LWN.net's Journal
 
 [Most Recent Entries] [Calendar View]

Tuesday, December 22nd, 2015

    Time Event
    12:00a
    Android on the desktop: Not really “good,” but better than you’d think (Ars Technica)
    Ars Technica reports
    that Google has plans to bring Android to desktops and laptops. "We've Frankensteined together a little Android desktop setup using a Nexus 9 and a USB keyboard and mouse to see just how easy—or complicated—it was to use what is still formally a "mobile" operating system in a desktop context today, right now, without complicated changes or reconfigurations. It worked, but Android still has a ways to go before it can be called a real desktop operating system—quite a ways, in some cases.

    The biggest affordance Android makes for a desktop OS is that it supports a keyboard and mouse. Any Android device can pair with a Bluetooth mouse and keyboard, and if you want to go the wired route, just about any phone can plug in a mouse and keyboard via a USB OTG cable and a USB hub. Some OEMs even build Android devices with a keyboard and mouse, like the Asus Transformer series, which is a convertible laptop that runs Android.    "
    1:29p
    Green: On the Juniper backdoor
    Here's an
    interesting article     from cryptographer Matthew Green on how the Juniper
    backdoor is the least interesting part of this whole episode. "Thus
    Dual EC is safe only if you assume no tiny bug in the code could
    accidentally leak out 30 bytes or so of raw Dual EC output. If it did, this
    would make all subsequent seeding calls predictable, and thus render all
    numbers generated by the system predictable. In general, this would spell
    doom for the confidentiality of VPN connections. And unbelievably,
    amazingly, who coulda thunk it, it appears that such a bug does exist in
    many versions of ScreenOS, dating to both before and after the
    'unauthorized code' noted by Juniper.    "
    6:50p
    Security updates for Tuesday

    Debian has updated foomatic-filters (command execution).

    Fedora has updated bind (F22: two vulnerabilities), bind-dyndb-ldap (F22: two vulnerabilities), dnsperf (F22: two vulnerabilities), firefox (F22: multiple vulnerabilities), jenkins (F22: multiple vulnerabilities), and kernel (F22: multiple vulnerabilities).

    Oracle has updated jakarta-commons-collections (OL5: code execution).

    Red Hat has updated openstack-ironic-discoverd (RHELOSP6: command execution), openstack-nova (RHELOSP7; RHELOSP5: insecure VM instances), and RHELOSP7 director (RHEL7: two vulnerabilities).

    Scientific Linux has updated abrt and libreport (SL7: multiple vulnerabilities), autofs (SL7: privilege escalation), binutils (SL7: multiple vulnerabilities), chrony (SL7: multiple vulnerabilities), cpio (SL7: denial of service), cups-filters (SL7: code execution), curl (SL7: multiple vulnerabilities), file (SL7: multiple vulnerabilities), git (SL7: code execution), glibc (SL7: privilege escalation), glibc (SL7: multiple vulnerabilities), grep (SL7: heap buffer overrun), grub2 (SL7: Secure Boot circumvention), grub2 (SL7: code execution), jakarta-commons-collections (SL5: code execution), kernel (SL7: multiple vulnerabilities), kernel (SL7: two vulnerabilities), krb5 (SL7: two vulnerabilities), libpng (SL7: two vulnerabilities), libpng12 (SL7: multiple vulnerabilities), libssh2 (SL7: information leak), libxml2 (SL7: multiple vulnerabilities), net-snmp (SL7: denial of service), netcf (SL7: denial of service), NetworkManager (SL7: two vulnerabilities), ntp (SL7: multiple vulnerabilities), openhpi (SL7: world writable /var/lib/openhpi directory), openldap (SL7: unintended cipher usage), openssh (SL7: multiple vulnerabilities), pacemaker (SL7: privilege escalation), pcs (SL7: denial of service), python (SL7: multiple vulnerabilities), realmd (SL7: unsanitized input), rest (SL7: denial of service), rubygem-bundler, rubygem-thor (SL7: installs malicious gem files), squid (SL7: certificate validation bypass), sssd (SL7: memory leak), tigervnc (SL7: two vulnerabilities), unbound (SL7: denial of service), wireshark (SL7: multiple vulnerabilities), and xfsprogs (SL7: information disclosure).

    SUSE has updated bind (SLE12; SLE11SP2,3,4: denial of service), firefox (SLE12SP1; SLE11SP3,4; SLE11SP2: multiple vulnerabilities), rubygem-passenger (SLE12: environment variable injection), strongswan (SLE12SP1: authentication bypass), and kernel (SLE11SP4: multiple vulnerabilities).

    11:49p
    WebExtensions in Firefox 45
    The Mozilla Add-ons blog takes
    a look     at the work going on around the WebExtensions API. "WebExtensions is currently in an alpha state, so while this is a great time to get involved, please keep in mind that things might change if you decide to use it in its current state. Since August, we’ve closed 77 bugs and ramped up the WebExtensions team at Mozilla. With the release of Firefox 45 in March 2016, we’ll have full support for the following APIs: alarms, contextMenus, pageAction and browserAction. Plus a bunch of partially supported APIs: bookmarks, cookies, extension, i18n, notifications, runtime, storage, tabs, webNavigation, webRequest, windows."

    << Previous Day 2015/12/22
    [Calendar]     		Next Day >>

LWN.net   About LJ.Rossia.org