Hírolvasó

The 6.10.4, 6.6.45, and 6.1.104 stable kernel updates have been released; each contains another set of important updates as usual.

It is something of a DebConf tradition that members of the Debian Technical Committee (TC) take the stage to talk about the work that the committee does—and more. DebConf24 in Busan, South Korea was no exception, as TC chair Sean Whitton, who will complete his term at the end of the year, and one of its newest members, Stefano Rivera, described the constitutional underpinnings of the TC, how it tries to make decisions when it needs to, and the constant process of recruiting new members. After that, they took a few questions from the audience. The session provided a nice overview of the TC and its role in Debian, but it may well be of interest further afield.

The Canonical Kernel Team has announced a new policy regarding the version of the kernel that will ship with each Ubuntu release; the result will generally be the shipping of newer releases.

To provide users with the absolute latest in features and hardware support, Ubuntu will now ship the absolute latest available version of the upstream Linux kernel at the specified Ubuntu release freeze date, even if upstream is still in Release Candidate (RC) status.

The post goes on to acknowledge that "there are issues with this approach"; there are a lot of policy details that will apply depending on just how raw the shipped kernel is.

Sometimes, the smallest changes create the longest discussions. As a case in point, a proposal to make a one-line change in an informational text file on systems running the Debian unstable distribution has blown up into an interminable and sometimes unfriendly debate. At its core, though, this discussion comes down to a seemingly simple question: should a program be able to determine whether it is running on a Debian testing or unstable system?

Researchers from Graz University of Technology have published details of a new attack on the Linux kernel called SLUBStick. The attack uses timing information to turn an ability to trigger use-after-free or double-free bugs into the ability to overwrite page tables, and thence into the ability to read and write arbitrary areas of memory. The good news is that this attack does require an existing bug to be usable; the bad news is that the kernel regularly sees bugs of this kind.

We assume that an unprivileged user has code execution. Additionally, we consider the presence of a heap vulnerability in the Linux kernel. We assume that the Linux kernel incorporates all defense mechanisms available in version 6.4, the most recent Linux kernel version when we started our work. These mechanisms include features such as WˆX, KASLR, SMAP, and kCFI. We do not assume any microarchitectural vulnerabilities, e.g., transient execution, fault injection, or hardware side channels.

Security updates have been issued by AlmaLinux (httpd, kernel, kernel-rt, and libtiff), Debian (postgresql-13, postgresql-15, and thunderbird), Fedora (frr, thunderbird, vim, and xrdp), Gentoo (Librsvg, Nautilus, ncurses, Percona XtraBackup, QEMU, and re2c), Red Hat (httpd, kernel, kernel-rt, openssl, and python-setuptools), SUSE (bind, ffmpeg-4, kubernetes1.23, kubernetes1.24, python-Django, and python3-Twisted), and Ubuntu (linux, linux-aws, linux-aws-5.4, linux-gcp, linux-gcp-5.4, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-iot, linux-kvm, linux-raspi, linux-xilinx-zynqmp, linux, linux-aws, linux-gcp, linux-gcp-5.15, linux-gke, linux-gkeop, linux-intel-iotg, linux-intel-iotg-5.15, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux, linux-aws, linux-gcp, linux-gke, linux-ibm, linux-nvidia, linux-nvidia-6.8, linux-oem-6.8, linux-nvidia-lowlatency, linux-oracle, linux-oracle, linux-oracle-5.4, and salt).

Egyelőre nincs konkrét ügylet kilátásban, a cég felméri a lehetőségeket.

Leon Marchand emlékezetes úszását minden francia élőben nézte Párizs körzetében, függetlenül attól hogy éppen hol és kinek szurkolt.

A Microsoft felhőjén keresztül nyújt majd AI-szolgáltatásokat a Palantir az amerikai kormányzati szerveknek.

Már nehéz követni.

Megjelent az iskolai okostelefon-használat részszabályait tartalmazó kormányrendelet.

Tízéves lett a Skool, mely állja a válságot a mesterséges intelligenciára pedig remek lehetőségként tekint.

The Oligo Security blog discloses a web-browser vulnerability that has been named "0.0.0.0 day". In short, browsers will allow JavaScript code to open connections to the all-zeroes IPv4 address; the result is that any port that is open on the local host can be accessed by a remote site. "When services use localhost, they assume a constrained environment. This assumption, which can (as in the case of this vulnerability) be faulty, results in insecure server implementations."

Endless OS is a Linux distribution with a focus on improving access to educational tools by providing a simple-to-manage, full-featured desktop for educators and students — one that works offline, with minimal maintenance. The distribution also aims to be suitable for older devices, in order to promote access to computers by ensuring those systems remain usable. In pursuit of those goals, it makes some unusual technical choices. But what makes the distribution really shine is its curated collection of software and educational resources.

Security updates have been issued by AlmaLinux (freeradius and freeradius:3.0), Debian (chromium, odoo, and roundcube), Fedora (microcode_ctl, mingw-qt5-qtbase, mingw-qt6-qtbase, opentofu, orc, python-setuptools, and vim), Gentoo (Nokogiri), Oracle (kernel), Red Hat (go-toolset:rhel8, golang, kernel, krb5, libtiff, python-setuptools, and python39:3.9 and python39-devel:3.9), SUSE (python-Django), and Ubuntu (krb5).

A cég csaknem befejezte a mobilhálózat modernizációját.

Kéne egy kis pénz? Keress hibákat a Knox Vaultban!

Már többet visznek belőle vissza, ahányat megvesznek.

A tömegen belül különösen a külföldi ügyfelek kiszolgálása jelent kihívást.

Elérhetővá vált a Zoom Docs.