Tuesday, March 4th, 2014

Time	Event
2:32p	Red Hat's dynamic kernel patching project It seems that Red Hat, too, has a project working on patching running kernels. "kpatch allows you to patch a Linux kernel without rebooting or restarting any processes. This enables sysadmins to apply critical security patches to the kernel immediately, without having to wait for long-running tasks to complete, users to log off, or scheduled reboot windows. It gives more control over uptime without sacrificing security or stability." It looks closer to ksplice than to SUSE's kGraft in that it patches out entire functions at a time. (Comment on this)
5:28p	Tuesday's security advisories Debian has updated gnutls26 (certificate verification issue). Fedora has updated easy-rsa (F20; F19: weak keys), file (F19: denial of service), and python-tahrir (F20; F19: insecure openid login). Mageia has updated egroupware (remote code execution), gnutls (certificate verification issue), python-logilab-common (multiple unspecified temporary file vulnerabilities), and qt5 (denial of service). Oracle has updated gnutls (OL6; OL5: multiple vulnerabilities). Red Hat has updated activemq (multiple vulnerabilities) and gnutls (RHEL6; RHEL5: certificate verification issue). Scientific Linux has updated gnutls (SL6; SL5: certificate verification issue). Slackware has updated gnutls (certificate verification issue). SUSE has updated gnutls (SLE11 SP3; SLES10 SP3 LTSS; SLES10 SP4 LTSS; SLES11 SP1 LTSS; SLES11 SP2 LTSS: certificate verification issues). Ubuntu has updated gnutls26 (certificate verification issue), php5 (multiple vulnerabilities), and python2.6, python2.7, python3.2, python3.3 (code execution). (Comment on this)
8:30p	SUSE Labs Director Talks Live Kernel Patching with kGraft (Linux.com) Libby Clark talks with Vojtech Pavlik, Director of SUSE Labs, about kGraft. "In this Q&A, Pavlik goes into more detail on SUSE's live kernel patching project; how the kGraft patch integrates with the Linux kernel; how it compares with other live-patching solutions; how developers will be able to use the upcoming release; and the project's interaction with the kernel community for upstream acceptance." (Comment on this)
10:50p	Critical crypto bug leaves Linux, hundreds of apps open to eavesdropping (ars technica) According to this ars technica article, the GnuTLS library has a certificate validation vulnerability that looks awfully similar to the recently patched Apple hole. "This time, instead of a single misplaced 'goto fail' command, the mistakes involve errors with several 'goto cleanup' calls. The GnuTLS program, in turn, prematurely terminates code sections that are supposed to establish secure TLS connections only after the other side presents a valid X509 certificate signed by a trusted source. Attackers can exploit the error by presenting vulnerable systems with a fraudulent certificate that is never rejected, despite its failure to pass routine security checks." (Comment on this)

<< Previous Day

2014/03/04 [Calendar]

Next Day >>