#osssecurity — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #osssecurity, aggregated by home.social.
-
Forgot your root password? No problem! With #PackageKit <= 1.3.4 you can do all the fun root action on any Linux system you have local access to, no privileges required!
Don't like that? Then PLEASE UPDATE your system ASAP to PackageKit >= 1.3.5 or any fixed distro package. Fixes for this vulnerability should already be available everywhere since today.
You can read more about CVE-2026-41651 on the security researcher's blog:
https://github.security.telekom.com/2026/04/pack2theroot-linux-local-privilege-escalation.html -
Forgot your root password? No problem! With #PackageKit <= 1.3.4 you can do all the fun root action on any Linux system you have local access to, no privileges required!
Don't like that? Then PLEASE UPDATE your system ASAP to PackageKit >= 1.3.5 or any fixed distro package. Fixes for this vulnerability should already be available everywhere since today.
You can read more about CVE-2026-41651 on the security researcher's blog:
https://github.security.telekom.com/2026/04/pack2theroot-linux-local-privilege-escalation.html -
Forgot your root password? No problem! With #PackageKit <= 1.3.4 you can do all the fun root action on any Linux system you have local access to, no privileges required!
Don't like that? Then PLEASE UPDATE your system ASAP to PackageKit >= 1.3.5 or any fixed distro package. Fixes for this vulnerability should already be available everywhere since today.
You can read more about CVE-2026-41651 on the security researcher's blog:
https://github.security.telekom.com/2026/04/pack2theroot-linux-local-privilege-escalation.html -
Forgot your root password? No problem! With #PackageKit <= 1.3.4 you can do all the fun root action on any Linux system you have local access to, no privileges required!
Don't like that? Then PLEASE UPDATE your system ASAP to PackageKit >= 1.3.5 or any fixed distro package. Fixes for this vulnerability should already be available everywhere since today.
You can read more about CVE-2026-41651 on the security researcher's blog:
https://github.security.telekom.com/2026/04/pack2theroot-linux-local-privilege-escalation.html -
Forgot your root password? No problem! With #PackageKit <= 1.3.4 you can do all the fun root action on any Linux system you have local access to, no privileges required!
Don't like that? Then PLEASE UPDATE your system ASAP to PackageKit >= 1.3.5 or any fixed distro package. Fixes for this vulnerability should already be available everywhere since today.
You can read more about CVE-2026-41651 on the security researcher's blog:
https://github.security.telekom.com/2026/04/pack2theroot-linux-local-privilege-escalation.html -
🌟 New OpenSSF Project Spotlight 💃
In this interview, SLSA Steering Committee member Tom Hennen (Google) breaks down how SLSA is helping organizations strengthen trust across the software supply chain.
Watch the full Project Spotlight:
🔗 https://www.youtube.com/watch?v=gdYlSuH5Srs -
🧰 #SBOMs are the foundation of understanding your software supply chain, but picking the right tool can be tricky. In a new blog post, Nathan walks through key SBOM generation tools—from single-language options to multi-language solutions like cdxgen, syft, and tern.
Read the guest blog: https://openssf.org/blog/2025/06/05/choosing-an-sbom-generation-tool/
-
💬 Ryan Waite from Microsoft delivers a keynote on "Improving #OSSSecurity Through Collaboration." He discusses Microsoft's collaborative efforts with the OpenSSF community such as S2C2F and future work in software supply chain management. #OSSSummit
-
📖 Join David and Bart from Python Hardening Working Group as they present a demo on the Python Secure Coding Guide. Discover this valuable resource and learn how to get involved with the SIG! ✨