....