Wednesday, May 11th, 2016

Time	Event
7:52a	[$] Two approaches to x86 memory encryption Techniques for hardening the security of running systems often focus on access to memory. An attacker who can write (or even read) arbitrary memory regions will be able to take over the system in short order; even the ability to access small regions of memory can often be exploited. One possible defensive technique would be to encrypt the contents of memory so that an attacker can do nothing useful with it, even if access is somehow gained; this type of encryption clearly requires hardware support. Both Intel and AMD are introducing such support in their processors, and patches to enable that support have been posted for consideration; the two manufacturers have taken somewhat different approaches to the problem, though. (Comment on this)
4:33p	Security advisories for Wednesday Arch Linux has updated cacti (SQL injection) and squid (multiple vulnerabilities). Debian has updated libarchive (code execution) and monotone ovito pdns qtcreator softhsm (regression in previous update). Debian-LTS has updated botan1.10 (regression in previous update). Not all Debian packages are fully supported in Wheezy LTS. See the debian-security-support advisory for details. Fedora has updated glibc (F23: multiple vulnerabilities), graphite2 (F22: multiple vulnerabilities), ntp (F23: multiple vulnerabilities), openssl (F22: multiple vulnerabilities), pgpdump (F23; F22: denial of service), and thunderbird (F22: multiple vulnerabilities). openSUSE has updated compat-openssl098 (Leap42.1: multiple vulnerabilities) and php5 (13.2: multiple vulnerabilities). Red Hat has updated file (RHEL6: multiple vulnerabilities), icedtea-web (RHEL6: applet execution), java-1.8.0-ibm (RHEL6: multiple vulnerabilities), kernel (RHEL6: multiple vulnerabilities), ntp (RHEL6: multiple vulnerabilities), openshift (RHOSE3.1: information disclosure), openssh (RHEL6: multiple vulnerabilities), pcre (RHEL7: multiple vulnerabilities), and qemu-kvm-rhev (RHELOSP5 for RHEL6: code execution). Scientific Linux has updated pcre (SL7: multiple vulnerabilities). Slackware has updated imagemagick (multiple vulnerabilities). SUSE has updated ImageMagick (SOSC5, SMP2.1, SM2.1, SLE11-SP4: multiple vulnerabilities). Ubuntu has updated openjdk-6 (12.04: multiple vulnerabilities). (Comment on this)
4:44p	Stable kernel updates Greg Kroah-Hartman has released stable kernels 4.5.4, 4.4.10, and 3.14.69. All of them contain important fixes. (Comment on this)
6:08p	Mozilla Open Source Support: Now Open To All Projects The Mozilla Open Source Support (MOSS), an award program focused on supporting open source and free software, was launched last year. The first track provided support for software projects that Mozilla uses or relies on. This year MOSS is open "to any open source project in the world which is undertaking an activity that meaningfully furthers Mozilla’s mission." In other words, projects that help to ensure the Internet is a global public resource, open and accessible to all. "So if you think your project qualifies, we encourage you to apply. Applications for the Mission Partners track are open as of today. (Applications for Foundational Technology also remain open.) You can read more about our selection criteria and committee on the wiki. The budget for this track for 2016 is approximately US$1.25 million." (Comment on this)
9:32p	[$] LEDE and OpenWrt The OpenWrt project is perhaps the most widely known Linux-based distribution for home WiFi routers and access points; it was spawned from the source code of the now-famous Linksys WRT54G router more than 12 years ago. In early May, the OpenWrt user community was thrown into a fair amount of confusion when a group of core OpenWrt developers announced that they were starting a spin-off (or, perhaps, a fork) of OpenWrt to be named the Linux Embedded Development Environment (LEDE). It was not entirely clear to the public why the split was taking place—and the fact that the LEDE announcement surprised a few other OpenWrt developers suggested trouble within the team. (Comment on this)

<< Previous Day

2016/05/11 [Calendar]

Next Day >>