LWN.net's Journal
 
 [Most Recent Entries] [Calendar View]

Friday, December 19th, 2014

    Time Event
    3:14p
    Friday's security advisories

    CentOS has updated glibc (C7: code execution), jasper (C7; C6: three code execution flaws), and kernel (C7: privilege escalation).

    Gentoo has updated znc (two denial of service flaws, one from 2013).

    Oracle has updated glibc (OL7: three vulnerabilities), jasper (OL7; OL6: three code execution flaws), and kernel (OL7; OL5; OL5: privilege escalation).

    Red Hat has updated glibc (RHEL7: code execution) and jasper (RHEL6&7: three code execution flaws).

    Scientific Linux has updated jasper (SL6&7: three code execution flaws).

    Ubuntu has updated kernel (14.04: regression in previous security fix) and kernel (14.10: regression in previous security fix).

    8:35p
    EU to fund Free Software code review (FSFE)
    The Free Software Foundation Europe (FSFE) has commented on the most recent European Union (EU) budget—approved on December 17—that includes €1 million for auditing free-software programs that are used by the EU governmental bodies. The auditing is meant to find and fix security holes in those programs. "Even though these institutions are tightly locked into non-free file formats, much of their infrastructure is based on Free Software.

    'This is a very welcome decision,' says FSFE's president Karsten Gerloff. 'Like most public bodies, the European institutions rely heavily on Free Software for their daily operations. It is good to see that the Parliament and the Commission will invest at least a little in improving the quality and the programs they use.'    "
    9:15p
    Tagged memory and minion cores in the lowRISC SoC
    The lowRISC project, which aims to create and manufacture a fully open-source system-on-chip (SoC) and development board, has released a document on its plans to incorporate tagged memory and minion cores into the SoC. Minion cores are separate I/O processors that can be used to implement various I/O protocols without requiring additional hardware in the design.
    "Tagged memory associates metadata with each memory location and can be used to implement
    fine-grained memory access restrictions. Attacks which hijack control flow can be prevented by
    using this protection to restrict writes to memory locations containing return addresses, function
    pointers, and vtable pointers. Importantly, we anticipate this can be implemented with a worst-
    case performance overhead of a few percent and a similarly low area cost. This fine-grained
    memory protection can be used automatically by the compiler, meaning improved security is
    available to existing programs without source code modifications. We intend to provide tagged
    memory alongside security features which are already commonly deployed such as secure boot,
    encrypted off-chip memory, and cryptographic accelerators.    "

    << Previous Day 2014/12/19
    [Calendar]     		Next Day >>

LWN.net   About LJ.Rossia.org