[Most Recent Entries] [Calendar View]
Wednesday, December 11th, 2013
| Time | Event |
| 2:28p | Cook: live patching the kernel Over on his blog, kernel security developer Kees Cook has a description of live patching the kernel to disable the kexec system call in older kernels. The idea is to be able to turn off kexec without rebuilding the older kernels (future kernels may be able to use the proposed /proc/sys/kernel/kexec_disabled). He examines several possible routes (ksplice, systemtap) before deciding on a more direct approach. "So, finally, I decided to just do it by hand, and wrote a friendly kernel rootkit. Instead of dealing with flipping page table permissions on the normally-unwritable kernel code memory, I borrowed from PaX’s KERNEXEC feature, and just turn off write protect checking on the CPU briefly to make the changes." |
| 7:26p | Security advisories for Wednesday CentOS has updated xen (Xen4CentOS: multiple vulnerabilities), php53 (C6; C5: code execution), php (C5: multiple vulnerabilities), and firefox (C5: multiple vulnerabilities). Fedora has updated subversion (F19; F18: two vulnerabilities), maradns (F19; F18: blind spoofing attack), nspr (F19: unsigned integer wrapping), and ruby (F18: code execution). Oracle has updated php53 (OL6; OL5: code execution) and php (OL5: multiple vulnerabilities). Red Hat has updated firefox (RHEL5&6: multiple vulnerabilities), php53 (RHEL5&6: code execution), php (RHEL5: multiple vulnerabilities), and flash-plugin (multiple vulnerabilities). Scientific Linux has updated php53 (SL5&6: code execution), php (SL5: multiple vulnerabilities), and firefox (SL5: multiple vulnerabilities). Ubuntu has updated firefox (multiple vulnerabilities), thunderbird (multiple vulnerabilities), and samba (multiple vulnerabilities). |
| 8:18p | The Launch of AllSeen Alliance (and the Next Generation of Open Collaboration) (The Standards Blog) Andy Updegrove looks at the Linux Foundation's collaborative project, the AllSeen Alliance. "So now let’s look at what it takes to make an Internet of Things possible, comprising the wares and services of many different vendors, and types of vendors. It represents roughly the same goal – to create another type of local area network – but this time, there’s no router. Each thing is its own router, and for every other neighboring thing as well, passing along messages from device to device, and perhaps eventually back out to the Internet. That requires more than just a single interoperable communication standard, and more than just devices that can send and receive signals. It also requires all sorts of different types of companies, and not just laptop vendors, to make the investment and take the risk to enable their respective products." |
| 9:32p | [$] A look at CyanogenMod 11M1 ![[LED color tweaker]](http://lwn.net/images/2013/cm11/cm-ledcolor-s.png)
It has been a year since our last look at
a CyanogenMod release. So when the project announced
the availability CyanogenMod 11M1 — the first of the CM 11.0 experimental
builds — your editor
did not hesitate to dedicate a handset to the cause. After all, what could
possibly go wrong? It turns out that a few things could, but CM11 appears
to be on track to be another solid release regardless.
|
| << Previous Day |
2013/12/11 [Calendar] |
Next Day >> |