Hírolvasó

Security updates for Wednesday

2 év 4 hónap óta
Security updates have been issued by Debian (ghostscript and openimageio), Fedora (kernel, rubygem-actioncable, rubygem-actionmailbox, rubygem-actionmailer, rubygem-actionpack, rubygem-actiontext, rubygem-actionview, rubygem-activejob, rubygem-activemodel, rubygem-activerecord, rubygem-activestorage, rubygem-activesupport, rubygem-rails, and rubygem-railties), Oracle (gnutls, httpd, kernel, nodejs:16, nodejs:18, pesign, postgresql:13, tigervnc, and tigervnc, xorg-x11-server), Red Hat (gnutls, httpd, httpd:2.4, kernel, kpatch-patch, pcs, pesign, postgresql:13, tigervnc, and tigervnc, xorg-x11-server), Scientific Linux (httpd and tigervnc, xorg-x11-server), SUSE (aws-efs-utils.11048, libheif, liblouis, openssl, python-cryptography, python-Werkzeug, skopeo, tomcat, and wireshark), and Ubuntu (imagemagick, ipmitool, and node-trim-newlines).
corbet

Rossz adatkezelési gyakorlata miatt kapott újabb bírságot a TikTok

2 év 4 hónap óta

Az Egyesült Királyság Adatvédelmi Hatósága (ICO) 12,7 millió GBP pénzbírságot szabott ki a TikTokra, mert nem ellenőrizte és akadályozta meg a 13 évnél fiatalabb felhasználók regisztrációját platformján. A brit közlemény szerint 2020-ban több mint egymillió 13 évnél fiatalabb gyermek vette igénybe a TikTok szolgáltatásait és adta meg a platformon személyes adatait szülői hozzájárulás nélkül. John […]

The post Rossz adatkezelési gyakorlata miatt kapott újabb bírságot a TikTok first appeared on Nemzeti Kibervédelmi Intézet.

NKI

[$] Mobian: bringing Debian to mobile devices

2 év 4 hónap óta
Mobian is a project that aims to bring the Debian distribution to mobile devices such as smartphones and tablets. By building on the flexibility, stability, and community-driven development of Debian, Mobian aspires to create a powerful and user-friendly alternative to existing mobile operating systems. The project is actively working on reducing the delta between Mobian and Debian, and its ultimate goal is to be absorbed back into its parent distribution and to make it easy to run Debian on mobile devices.
jake

The 2023 Debian Project Leader election

2 év 4 hónap óta
The first call for votes for the 2023 Debian Project Leader election has gone out. The campaigning was easy to miss this year, for one simple reason: the current incumbent, Jonathan Carter, is running unopposed for another term. That suggests that turnout will be low this time but, as several developers have pointed out, there is still value in voting; it clarifies whether Carter still has the support of the project.
corbet

Security updates for Tuesday

2 év 4 hónap óta
Security updates have been issued by Fedora (openbgpd and seamonkey), Red Hat (httpd:2.4, kernel, kernel-rt, and pesign), SUSE (compat-openssl098, dpdk, drbd, ImageMagick, nextcloud, openssl, openssl-1_1, openssl-3, openssl1, oracleasm, pgadmin4, terraform-provider-helm, and yaml-cpp), and Ubuntu (haproxy, ldb, samba, and vim).
corbet

Linux Plumbers Conference: CFP Open – Refereed Track Presentations

2 év 4 hónap óta

The Call for Refereed Presentation Proposals for the 2023 edition of the Linux Plumbers Conference (LPC) is now open. We plan to hold LPC in Richmond Virginia on November 13-15, 2023.

Submitters should ideally be able to give their presentation in person, although presenting remotely will be possible if necessary. Expectation is that the presentation will be done live in either case, to maximize audience interaction. Please see our website or social media for regular updates.

Refereed Presentations are 45 minutes in length and should focus on a specific aspect of the “plumbing” in a Linux system. Examples of Linux plumbing include core kernel subsystems, init systems, core libraries, windowing systems, management tools, device support, media creation/playback, and so on. The best presentations are not about finished work, but rather problem statements, proposals, or proof-of-concept solutions that require face-to-face discussions and debate.
The Refereed Presentations track will be running throughout all three days of the conference.

Linux Plumbers Conference Program Committee members will be reviewing all submitted proposals. High-quality submissions that cannot be accepted due to the limited number of slots will be forwarded to organizers of suitable Linux Plumbers Microconferences for further consideration.
Submissions are due on or before 11:59PM UTC on Sunday, August 6, 2023.

A LockBit az ellopott adatok közzétételével fenyegeti a dél-koreai adóhatóságot

2 év 4 hónap óta

A LockBit zsarolóvírus-hackercsoport 2023. március 29-én bejelentette, hogy sikeresen feltörte a dél-koreai Nemzeti Adószolgáltató (South Korean National Tax Service – NTS) rendszerét, és amennyiben nem fizetnek váltságdíjat, 2023. április 1-én nyilvánosságra hozzák az ellopott adatokat. A LockBit által – a váltságdíj befizetésére – meghatározott határidő lejárt, és a fenyegetési szereplők be is jelentették, hogy közzéteszik […]

The post A LockBit az ellopott adatok közzétételével fenyegeti a dél-koreai adóhatóságot first appeared on Nemzeti Kibervédelmi Intézet.

NKI

[$] User trace events, one year later

2 év 4 hónap óta
The kernel has a well-developed mechanism for the control of tracing of events in kernel space. Developers often want to be able to trace user-space activity as well, using the same interfaces, but that mode is rather less well supported. One year ago, an attempt to add an API for the control of user-space trace events ran into trouble and has never been fully enabled. Now, Beau Belgrave is back with a reworked API that may finally result in this mechanism becoming generally available.
corbet

Security updates for Monday

2 év 4 hónap óta
Security updates have been issued by Debian (duktape, firmware-nonfree, intel-microcode, svgpp, and systemd), Fedora (amanda, dino, flatpak, golang, libldb, netconsd, samba, tigervnc, and vim), Red Hat (nodejs:14), Slackware (ruby and seamonkey), SUSE (drbd, flatpak, glibc, grub2, ImageMagick, kernel, runc, thunderbird, and xwayland), and Ubuntu (amanda).
jake

KKV-k kiberbiztonsági érettségének felméréséhez biztosít új eszközt az ENISA

2 év 4 hónap óta

Az ENISA új kiberbiztonsági érettségi-szint értékelő eszközének célja, hogy segítséget nyújtson a kis-és középvállalkozások (KKV-k) számára az őket érintő kiberbiztonsági kockázatok meghatározásában, a kibertérből érkező fenyegetettségek megértésében. Az EU kiberügynöksége ezzel is növelné a kiberbiztonsági tudatossági szintet az európai vállalkozói szektorban, valamint a tagállamok, illetve a KKV-k közötti szorosabb együttműködést.

The post KKV-k kiberbiztonsági érettségének felméréséhez biztosít új eszközt az ENISA first appeared on Nemzeti Kibervédelmi Intézet.

NKI

Kémprogramokkal szemben sérülékeny mobileszközök javítására sürget a CISA

2 év 4 hónap óta

Az Egyesült Államok Kiberbiztonsági és Infrastruktúra-biztonsági Ügynöksége (CISA) arra szólítja fel a szövetségi ügynökségeket (FCEB), hogy javítsák azokat a zero-day sérülékenységeket, amely más sebezhetőségekkel együtt, ún. sérülékenység kihasználási lánc részeként felhasználva, lehetővé teszik kereskedelmi kémprogramok mobileszközökre történő telepítését.

The post Kémprogramokkal szemben sérülékeny mobileszközök javítására sürget a CISA first appeared on Nemzeti Kibervédelmi Intézet.

NKI

Kernel prepatch 6.3-rc5

2 év 4 hónap óta
The 6.3-rc5 kernel prepatch is out for testing. "This release continues to appear very normal and boring, which is just how I like it. The commit count says that we've started calming down right on schedule, and the diffstat looks normal too."
corbet

Linux Plumbers Conference: CFP Open – Refereed Track Presentations

2 év 4 hónap óta

The Call for Refereed Presentation Proposals for the 2023 edition of the Linux Plumbers Conference (LPC) is now open. We plan to hold LPC in Richmond Virginia on November 13-15, 2023.

Submitters should ideally be able to give their presentation in person, although presenting remotely will be possible if necessary. Expectation is that the presentation will be done live in either case, to maximize audience interaction. Please see our website or social media for regular updates.

Refereed Presentations are 45 minutes in length and should focus on a specific aspect of the “plumbing” in a Linux system. Examples of Linux plumbing include core kernel subsystems, init systems, core libraries, windowing systems, management tools, device support, media creation/playback, and so on. The best presentations are not about finished work, but rather problem statements, proposals, or proof-of-concept solutions that require face-to-face discussions and debate.
The Refereed Presentations track will be running throughout all three days of the conference.

Linux Plumbers Conference Program Committee members will be reviewing all submitted proposals. High-quality submissions that cannot be accepted due to the limited number of slots will be forwarded to organizers of suitable Linux Plumbers Microconferences for further consideration.
Submissions are due on or before 11:59PM UTC on Sunday, August 6, 2023.

A quarter century of Mozilla

2 év 4 hónap óta
The Mozilla project celebrates 25 years of existence.

A lot has changed since 1998. Mozilla is no longer just a bold idea. We’re a family of organizations — a nonprofit, a public benefit-corporation, and others — that builds products, fuels movements, and invests in responsible tech.

And we’re no longer a small group of engineers in Netscape’s Mountain View office. We’re technologists, researchers, and activists located around the globe — not to mention tens of thousands of volunteers.

But if a Mozillian from 1998 stepped into a Mozilla office (or joined a Mozilla video call) in 2023, I think they’d quickly feel something recognizable. A familiar spirit, and a familiar set of values.

corbet

[$] An operation for filesystem tucking

2 év 4 hónap óta
As a general rule, the purpose behind mounting a filesystem is to make that filesystem's contents visible to the system, or at least to the mount namespace where that mount occurs. For similar reasons, it is unusual to mount one filesystem on top of another, since that would cause the contents of the over-mounted filesystem to be hidden. There are exceptions to everything, though, and that extends to mounted filesystems; a "tucking" mechanism proposed by Christian Brauner is designed to hide mounted filesystems underneath other mounts — temporarily, at least.
corbet

Security updates for Friday

2 év 4 hónap óta
Security updates have been issued by Debian (joblib, json-smart, libmicrohttpd, and xrdp), Fedora (thunderbird and xorg-x11-server-Xwayland), Mageia (dino, perl-Cpanel-JSON-XS, perl-Net-Server, snort, tigervnc/x11-server, and xapian), SUSE (curl, kernel, openssl-1_0_0, and shim), and Ubuntu (glusterfs, linux-gcp-4.15, musl, and xcftools).
jake

X.org vulnerability and releases

2 év 4 hónap óta
The X.Org project has announced a vulnerability in its X server and Xwayland (CVE-2023-1393). This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.

[...] If a client explicitly destroys the compositor overlay window (aka COW), the Xserver would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-after-free later.

That has led to the release of xorg-server 21.1.8, xwayland 22.1.9, and xwayland 23.1.1.

jake