LWN.net's Journal
 
 [Most Recent Entries] [Calendar View]

Tuesday, March 10th, 2015

    Time Event
    5:19p
    Tuesday's security updates

    Mandriva has updated kernel (multiple vulnerabilities).

    Oracle has updated 389-ds-base (OL7: multiple vulnerabilities), glibc (OL7: multiple vulnerabilities), hivex (OL7: privilege escalation), openssh (OL7: two vulnerabilities), and pcre (OL7: information leak).

    Red Hat has updated qpid-cpp (RHE MRG for RHEL7; RHE MRG for RHEL6; RHE MRG for RHEL5: multiple vulnerabilities).

    Scientific Linux has updated 389-ds-base (SL6: information disclosure).

    Ubuntu has updated apache2 (multiple vulnerabilities), oxide-qt (14.10, 14.04: multiple vulnerabilities), and firefox (14.10, 14.04, 12.04: regression in previous update).

    7:12p
    Fedora 22 Alpha released
    The Fedora Project has announced the release of Fedora 22 Alpha.
    "The Alpha release contains all the exciting features of Fedora 22's
    editions in a form that anyone can help test. This testing, guided by
    the Fedora QA team, helps us target and identify bugs. When these bugs
    are fixed, we make a Beta release available. A Beta release is
    code-complete and bears a very strong resemblance to the third and
    final release. The final release of Fedora 22 is expected in May.    "
    8:04p
    VMware update to GPL-enforcement suit
    VMware has published
    a statement     on the lawsuit filed by Christoph Hellwig alleging
    copyright infringement. "On March 5, 2015, Software Freedom Conservancy (SFC) announced a lawsuit in Germany, filed by Christoph Hellwig against VMware, alleging a failure to comply with the General Public License (GPL). We believe the lawsuit is without merit, and we are disappointed that the SFC and plaintiff have resorted to litigation given the considerable efforts we have made to understand and address their concerns.

    We see huge value in supporting multiple development methodologies, including free and open source software, and we appreciate the crucial role of free and open source software in the data center. In particular, VMware devotes significant effort supporting customer usage of Linux and F/OSS based software stacks and workloads.    "
    LWN recently covered the lawsuit. (Thanks
    to Emmanuel Seyman)
    9:21p
    Exploiting the DRAM rowhammer bug to gain kernel privileges
    The Project Zero blog looks
    at     the "Rowhammer" bug. "“Rowhammer” is a problem with some
    recent DRAM devices in which repeatedly accessing a row of memory can cause
    bit flips in adjacent rows. We tested a selection of laptops and found that
    a subset of them exhibited the problem. We built two working privilege
    escalation exploits that use this effect. One exploit uses
    rowhammer-induced bit flips to gain kernel privileges on x86-64 Linux when
    run as an unprivileged userland process. When run on a machine vulnerable
    to the rowhammer problem, the process was able to induce bit flips in page
    table entries (PTEs). It was able to use this to gain write access to its
    own page table, and hence gain read-write access to all of physical
    memory.    " (Thanks to Paul Wise)

    << Previous Day 2015/03/10
    [Calendar]     		Next Day >>

LWN.net   About LJ.Rossia.org