LWN.net's Journal
 
 [Most Recent Entries] [Calendar View]

Wednesday, December 4th, 2013

    Time Event
    2:44p
    Garrett: Subverting security with kexec
    Matthew Garrett demonstrates how to use the
    kexec() system call     to change parameters in a running kernel.
    "The beauty of this approach is that it doesn't rely on any kernel
    bugs - it's using kernel functionality that was explicitly designed to let
    you do this kind of thing (ie, run arbitrary code in ring 0). There's not
    really any way to fix it beyond adding a new system call that has rather
    tighter restrictions on the binaries that can be loaded. If you're using
    signed modules but still permit kexec, you're not really adding any
    additional security.    "
    5:27p
    Security advisories for Wednesday

    CentOS has updated gimp (C6; C5: code execution) and mod_nss (C6; C5: access with invalid client certificate).

    Fedora has updated monitorix (F18: unspecified vulnerability), python-keyring (F19: weak cryptography), and ruby (F19: code execution).

    Oracle has updated gimp (OL6; OL5: code execution) and mod_nss (OL5; OL6: access with invalid client certificate).

    Red Hat has updated gimp (RHEL5&6: code execution) and mod_nss (RHEL5&6: access with invalid client certificate).

    Scientific Linux has updated 389-ds-base (SL6: denial of service), augeas (SL6: file overwrite and information leak), glibc (SL6: multiple vulnerabilities), libguestfs (SL6: insecure temporary directory), luci (SL6: two vulnerabilities), openssh (SL6: denial of service), pacemaker (SL6: denial of service), php (SL6: multiple vulnerabilities), python (SL6: man in the middle attack), ruby (SL6: code execution), samba (SL6: multiple vulnerabilities), and samba4 (SL6: denial of service).

    Ubuntu has updated EC2 kernel (10.04 LTS: multiple vulnerabilities), kernel (10.04 LTS; 12.04 LTS; 12.10; 13.04: multiple vulnerabilities), linux-lts-quantal (12.04 LTS: multiple vulnerabilities), linux-lts-raring (12.04 LTS: multiple vulnerabilities), linux-lts-saucy (12.04 LTS: multiple vulnerabilities), linux-ti-omap4 (12.04 LTS; 12.10; 13.04: multiple vulnerabilities), and pixman (denial of service).

    6:13p
    [$] Deadline scheduling: coming soon?
    Deadline scheduling was first covered here in 2009. Like much of the code in the realtime tree, though, deadline scheduling appears not to be subject to deadlines when it comes to being merged into the mainline. That said, it seems entirely possible that this longstanding project will land in a stable kernel release fairly soon, so a look at the status of this patch set, and the proposed ABI in particular, seems in order.

    Click below (subscribers only) for the full article from this week's Kernel Page.

    8:07p
    Stable kernel updates
    Greg KH has released stable kernels 3.12.3,
    3.10.22, and 3.4.72. All contain the usual set of
    important fixes.

    << Previous Day 2013/12/04
    [Calendar]     		Next Day >>

LWN.net   About LJ.Rossia.org