Hírolvasó

Systemd 253 has been released. As always, the list of changes is extensive. Support for version-1 control groups and separate /usr systems is going away later this year. There is a new tool for working with unified kernel images, a number of new unit-file options have been added, and much more; click below for the full list.

When LWN looked at the composefs filesystem in December, we reported that there had been "little response" to the patches. That is no longer the case. Whether composefs (or something like it) should be merged has become the subject of an extended debate; at its core, the discussion is over just how Linux should support certain types of container workloads.

Security updates have been issued by Debian (firefox-esr), Fedora (community-mysql, edk2, firefox, and git), Slackware (curl and git), SUSE (apache2-mod_security2, aws-efs-utils, bind, curl, git, ImageMagick, java-11-openjdk, java-17-openjdk, java-1_8_0-openjdk, kernel, libksba, and mozilla-nss), and Ubuntu (golang-golang-x-text, golang-x-text, linux-aws, linux-aws-5.15, linux-azure-fde, linux-gcp, linux-gcp-5.15, linux-intel-iotg, linux-aws-5.4, linux-gcp, linux-gcp-5.4, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-oracle-5.4, linux-gke, linux-gke-5.15, nss, and xorg-server, xorg-server-hwe-16.04).

A Google kedden bejelentette, hogy hivatalosan is elérhetővé teszi az Android Privacy Sandbox béta verzióját az Android 13 rendszert futtató mobileszközökön.

The post Egyes androidos eszközökön tesztelhető a Privacy Sandbox first appeared on Nemzeti Kibervédelmi Intézet.

The LWN.net Weekly Edition for February 16, 2023 is available.

From the moon landing to the James Webb Space Telescope and many other scientific missions, software is critical for the US National Aeronautics and Space Administration (NASA). Sharing information has also been in the DNA of the space agency from the beginning. As a result, NASA also contributes to and releases open-source software and open data. In a keynote at FOSDEM 2023, Science Data Officer Steve Crawford talked about NASA and open-source software, including the challenges NASA has faced in using open source and the agency's recent initiatives to lower barriers.

The 5.10.168 stable kernel update has finally emerged from the review process and been released; it contains yet another set of important fixes.

Jens Axboe has posted a detailed guide to improving the performance of networking applications with io_uring.

Network applications have been written with a readiness type of model for decades, most commonly using epoll(2) these days to get notified when a given socket has data available. While these applications can be adapted to io_uring by swapping epoll notifiers with io_uring notifiers, going down that path does not lead to an outcome that fully takes advantage of what io_uring offers. It’ll potentially provide a reduction of system calls compared to epoll, but will not be able to take advantage of some of the other features that io_uring offers. To do that, a change to the IO event loop must be done.

Canonical has announced the general availability of a realtime variant of its distribution.

Based on the 5.15 version of the Linux kernel, Ubuntu 22.04 LTS integrates the out-of-tree PREEMPT_RT patches for x86 and Arm architectures. The PREEMPT_RT patchset reduces the kernel latencies as required by the most exacting workloads, helping to ensure time-predictable task execution. Meeting stringent determinism requirements and upper-bounding execution time, Ubuntu with PREEMPT_RT makes the kernel more preemptive than mainline Linux.

Version 110.0 of the Firefox browser has been released. Significant new features include the ability to import bookmarks from the Opera and Vivaldi browsers and GPU sandboxing on Windows systems.

Security updates have been issued by Debian (gnutls28 and haproxy), Fedora (syslog-ng), Mageia (apr-util, chromium-browser-stable, editorconfig-core-c, ffmpeg, libzen, phpmyadmin, tpm2-tss, and webkit2), Oracle (kernel and kernel-container), Slackware (mozilla and php), SUSE (git, haproxy, kernel, nodejs18, phpMyAdmin, and timescaledb), and Ubuntu (APR-util, git, and haproxy).

Az OX Security februárban bejelentette az Open Software Supply Chain Attack Reference (OSC&R), az első és egyetlen nyílt keretrendszer bevezetését, amely a teljes ellátási lánc biztonságát veszélyeztető fenyegetések értékelésére és megértésére szolgál. A kezdeményezéshez többek között csatlakozott a Microsoft, a Google, a GitLab, a Check Point, az OWASP-, és a Fortinet jelenlegi és korábbi kiberbiztonsági vezetője is. […]

The post Kiberbiztonsági keretrendszer jelent meg az ellátási láncokból eredő kockázatokhoz first appeared on Nemzeti Kibervédelmi Intézet.

Many people, when they are installing a Linux distribution for a single purpose such as running containers, would prefer an install-and-forget type of deployment. At FOSDEM 2023 in Brussels, several projects of this minimal Linux distribution type were presented. Fedora CoreOS, Ubuntu Core, openSUSE MicroOS, and Bottlerocket OS all tackle this problem in their own way. The talks at FOSDEM gave an interesting overview of how these projects differ in their approaches.

The 6.1.12 and 5.15.94 stable kernel updates have been released, each with the usual set of important fixes. There is also a 5.10.168 release in the works, but it ran into some snags in the review process; it can be expected shortly.

Another set of updates, containing the mitigations for the just-disclosed cross-thread return-address prediction vulnerability (yet another Spectre variant that affects AMD processors), can be expected soon.

Security updates have been issued by Debian (imagemagick), Fedora (xml-security-c), Red Hat (grub2), SUSE (chromium, freerdp, libbpf, and python-setuptools), and Ubuntu (fig2dev and python-django).

Az Ausztrál Védelmi Minisztérium a múlt héten bejelentette, hogy a kormányzati épületekben országszerte le fogják cserélni a kínai Hikvision és Dahua cégek által gyártott biztonsági kamerákat. Az indoklás szerint a gyártók túlságosan szoros kapcsolatban állnak a kínai állammal, ezért elővigyázatosságól eltávolítják az eszközöket.

The post Ausztrália is száműzi a kínai biztonsági kamerákat a kormányzati épületekből first appeared on Nemzeti Kibervédelmi Intézet.

Informatikai támadás érte a Pepsi Bottling Ventures LLC-t, az Egyesült Államok legnagyobb Pepsi italok palackozó üzemét, amely során az elkövetők bizalmas adatokhoz szereztek hozzáférést egy információlopó kártevő segítségével. A Pepsi Bottling Ventures LLC felelős a Pepsi italok gyártásáért, értékesítéséért és forgalmazásáért. Összesen 18 palackozó üzemet működtetnek Észak-és Dél-Karolinában, Virginiában, Marylandben és Daleware-ben. A Montana állam […]

The post Adatszivárgás történt a Pepsinél first appeared on Nemzeti Kibervédelmi Intézet.

Az Apple zero-day sérülékenységet javított az iOS 16.3.1-es, az iPadOS 16.3.1-es és a macOS Ventura 13.2.1-es verzióiban. Javasolt a frissítések mielőbbi telepítése.

The post Vészhelyzeti frissítés érkezett az Apple eszközökhöz egy zero day sérülékenység miatt first appeared on Nemzeti Kibervédelmi Intézet.

Following a wide-ranging thread on misc@ with the subject Safely remove USB drive, Crystal Kolipe wrote an article about how OpenBSD handles removable media, centered around the eject(1) command, also known as mt(1).

The article leads in,

Does issuing an eject command to a USB flash drive make it spontaneously fly across the room?

Follow the link to Using /bin/eject with USB flash drives to read the whole thing.

Rob Turner writes in about a practical guide to running vxlan(4) over a WireGuard (wg(4)) connection.

Rob writes,

I struggled to find much more info than Reyk’s talk (https://www.youtube.com/watch?v=ufeEP_hzFN0) and the man pages so thought it would be useful to document.

So Rob wrote up an article which you can read here: VXLAN over WireGuard.