LWN.net's Journal
 
 [Most Recent Entries] [Calendar View]

Monday, October 6th, 2014

    Time Event
    12:10a
    The 3.17 kernel is out
    Linus has released the 3.17 kernel, saying "So the past week was fairly calm, and so I have no qualms about releasing 3.17 on the normal schedule." This kernel includes four new system calls (getrandom(), seccomp(), memfd_create(), and kexec_file_load()), a bunch of internal work toward an eventual solution to the "year 2038" problem, multiqueue support in the SCSI layer, and much more.

    Linus indicates that, due to travel, the 3.18 merge window may be longer than usual, but things have not always worked out that way in the past.

    4:38p
    Security advisories for Monday

    CentOS has updated libvirt (C7: two vulnerabilities).

    Debian has updated exuberant-ctags (denial of service), mediawiki (code execution), qemu (multiple vulnerabilities), and qemu-kvm (multiple vulnerabilities).

    Fedora has updated bash (F20: code injection), libvncserver (F19: multiple vulnerabilities), mediawiki (F20; F19: web script injection), nodejs-qs (F20; F19: denial of service), nodejs-send (F20; F19: directory traversal), phpMyAdmin (F20: cross-site scripting), and suricata (F20: denial of service).

    Gentoo has updated bash (multiple vulnerabilities).

    4:45p
    Stable kernel updates
    Greg KH has released stable kernels 3.16.4,
    3.14.20, and 3.10.56. All of them contain important
    fixes throughout the tree.
    8:16p
    The Unpatchable Malware That Infects USBs Is Now on the Loose (Wired)
    The BadUSB attack was demonstrated at the Black Hat security conference,
    but the code was not released at that time. Wired reports
    that two security researchers have released some code. "In a talk at
    the Derbycon hacker conference in Louisville, Kentucky last week,
    researchers Adam Caudill and Brandon Wilson showed that they’ve reverse
    engineered the same USB firmware as [Karsten] Nohl’s SR Labs, reproducing
    some of Nohl’s BadUSB tricks. And unlike Nohl, the hacker pair has also
    published the code for
    those attacks on Github    , raising the stakes for USB makers to either
    fix the problem or leave hundreds of millions of users vulnerable.    "
    LWN covered BadUSB last August. (Thanks to
    Paul Wise)

    << Previous Day 2014/10/06
    [Calendar]     		Next Day >>

LWN.net   About LJ.Rossia.org