LWN.net's Journal
 
 [Most Recent Entries] [Calendar View]

Wednesday, June 1st, 2016

    Time Event
    4:39p
    Security advisories for Wednesday

    Debian has updated chromium-browser (multiple vulnerabilities) and imagemagick (command execution).

    Debian-LTS has updated php5 (multiple vulnerabilities) and ruby-activemodel-3.2 (validation bypass).

    openSUSE has updated dosfstools (Leap42.1, 13.2: two vulnerabilities), gdk-pixbuf (Leap42.1: three vulnerabilities), libarchive (13.2: code execution), openssh (Leap42.1: three vulnerabilities), p7zip (13.2: code execution), putty (Leap42.1, 13.2: code execution), and virtualbox (Leap42.1; 13.2: unspecified).

    Oracle has updated ntp (OL7; OL6: multiple vulnerabilities), openssl (OL5: multiple vulnerabilities), squid (OL7; OL6: multiple vulnerabilities), and squid34 (OL6: multiple vulnerabilities).

    Red Hat has updated chromium-browser (RHEL6: multiple vulnerabilities).

    Scientific Linux has updated openssl (SL5: code execution).

    SUSE has updated cyrus-imapd (SLES12-SP1; SLE11-SP4: multiple vulnerabilities) and java-1_6_0-ibm (SLEM for LS12: multiple vulnerabilities).

    Ubuntu has updated dosfstools (two vulnerabilities), kernel (14.04: multiple vulnerabilities), libgd2 (multiple vulnerabilities), and lxd (16.04, 15.10: two vulnerabilities).

    5:33p
    The CoreOS "Torus" distributed storage system
    CoreOS has announced
    a new project called Torus which is creating a distributed storage system
    for containers. "At its core, Torus is a library with an interface
    that appears as a traditional file, allowing for storage manipulation
    through well-understood basic file operations. Coordinated and checkpointed
    through etcd’s consensus process, this distributed file can be exposed to
    user applications in multiple ways. Today, Torus supports exposing this
    file as block-oriented storage via a Network Block Device (NBD). We also
    expect that in the future other storage systems, such as object storage,
    will be built on top of Torus as collections of these distributed files,
    coordinated by etcd.    " The project is quite young, and the current
    release is a "prototype version."
    6:46p
    Announcing the Open Source License API
    The Open Source Initiative (OSI) has announced the Open Source License API,
    to "allow third parties to become
    license-aware, and give organizations the ability to clearly determine if a
    license is, in fact, an Open Source license, from the authoritative source
    regarding Open Source licenses, the OSI.    "
    10:22p
    Fresh stable kernels
    Greg KH has released stable kernels 4.6.1,
    4.5.6, 4.4.12, and 3.14.71. All of them contain important fixes.
    10:55p
    Hertz: Abusing privileged and unprivileged Linux containers
    This
    white paper by Jesse Hertz [PDF]     examines various ways to compromise and
    escape from containers on Linux systems. "A common configuration for
    companies offering PaaS solutions built on containers is to have multiple
    customers’ containers running on the same physical host. By default, both
    LXC and Docker setup container networking so that all containers share the
    same Linux virtual bridge. These containers will be able to communicate
    with each other. Even if this direct network access is disabled (using the
    –icc=false flag for Docker, or using iptables rules for LXC), containers
    aren’t restricted for link-layer traffic. In particular, it is possible
    (and in fact quite easy) to conduct an ARP spoofing attack on another
    container within the same host system, allowing full middle-person attacks
    of the targeted container’s traffic.    "
    11:12p
    [$] Containers, pseudo TTYs, and backward compatibility
    There is no doubt that the addition of container technologies to Linux has created a lot of value, allowing workloads to be effectively and efficiently isolated from each other. Implementing these technologies presents a number of challenges, particularly as much of Linux and Unix was designed to use singletons: objects of which there could never ever be more than one, such as host names, network routing tables, or process-ID namespaces. Containers require this design approach to be revised as they need multiple instances of these objects. A singleton that has been causing problems recently is the set of pseudo terminals (TTYs).

    Click below (subscribers only) for the full article from Neil Brown.

    << Previous Day 2016/06/01
    [Calendar]     		Next Day >>

LWN.net   About LJ.Rossia.org