LWN.net's Journal
 
 [Most Recent Entries] [Calendar View]

Monday, December 5th, 2016

    Time Event
    12:48p
    Kernel prepatch 4.9-rc8
    The 4.9-rc8 kernel prepatch is out; the final 4.9 release will need one more week. "So if anybody has been following the git tree, it should come as no surprise that I ended up doing an rc8 after all: things haven't been bad, but it also hasn't been the complete quiet that would have made me go 'no point in doing another week'."
    6:38p
    Security advisories for Monday

    Arch Linux has updated chromium (multiple vulnerabilities) and libdwarf (multiple vulnerabilities).

    CentOS has updated firefox (C6; C5: code execution).

    Debian-LTS has updated openafs (information leak).

    Fedora has updated firefox (F25; F24; F23: code execution), gstreamer1-plugins-bad-free (F25: code execution), gstreamer1-plugins-good (F25: code execution), p7zip (F24; F23: denial of service), phpMyAdmin (F25: multiple vulnerabilities), thunderbird (F24: code execution), and xen (F25; F24; F23: multiple vulnerabilities).

    Gentoo has updated busybox (two vulnerabilities), chromium (multiple vulnerabilities), cifs-utils (code execution from 2014), dpkg (code execution), gd (multiple vulnerabilities), libsndfile (two vulnerabilities), libvirt (path traversal), nghttp2 (code execution), nghttp2 (denial of service), patch (denial of service), and pygments (shell injection).

    openSUSE has updated containerd, docker, runc (Leap42.1, 42.2: permission bypass), firefox (two vulnerabilities), java-1_7_0-openjdk (13.1: multiple vulnerabilities), java-1_8_0-openjdk (Leap42.1, 42.2: multiple vulnerabilities), libarchive (Leap42.2; Leap42.1: multiple vulnerabilities), thunderbird (code execution), nodejs4 (Leap42.2: code execution), phpMyAdmin (multiple vulnerabilities), sudo (Leap42.2; Leap42.1: three vulnerabilities), tar (Leap42.1, 42.2: file overwrite), and vim (Leap42.2; Leap42.1, 13.2: code execution).

    Red Hat has updated thunderbird (code execution).

    SUSE has updated qemu (SLE12-SP1: multiple vulnerabilities).

    9:03p
    Bottomley: Using Your TPM as a Secure Key Store
    James Bottomley has posted a tutorial on using the trusted platform module to store cryptographic keys. "The main thing that came out of this discussion was that a lot of this stack complexity can be hidden from users and we should concentrate on making the TPM 'just work' for all cryptographic functions where we have parallels in the existing security layers (like the keystore). One of the great advantages of the TPM, instead of messing about with USB pkcs11 tokens, is that it has a file format for TPM keys (I’ll explain this later) which can be used directly in place of standard private key files."

    << Previous Day 2016/12/05
    [Calendar]     		Next Day >>

LWN.net   About LJ.Rossia.org