Hírolvasó

Security updates have been issued by Debian (ntfs-3g), Fedora (krb5 and samba), Gentoo (firefox-bin, ghostscript-gpl, pillow, sudo, sysstat, thunderbird-bin, and xterm), Red Hat (firefox, hsqldb, and thunderbird), SUSE (cni, cni-plugins, and krb5), and Ubuntu (isc-dhcp and sqlite3).

A kiberbűnözők minden évben kihasználják az online akciós időszakokat, hogy csaló ajánlatokkal próbáljanak megkárosítani bennünket. A Bitdefender Antispam Lab adtai alapján nincs ez másként idén sem.

The post A kiberbűnözők idén is (Black Friday) akcióba lendültek first appeared on Nemzeti Kibervédelmi Intézet.

Security updates have been issued by Debian (graphicsmagick and krb5), Fedora (dotnet6.0, js-jquery-ui, kubernetes, and xterm), Gentoo (php and postgresql), Mageia (php-pear-CAS, sysstat, varnish, vim, and x11-server), Red Hat (thunderbird), SUSE (389-ds, binutils, dpkg, firefox, frr, grub2, java-11-openjdk, java-17-openjdk, kernel, kubevirt stack, libpano, nodejs16, openjpeg, php7, php74, pixman, python-Twisted, python39, rubygem-loofah, sccache, sudo, thunderbird, tor, and tumbler), and Ubuntu (flac, git, linux-azure-fde, linux-gke, linux-gkeop, linux-raspi-5.4, linux-gcp, linux-gcp-4.15, and linux-gcp-5.15, linux-gke-5.15, linux-intel-iotg, linux-raspi).

ProxyNotShell kihasználási kód (proof-of-concept) került nyilvánosságra. Biztonsági hibajavítás a 2022. novemberi MS „patch kedd”  részeként elérhető, javasolt a hiabjavítás mielőbbi telepítése!

The post Eggyel több ok sürgősen telepíteni a ProxyNotShell javítást first appeared on Nemzeti Kibervédelmi Intézet.

The 6.1-rc6 kernel prepatch is out for testing.

I'm still waffling about whether there will be an rc8 or not, leaning a bit towards it happening. We'll see - it will make the 6.2 merge window leak into the holidays, but maybe that's fine and just makes people make sure they have everything lined up and ready *before* the merge window opens, the way things _should_ work.

In a recent message to the tech mailing list, Theo de Raadt (deraadt@) summarized the state of the new memory protections work. The thread also includes a followup from Otto Moerbeek (otto@) on consequent changes to the memory allocation mechanisms.

Theo writes,

From: "Theo de Raadt" <deraadt () openbsd ! org> Date: Fri, 18 Nov 2022 03:10:05 +0000 To: openbsd-tech Subject: More on mimmutable [LONG] I am getting close to having the big final step of mimmutable in the tree. Here's a refresher on the how it works, what's already done, and the next bit to land. DESCRIPTION The mimmutable() system call changes currently mapped pages in the region to be marked immutable, which means their protection or mapping may not be changed in the future. mmap(2), mprotect(2), and munmap(2) to pages marked immutable will return with error EPERM.

Read more…

Tobias Heider (tobhe@) posted to tech@ asking people with access to the relevant hardware to test updates to the arm64 bootloader code:

From: Tobias Heider <tobhe () openbsd ! org> Date: Fri, 18 Nov 2022 16:57:12 +0000 To: openbsd-tech Subject: Help testing Apple M1/M2 bootloader update Hi all, we are working on automated bootloader and device-tree updates for Apple Silicon machines. This is necessary because both drivers and device trees are moving targets and without a way to update both we end up in situations where drivers suddenly stop working.

Read more…

Even a single kernel oops is never a good thing; it is an indication that something has gone badly wrong in the system somewhere and a straightforward recovery is not possible. But it seems that oopsing a large number of times has the potential to be even worse. To head off problems that might result from repeated oopsing, there is currently work afoot to put an upper limit on the number of times that the kernel can be allowed to oops before just giving up and rebooting.

Libre Arts looks at the GIMP as the 3.0 release approaches.

Releases like this are too rare to disregard and thus all the more to treasure. In one swift motion the team is doing away with floating selections and bringing strokes/outlines for text. But this has been a bumpy road

The Register looks at the discussion around the GNU Tools Infrastructure proposal.

Sourceware, a volunteer group that has been supporting various critical FOSS developer tools for more than two decades, is being courted by The Linux Foundation's Open Source Security Foundation (OpenSSF). The OpenSSF aims to improve open source software security by providing Sourceware projects with more modern IT infrastructure.

But some members of the Sourceware community fear that accepting the help of the OpenSSF would give the corporate Linux world more leverage over FOSS developer tools. They would prefer to seek support from the Software Freedom Conservancy, a charitable non-profit that they believe is better aligned with software freedom.

LWN covered this discussion back in September.

Security updates have been issued by Debian (asterisk, firefox-esr, php-phpseclib, phpseclib, python-django, and thunderbird), Fedora (grub2, samba, and thunderbird), Mageia (firefox, sudo, systemd, and thunderbird), Slackware (freerdp), SUSE (firefox, go1.18, go1.19, kernel, openvswitch, python-Twisted, systemd, and xen), and Ubuntu (expat, git, multipath-tools, unbound, and webkit2gtk).

The merge window for the 6.1 release brought in basic support for writing kernel code in Rust — with an emphasis on "basic". It is possible to create a "hello world" module for 6.1, but not much can be done beyond that. There is, however, a lot more Rust code for the kernel out there; it's just waiting for its turn to be reviewed and merged into the mainline. Miguel Ojeda has now posted the next round of Rust patches, adding to the support infrastructure in the kernel.

Security updates have been issued by Debian (firefox-esr and thunderbird), Fedora (expat, xen, and xorg-x11-server), Oracle (kernel, kernel-container, qemu, xorg-x11-server, and zlib), Scientific Linux (xorg-x11-server), Slackware (firefox, krb5, samba, and thunderbird), SUSE (ant, apache2-mod_wsgi, jsoup, rubygem-nokogiri, samba, and tomcat), and Ubuntu (firefox and linux, linux-aws, linux-aws-hwe, linux-dell300x, linux-hwe, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon).

The LWN.net Weekly Edition for November 17, 2022 is available.

The high-frequency-trading (HFT) industry is rather tight-lipped about what it does and how it does it, but PJ Waskiewicz of Jump Trading came to the Netdev 0x16 conference to try to demystify some of that, especially with respect to its use of networking. He wanted to contrast the needs of HFT with those of the traditional networking as it is used outside of the HFT space. He also has some thoughts on what the Linux kernel could do to help address those needs so that HFT companies could move away from some of the custom code that is currently being developed and maintained by multiple firms in the industry.

Meta has announced the open-source release of part of its internal source-code management system, called Sapling.

Sapling began 10 years ago as an initiative to make our monorepo scale in the face of tremendous growth. Public source control systems were not, and still are not, capable of handling repositories of this size. Breaking up the repository was also out of the question, as it would mean losing monorepo’s benefits, such as simplified dependency management and the ability to make broad changes quickly. Instead, we decided to go all in and make our source control system scale.

Starting as an extension to the Mercurial open source project, it rapidly grew into a system of its own with new storage formats, wire protocols, algorithms, and behaviors. Our ambitions grew along with it, and we began thinking about how we could improve not only the scale but also the actual experience of using source control.

At this point, only the client side of the system has been released; the company "hopes to" release the rest later.

The 6.0.9, 5.15.79, and 5.10.155 stable kernel updates have been released; each contains another set of important fixes.

Security updates have been issued by Debian (grub2, nginx, and wordpress), Red Hat (389-ds-base, bind, buildah, curl, device-mapper-multipath, dnsmasq, dotnet7.0, dpdk, e2fsprogs, grafana-pcp, harfbuzz, ignition, Image Builder, kernel, keylime, libguestfs, libldb, libtiff, libvirt, logrotate, mingw-zlib, mutt, openjpeg2, podman, poppler, python-lxml, qt5, rsync, runc, samba, skopeo, toolbox, unbound, virt-v2v, wavpack, webkit2gtk3, xorg-x11-server, xorg-x11-server-Xwayland, and yajl), SUSE (389-ds, bluez, dhcp, freerdp, jackson-databind, kernel, LibVNCServer, libX11, nodejs12, nodejs16, php7, php8, python-Mako, python-Twisted, python310, sudo, systemd, and xen), and Ubuntu (mako).

A norvég Promon biztonsági cég tette közzé a CVE-2022-40903 számon nyomon követett sérülékenységet, amely kihasználása lehetővé teszi a támadók számára, hogy hozzáférhessenek a kapukódokhoz, és így bejussanak az épületekbe.

The post Egy sérülékenység miatt feltörhetők az Aiphone kaputelefonok first appeared on Nemzeti Kibervédelmi Intézet.

The scalability of Linus Torvalds was a recurring theme during Linux's early years; these days maintainer struggles are a recognized problem within open-source communities in general. It is thus not surprising that Sean Christopherson gave a talk at Open Source Summit Europe (and KVM Forum) with the title "Scaling KVM and its community". The talk mostly focused on KVM for the x86 architecture—the largest and most mature KVM architecture—which Christopherson co-maintains. But it was not a technical talk: most of the content can be applied to other KVM architectures, or even other Linux subsystems, so that they can avoid making the same kinds of mistakes.