Latest security news

sudo apt install linux-firmware

sudo service fwupd start

sudo fwupdmgr refresh

sudo fwupdmgr update

1 Like

Trying on the old HP Pavilion G4:

sudo fwupdmgr refresh

WARNING: UEFI firmware can not be updated in legacy BIOS mode
  See for more information.
Firmware metadata last refresh: 16 hours ago. Use --force to refresh again.

I read the link, but I'm not sure what to do. Just ignore it? ("This warning can be ignored if UEFI firmware updates are not desired.") I don't know how entwined (or not) are firmware, UEFI and microcode.

Update 14 Aug '23:

apt list -u                                                                                    ─╯
Listing... Done
intel-microcode/focal-updates,focal-security 3.20230808.0ubuntu0.20.04.1 amd64 [upgradable from: 3.20230214.0ubuntu0.20.04.1]


sudo apt update && apt list -u

to ensure intel-microcode upgrade is available on your regional server. If so, run

sudo apt upgrade

If not, please try again after a day or so.

1 Like

I have just used Software Updater.
FYI, OS Updates listed for installation were Intel microcode update and new kernel 5.15.0-70


Good to hear it's included in the latest Zorin Update. Unfortunately, the latest update killed my wifi (no longer detected).

31 Aug 2023

Please be sure to run your updates. Included in this recent batch is:
Changes for libelf1 versions:
Installed version: 0.176-1.1build1
Available version: 0.176-1.1ubuntu0.1

Version 0.176-1.1ubuntu0.1:

  • SECURITY UPDATE: infinite loop via a crafted file
    • debian/patches/CVE-2021-33294.patch: fix bounds checks and replace
      asserts with errors in src/readelf.c.
    • CVE-2021-33294
  • SECURITY UPDATE: heap-based buffer overwrite and reachable assertion
    • debian/patches/CVE-2020-21047.patch: fix bounds checks and replace
      asserts with errors in libcpu/i386_data.h and libcpu/i386_disasm.c.
    • CVE-2020-21047

Changes for amd64-microcode versions:
Installed version: 3.20191218.1ubuntu1.1
Available version: 3.20191218.1ubuntu1.2

Version 3.20191218.1ubuntu1.2:

  • SECURITY UPDATE: INCEPTION - information leak via speculative execution
    • amd-ucode/microcode_amd_fam19h.bin{.asc}: add AMD fam19h cpu
      microcode and signature for Inception vulnerability
    • New microcodes:
  Family=0x19 Model=0x01 Stepping=0x00: Patch=0x0a001079 Length=5568 bytes
  Family=0x19 Model=0x01 Stepping=0x01: Patch=0x0a0011d1 Length=5568 bytes
  Family=0x19 Model=0x01 Stepping=0x02: Patch=0x0a001234 Length=5568 bytes
  Family=0x19 Model=0x11 Stepping=0x01: Patch=0x0a10113e Length=5568 bytes
  Family=0x19 Model=0x11 Stepping=0x02: Patch=0x0a10123e Length=5568 bytes
  Family=0x19 Model=0xa0 Stepping=0x01: Patch=0x0aa00116 Length=5568 bytes
  Family=0x19 Model=0xa0 Stepping=0x02: Patch=0x0aa00212 Length=5568 bytes


Tagging @Bourne since you have raised questions in regards to some of this in previous posts.


This item and link re Free Download Manager malware turned up in another thread.
Some of the Comments to the linked article are interesting i.e. be wary where you download .deb's from and verify file checksums for downloads from reliable sources. Does Clamav come with Zorin OS Core by default? - #8 by Thunder


I just clicked on the hyperlink of the first hash and this was the result:

And it lists it as arch, not deb!

Some thoughts on this piece of news:

Is this a question or a statement to elicit response?

Just a statement. I wanted to keep my answer here it short, similar to others in the thread, as this article was mentioned elsewhere with some extra context.

So this days everything is atacked windows,linux and macos for some trojans,backdoors etc.

I started to read this and have been aware of glib.c issues in the past that were fixed. I couldn't see any reference as to whether this was a local attack (which means someone who has either access to the machine or on the same network), or more importantly whether the code could be executed remotely. A lot of security issues in the past have been concerned with local attacks, not remote ones. It would have been better if the research had stated what vectors enable the execution of the security breach. If someone is sat outside your house with two notebooks open you would know that they are probably trying to snarf your network!

@swarfendor437, the link title states its local (or at least the url):

Just found this item re Gnome.


I read with interest the second article about JavaScript. Time to switch to IceCat methinks! In terms of the cue for searching for files, I think this is off by default in Zorin (Settings) which I described in the Unofficial Manual for Zorin 15 but correct me if I am wrong. (Page 49 - Search in Settings).

Oauth fumbles yet again with more security holes:


1 Like