LWN.net's Journal
[Most Recent Entries]
[Calendar View]
Tuesday, June 17th, 2014
| Time |
Event |
| 4:19p |
Tuesday's security updates CentOS has updated kernel
(Xen4CentOS: multiple vulnerabilities) and xen (Xen4CentOS: multiple vulnerabilities).
Debian has updated icedove (multiple vulnerabilities), openssl (multiple vulnerabilities), and php5 (code execution).
Fedora has updated kernel (F19:
multiple vulnerabilities).
Gentoo has updated adobe-flash
(multiple vulnerabilities) and cups-filters (multiple vulnerabilities).
openSUSE has updated sendmail (11.4; 12.3, 13.1: denial of service).
SUSE has updated GnuTLS
(SUSE CORE 9: multiple vulnerabilities).
Ubuntu has updated libxml2
(regression in upstream update). | | 7:13p |
Android Root Access Vulnerability Affecting Most Devices (Threatpost) Treatpost reportsthat most Android devices are vulnerable to a privilege
escalation flaw in the kernel. " Researchers at Lacoon Mobile Security are calling the bug “TowelRoot,” because it is the very same vulnerability (CVE-2014-3153) exploited in the latest Android rooting tool developed by George Hotz (Geohot). Successful exploitation of the Linux bug within the Android operating system would give the attacker administrative access to a victim’s phone. Specifically, such access could potentially allow that same attacker to run further malicious code, retrieve files and device data, bypass third-party or enterprise security applications including containers like Samsung’s secure Knox sub-operating system, and establish backdoors for future access on victim devices." | | 8:00p |
LibreOffice bug hunting event The Document Foundation (TDF) has announced a LibreOffice 4.3 bug hunting session on June 20-22. " The community has already made a large
collective effort to make LibreOffice 4.3 the best ever, based on automated
stress tests and structured tests by Quality Assurance volunteers.
Enterprise and individual LibreOffice users can now contribute to the
quality of the best free office suite ever by testing the release candidate
to identify issues in their preferred user scenario." See the wiki
page for more information about the hunt. | | 9:57p |
Poettering: Factory Reset, Stateless Systems, Reproducible Systems & Verifiable Systems On his blog, Lennart Poettering writes about new systemd features that will make it easier to "factory reset" systems back to their initial configuration. By handling /etc and /var differently, it will also support other use cases, such as "stateless" systems that store no persistent configuration, as well as "reproducible" and "verifiable" systems. " Booting up a system without a populated /var is relatively straight-forward. With a few lines of tmpfiles configuration it is possible to populate /var with its basic structure in a way that is sufficient to make a system boot cleanly. systemd version 214 and newer ship with support for this. Of course, support for this scheme in systemd is only a small part of the solution. While a lot of software reconstructs the directory hierarchy it needs in /var automatically, many software does not. In case like this it is necessary to ship a couple of additional tmpfiles lines that setup up at boot-time the necessary files or directories in /var to make the software operate, similar to what RPM or DEB packages would set up at installation time.
Booting up a system without a populated /etc is a more difficult task. In /etc we have a lot of configuration bits that are essential for the system to operate, for example and most importantly system user and group information in /etc/passwd and /etc/group. If the system boots up without /etc there must be a way to replicate the minimal information necessary in it, so that the system manages to boot up fully." |
|