Hírolvasó

Közel egy évtizeden át hagyta sebezhetően a CocoaPods-on tárolt könyvtárakat használó appokat egy fel nem fedett sérülékenység.

A díjkorrekció tavalyi bevezetése láthatóan nem érte el teljes mértékben azt az eredményt, amit a szolgáltatók vártak tőle.

A videómegosztó 48 órát ad a készítőknek arra, hogy reagáljanak az esetleges panaszokra.

While the end of support for CentOS 7, which happened on June 30, is significant, it is also worth taking a moment to reflect on the end of Scientific Linux 7, which has also just occurred. Scientific Linux was once a popular RHEL rebuild supported by Fermilab, CERN, DESY, and ETH Zurich. Development of Scientific Linux stopped with SL7, with the labs switching to CentOS thereafter, but the SL7 release was supported through to the bitter end. Thanks are due to all who built and supported Scientific Linux; you provided a useful and stable platform for many years.

On May 7, Kees Cook sent a proposal to the linux-kernel mailing list, asking for the kernel developers to start working on a way to mitigate unintentional arithmetic overflow, which has been a source of many bugs. This is not the first time Cook has made a request along these lines; he sent a related patch set in January 2024. Several core developers objected to the plan for different reasons. After receiving their feedback, Cook modified his approach to tackle the problem in a series of smaller steps.

Security updates have been issued by Debian (dcmtk, edk2, emacs, glibc, gunicorn, libmojolicious-perl, openssh, org-mode, pdns-recursor, tryton-client, and tryton-server), Fedora (freeipa, kitty, libreswan, mingw-gstreamer1, mingw-gstreamer1-plugins-bad-free, mingw-gstreamer1-plugins-base, mingw-gstreamer1-plugins-good, mingw-poppler, and mingw-python-urllib3), Gentoo (cpio, cryptography, GNU Emacs, Org Mode, GStreamer, GStreamer Plugins, Liferea, Pixman, SDL_ttf, SSSD, and Zsh), Oracle (pki-core), Red Hat (httpd:2.4, libreswan, and pki-core), SUSE (glib2 and kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-t), and Ubuntu (espeak-ng, libcdio, and openssh).

OpenSSH 9.8 has been released, fixing an ugly vulnerability:

Successful exploitation has been demonstrated on 32-bit Linux/glibc systems with ASLR. Under lab conditions, the attack requires on average 6-8 hours of continuous connections up to the maximum the server will accept. Exploitation on 64-bit systems is believed to be possible but has not been demonstrated at this time. It's likely that these attacks will be improved upon.

Exploitation on non-glibc systems is conceivable but has not been examined.

There is a configuration workaround for systems that cannot be updated, though it has its own problems. See this Qualys advisory for more details.

Belehúztak a bankok a hétvégén, a legtöbb kárt már sikerült rendezni.

A 0patch platformján keresztül legalább 2030-ig kap biztonsági javításokat a Windows 10.

Már közel egymilliárd aktív felhasználót számlál a HarmonyOS.

In a fediverse post, Damien Miller (djm@) announced the availability of the new OpenSSH version 9.8: OpenSSH 9.8 has just been released. This release includes a fix for a critical race condition in sshd that could be exploited for remote code execution so you should definitely patch or upgrade. It also contains a fix for a minor issue in ssh that saw the recently-added ObscureKeystrokeTiming feature work the opposite way as intended.

There are some new features too. Please see the release notes at https://openssh.com/releasenotes.html for more details

Jönnek az első fájdalmasabb csapások a DMA-érában.

Több vizsgálatot is útnak indít Margrethe Vestager.

Friends, dhclient(8) in OpenBSD is no more, at least for those of us running -current.

For some of us it is basically in muscle memory to type doas dhclient $wifiinterface when visiting somewhere, but from this day forward we will rely on dhcpleased(8) to do its job, which in my own experience does admirably.

In this commit, Theo de Raadt (deraadt@), executed the removal.

The commit message reads,

List: openbsd-cvs Subject: CVS: cvs.openbsd.org: src From: Theo de Raadt <deraadt () cvs ! openbsd ! org> Date: 2024-06-30 17:30:54 CVSROOT: /cvs Module name: src Changes by: deraadt@cvs.openbsd.org 2024/06/30 11:30:54 Modified files: distrib/sets/lists/base: mi distrib/sets/lists/man: mi etc : Makefile sbin : Makefile Removed files: etc/examples : dhclient.conf sbin/dhclient : Makefile bpf.c clparse.c conflex.c dhclient.8 dhclient.c dhclient.conf.5 dhclient.leases.5 dhcp.h dhcpd.h dhctoken.h dispatch.c kroute.c log.c log.h options.c packet.c parse.c privsep.c privsep.h

Read more…

Linus has released 6.10-rc6 for testing. "This release continues to be fairly calm, and rc6 looks pretty small. It's also entirely just random small fixes spread all over, with no bigger pattern."

EndeavourOS is a rolling release Linux distribution based on Arch Linux. The project aims to be a spiritual successor to Antergos - providing an easy setup and pre-configured desktop environment on an Arch base. EndeavourOS offers both off-line and on-line install options. The off-line installer, Calamares, uses the Xfce desktop by default. The on-line installer can install optional software components, including most popular desktop environments.

Debian Edu/Skolelinux is the Debian-edu's Debian Pure Blend distribution. It is aiming to provide an out-of-the-box localised environment tailored for schools and universities. The out-of-the-box environment comes with 75 applications aimed at schools, as well as 17 network services pre-configured for a school environment. The simple, three-question installation requires minimal technical knowledge. Skolelinux is Debian, which means, among other things, that there are no license costs or worries, and that upgrade and maintenance of the software can be done over the Internet with the power of Debian's apt-get. The core goals of Skolelinux are localisation and ease of system administration.

Patrick McEvoy aka BSDTV writes in,

We are releasing an initial playlist of 28 BSDCan Videos.

The OpenBSD focused: Why rewrite fw_update(8)? By: Andrew Hewus Fresh

We have 6 videos in need of additional work and expect them to be released in the coming month. We will also release to Peertube. I will update this post accordingly. We now know how quite a few of us will spend the next few hours and possibly days, while we eagerly await the arrival of the final six.

The Debian Project is an association of individuals who have made common cause to create a free operating system. This operating system is called Debian. Debian systems currently use the Linux kernel. Linux is a completely free piece of software started by Linus Torvalds and supported by thousands of programmers worldwide. Of course, the thing that people want is application software: programs to help them get what they want to do done, from editing documents to running a business to playing games to writing more software. Debian comes with over 50,000 packages (precompiled software that is bundled up in a nice format for easy installation on your machine) - all of it free. It's a bit like a tower. At the base is the kernel. On top of that are all the basic tools. Next is all the software that you run on the computer. At the top of the tower is Debian -- carefully organizing and fitting everything so it all works together.