LWN.net's Journal
 
 [Most Recent Entries] [Calendar View]

Thursday, March 19th, 2015

    Time Event
    1:05a
    [$] LWN.net Weekly Edition for March 19, 2015
    The LWN.net Weekly Edition for March 19, 2015 is available.
    1:58p
    Fedora seeks a diversity advisor
    The Fedora project is looking for somebody to become its diversity
    advisor. "The Fedora Diversity Advisor will lead initiatives to assess and
    promote equality and inclusion within the Fedora contributor and user
    communities, and will develop project strategy on diversity issues. The
    Diversity Advisor will also be the point of contact for Fedora’s
    participation in third-party outreach programs and events.    " You
    have to get to the bottom of the announcement to read that this is a
    volunteer position, though they hope to change that someday.
    3:28p
    Security updates for Thursday

    OpenSSL has updates released today, with two vulnerabilities of "High" severity, as described in its advisory. One of the High vulnerabilities is a reclassification of the FREAK vulnerability due to the prevalence of servers with RSA export ciphers available, the other is a denial of service in OpenSSL 1.0.2.

    CentOS has updated freetype (C6: multiple vulnerabilities) and unzip (C6: multiple vulnerabilities).

    Debian has updated file (denial of service).

    Debian-LTS has updated mono (three SSL/TLS vulnerabilities).

    Gentoo has updated python (multiple vulnerabilities, two from 2013).

    Mageia has updated moodle (multiple vulnerabilities).

    openSUSE has updated gdm (13.2: screen lock bypass), glusterfs (13.2: denial of service), and libssh2_org (13.2, 13.1: information leak).

    Oracle has updated unzip (OL7; OL6: multiple vulnerabilities).

    Red Hat has updated postgresql92-postgresql (RHSC1: multiple vulnerabilities) and unzip (RHEL6&7: multiple vulnerabilities).

    SUSE has updated kernel (SLE12: multiple vulnerabilities).

    6:11p
    Docker security in the future (Opensource.com)
    Over at Opensource.com, Daniel Walsh writes about applying various Linux security technologies to Docker containers. In the article, he looks at using user namespaces and seccomp filters to provide better security for Docker. "One of the problems with all of the container separation modes described here and elsewhere is that they all rely on the kernel for separation. Unlike air gapped computers, or even virtual machines, the processes within the container can talk directly to the host kernel. If the host kernel has a kernel vulnerability that a container can access, they might be able to disable all of the security and break out of the container.

    The x86_64 Linux kernel has over 600 system calls, a bug in any one of which could lead to a privilege escalation. Some of the system calls are seldom called, and should be eliminated from access within the container.    "

    << Previous Day 2015/03/19
    [Calendar]     		Next Day >>

LWN.net   About LJ.Rossia.org