Monday, October 24th, 2016

Time	Event
1:08a	Kernel prepatch 4.9-rc2 The second 4.9 prepatch is out for testing, and Linus is asking for people to test one feature in particular: "My favorite new feature that I called out in the rc1 announcement (the virtually mapped stacks) is possibly implicated in some crashes that Dave Jones has been trying to figure out, so if you want to be helpful and try to see if you can give more data, please make sure to enable CONFIG_VMAP_STACK." (Comment on this)
2:36p	The Linux Foundation Technical Advisory Board election The Linux Foundation's Technical Advisory Board provides the development community (primarily the kernel development community) with a voice in the Foundation's decision-making process. Among other things, the TAB chair holds a seat on the Foundation's board of directors. The next TAB election will be held on November 2 at the Kernel Summit in Santa Fe, NM; five TAB members (½ of the total) will be selected there. The nomination process is open until voting begins; anybody interested in serving on the TAB is encouraged to throw their hat into the ring. (Comment on this)
5:20p	Security advisories for Monday Arch Linux has updated chromium (multiple vulnerabilities), kernel (privilege escalation), linux-lts (privilege escalation), python-django (cross-site request forgery), and python2-django (cross-site request forgery). CentOS has updated bind (C6; C5: denial of service) and bind97 (C5: denial of service). Debian has updated kdepimlibs (HTML injection). Debian-LTS has updated kdepimlibs (HTML injection). Fedora has updated guile (F23: two vulnerabilities), kernel (F24; F23: privilege escalation), php (F24; F23: multiple vulnerabilities), and php-pecl-zip (F24; F23: multiple vulnerabilities). Mageia has updated 389-ds-base (information disclosure), c-ares (code execution), guile (two vulnerabilities), openjpeg (denial of service), and php-ZendFramework (SQL injection). openSUSE has updated Chromium (Leap42.1, 13.2: multiple vulnerabilities), dbus-1 (Leap42.1: code execution), gd (13.2: denial of service), kdump (Leap42.1: denial of service), php5 (13.2: three vulnerabilities), kernel (Leap42.1; 13.1: multiple vulnerabilities), tor (Leap42.1, 13.2: denial of service), and X (Leap42.1: multiple vulnerabilities). Oracle has updated bind (OL6; OL5: denial of service), bind97 (OL5: multiple vulnerabilities), and kernel 4.1.12 (OL7; OL6: privilege escalation), kernel 3.8.13 (OL7; OL6: privilege escalation), kernel 2.6.39 (OL6; OL5: privilege escalation). Red Hat has updated kernel (RHEL7: privilege escalation). SUSE has updated Chromium (SPH for SLE12: multiple vulnerabilities), qemu (SLE12-SP1: multiple vulnerabilities), and kernel (SLE12-SP1; SLE12; SLE11-SP4; SLE11-SP3; SLE11-SP2: privilege escalation). (Comment on this)
6:22p	Valgrind-3.12.0 is available Valgrind 3.12.0 has been released. "3.12.0 is a feature release with many improvements and the usual collection of bug fixes. This release adds support for POWER ISA 3.0, improves instruction set support on ARM32, ARM64 and MIPS, and provides support for the latest common components (kernel, gcc, glibc). There are many smaller refinements and new features. The release notes below give more details." There will be a Valgrind developer room at FOSDEM in Brussels, Belgium, on February 4, 2017. The call for participation is open until December 1. (Comment on this)
10:41p	[$] Dealing with automated SSH password-guessing Just about everyone who runs a Unix server on the internet uses SSH for remote access, and almost everyone who does that will be familiar with the log footprints of automated password-guessing bots. Although decently-secure passwords do much to harden a server against such attacks, the costs of dealing with the continual stream of failed logins can be considerable. There are ways to mitigate these costs. (Comment on this)

<< Previous Day

2016/10/24 [Calendar]

Next Day >>